Jump to content
DSperber

Win7->Win10 upgrade: SetupHost false positive

Recommended Posts

I'm performing an in-place Windows 7 -> Windows 10 upgrade for a friend.  A ways into the preliminary "getting ready" steps there is a popup from Malwarebytes claiming that a ransomware thread has been blocked. Unfortunately, this is a SetupHost.exe file from the Win10 upgrade, so the upgrade simply stops.  The file is quarantined.

I have restored the file, and added an exclusion for it. I hope this time the upgrade gets past this obstacle.

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\$WINDOWS.~BT\Sources\SetupHost.exe, Quarantined, [0], [392685],0.0.0

 

False-Ransomware.txt

Share this post


Link to post
Share on other sites

Attached.

When I added an exclusion for SetupHost.exe sure enough the Win10 upgrade then got past that point and completed normally.

So my friend's machine is now operating under Win10.

 

MBAMSERVICE.LOG

Share this post


Link to post
Share on other sites

Thanks for the log. It confirms this is a false positive as you expected. The exclusion is the correct workaround. We're aware of a code issue which is causing this type of false positive and are working on devising a solution. We apologize for any inconvenience.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.