Jump to content
DrDESidran

False Positive - My Own Code!

Recommended Posts

I've been using MalwareBytes since the very beginning. But, recently, we're getting plagued by false positives for our own code!

I just did a build of our new game and MalwareBytes tagged it as Ransomeware probably because we use an online Wikia for documentation.

What gives? Is this the case? How can we stop this?

Share this post


Link to post
Share on other sites

Hi,

The antiransomware engine is behavior detection, so it was probably triggered by file-modification/injecting in different files etc etc.

Please zip and attach the actual file that is detected + the Mbamservice.log which is located in the following folder:

C:\ProgramData\Malwarebytes\MBAMService\LOGS

Thanks!

Share this post


Link to post
Share on other sites

Thanks.

This helps to finetune the engine.

Let me know if this is still detected. If so, please make sure/verify it's the correct GSBPArmyEditor.exe you sent, this since the one you attached doesn't seem to have the same exact checksum as in the log you attached.

Share this post


Link to post
Share on other sites
1 minute ago, miekiemoes said:

Hi,

I can't tell for sure, but it's possible why this is triggered.

Well, try to confirm that process.start is the culprit and we'll use another call.

Share this post


Link to post
Share on other sites

Hi,

Yes, I asked someone from our Anti-ransomware team to give some more insight why the trigger happened.

Share this post


Link to post
Share on other sites
Just now, miekiemoes said:

Hi,

Yes, I asked someone from our Anti-ransomware team to give some more insight why the trigger happened.

Thanks.

Share this post


Link to post
Share on other sites

Hi,

We would love to get some additional files from you (the .arw captures)

Can you also zip the folder ARW present in the C:\ProgramData\Malwarebytes\MBAMService folder? 

This file (zipped folder) might be too big to attach here, so can you upload it somewhere, so we can collect it easily?

Thanks!

Share this post


Link to post
Share on other sites
8 minutes ago, miekiemoes said:

Hi,

We would love to get some additional files from you (the .arw captures)

Can you also zip the folder ARW present in the C:\ProgramData\Malwarebytes\MBAMService folder? 

This file (zipped folder) might be too big to attach here, so can you upload it somewhere, so we can collect it easily?

Thanks!

Attached.

MBARW.zip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.