Jump to content
Mark_Albrosco

Machine Learning\Anomolous - ADO_NET_SAMPLE.EXE

Recommended Posts

We're installing SQL Anywhere 16 and Malwarebytes Endpoint Protection quarantined one of the associated .exe files. See below:

Hello Mark Cockburn,

Based on your preferences, you are being notified that a new event has occurred on your account:

 
  • Endpoint Name: hrplusserver.AHLTT.COM
  • Domain/Workgroup: AHLTT.COM
  • IP: 192.168.4.7
  • Scan Date and Time: 11/08/2018 - 12:00:00 PM
  • Scan Type: CustomScan
  • Detections Cleaned: 2
  • Severity: warning
  • Group: Default Group
  • Policy: Default Policy
Displaying 2 of 2 detections below - additional details can be viewed via the Scan Report.
 
Name Type Category Status Path
MachineLearning/Anomalous.100% Reg, Value Malware Quarantined HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\SQL ANYWHERE 16\CE\ASSEMBLY\V2\ADO_NET_SAMPLE.EXE
MachineLearning/Anomalous.100% File Malware Quarantined C:\PROGRAM FILES\SQL ANYWHERE 16\CE\ASSEMBLY\V2\ADO_NET_SAMPLE.EXE

The file is not a threat. It's part of the SQL Anywhere 16 application. Please update the machine learning facility to exclude this file.

I would like to restore this file out of quarantine to ensure that the SQL Anywhere application is not affected and works properly. How can we have this done?

Share this post


Link to post
Share on other sites

In the meantime, on the management console for Malwarebytes, I've added two exclusions: a "Registry Key" exclusion and a "Folder by Path" exclusion.

I just cut and paste the Path values given in the quarantine/scan report.

Can I get confirmation that this is sufficient, while the machine learning facility is updated?

Share this post


Link to post
Share on other sites

Hi,

Sorry for the delay.

Yes, this is the correct way to exclude. Would you mind to zip and attach the file C:\PROGRAM FILES\SQL ANYWHERE 16\CE\ASSEMBLY\V2\ADO_NET_SAMPLE.EXE - so we can also add it to our database of clean files, so it won't be detected anymore?

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.