Jump to content
siliconman01

InstallShield False Positive ?

Recommended Posts

Hi,

I can't reproduce detection on this, even after extracting the support.cab file as well. I remember this was fixed a few days ago already.

Can you verify if this is still detected? If so, then, Quit malwarebytes from the systemtray.

Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Share this post


Link to post
Share on other sites
15 minutes ago, miekiemoes said:

Hi,

I can't reproduce detection on this, even after extracting the support.cab file as well. I remember this was fixed a few days ago already.

Can you verify if this is still detected? If so, then, Quit malwarebytes from the systemtray.

Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

It is still detected even after deleting HubbleCache per your recommendation.  This is on a Custom scan with "Scan rootkits"  selected and also with "Scan rootkits" not selected.  

It is not detected on a standard routine scan. 

MBAMLogCustomNORootkitScan.txt MBAMLogCustomRootkitScan.txt MBAMLOGStandardScan.txt

Share this post


Link to post
Share on other sites

Hmm, this is weird, as I really can't reproduce detection, even with rootkit scan on.

Can you rightclick the support.cab file and extract it with 7zip? Then scan that support folder and let me know if you get a detection?

This so I know what exact file in that cab file is causing this for you. I've done the same here as well, but it's not detecting any of the contents either.

Thanks!

Share this post


Link to post
Share on other sites

I don't have 7zip on my system...I use WinRar v7.0.  

If I extract Support.Cab using WinRar and scan the extracted folder files, no detection is found.

If I scan Support.cab with heuristics on, I get the detection.

If I scan Support.cab with heuristics OFF, I do not get the detection.

Share this post


Link to post
Share on other sites

 

This is really curious.

I would need more info, so can you zip and attach the MBAMService.LOG, this so I can have a look why it's detecting in your case and not in my case.

You can find this log in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS

 

Share this post


Link to post
Share on other sites

Here is the requested log.

Are you running the newly released component version of MBAM?   The reason I ask is that yesterday I was not getting this false detection.  Today after the component update, I am getting the detection.

 

MBAMVersion.png

MBAMSERVICE.zip

Share this post


Link to post
Share on other sites

Thanks.

I enabled beta updates and get the same detection now, so this might probably be a bug.

I'll address this with development

 

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

This has been confirmed as a bug indeed (as bugs might always happen with beta-versions), so it will be resolved in one of the next Component Updates.

I suggest you temporary exclude this file (folder) from detection for now.

Thanks for your help/feedback on this!

Edited by miekiemoes

Share this post


Link to post
Share on other sites
38 minutes ago, miekiemoes said:

Hi,

This should be fixed now, as CU 1.0.563 has been released.

Thanks!

Fix confirmed.  Thanks again for prompt resolution.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.