Jump to content

False positive Anamolous 100%


Recommended Posts

Hi there,

I have several machines trying to run a custom application but Malwarebytes is preventing the application from running and the files to go to the quarantine.  The file and logs are attached.  

The weird part is, I added a file exclusion and it works for some computers but not others. 

Please white list.

Thanks

 

 

 

CDAC.zip

MBDiagnostics.zip

Link to post
Share on other sites

  • Staff

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.
If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer:
  3. C:\ProgramData\Malwarebytes\MBAMService
  4. and delete the following file only: hubblecache. it doesn't have a file extension
  5. Then you can restart MBAM and the cache file will rebuild on the next scan.
Link to post
Share on other sites

  • Staff

It is called MACHINE LEARNING, not MACHINE KNOWS EVERYTHING.  The Research Engineer investigated and determined it was a false positive,  You pulled 100% from somewhere, but not from what was said.  We are trying to create and improve on a new technology.  If you expect it to be immediate and perfect right out of the gates, I think your expectations may be out of line with reality.  As I said elsewhere, if you have suggestions, please submit them.

Link to post
Share on other sites

  • Staff

It said 100% Anomalous not 100% malicious.
Anomalous means "deviating from what is standard, normal or expected" so the MachineLearning component in MBAM saw something abnormal in that file & nabbed it to protect you. This is part of how it protects against 0-day malware. 
By your reporting though & providing the file, this allows us to fine-tune the MachineLearning so that file won't be hit anymore as Thisisu  & Gonzo said.

Thank you again for reporting.

Link to post
Share on other sites

  • Staff

Hello,

It could have been a number of factors why some machines did not recognise your exclusion. If you are using the Business version, possibly some of the deployed agents had temporary communication issues with your server & didn't get the update you applied.
If you continue to have troubles with your endpoints getting updated settings you apply, I would contact support to help t-shoot.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.