Jump to content

1.0.777 - Adapter Watch False Positive


Recommended Posts

The new beta produced a false positive that I've never gotten before in MB 3 or MB 4.  Here is the info.

image.png.d086ba16b219572a63a75a1eed2d48c8.png

This file has been on my computer for over 2 years and never been flagged before.

This is the zip download for the program Adapter Watch which comes from Nirsoft. 

Thanks,
Bill

Link to post
Share on other sites
14 minutes ago, BillH99999 said:

This file has been on my computer for over 2 years and never been flagged before.

Most tools from Nirsoft are flagged. I would exclude it if you want to keep it.

Link to post
Share on other sites
59 minutes ago, Porthos said:

Most tools from Nirsoft are flagged. I would exclude it if you want to keep it.


Interesting.  I wonder why it was never flagged before.  I will exclude it.

Another thought on this.  I have" automatically quarantine" turned on.  This was not quarantined.  I was surprised.  Is there a reason for that?

Thanks,
Bill

Edited by BillH99999
Link to post
Share on other sites
10 minutes ago, BillH99999 said:

Another thought on this.  I have" automatically quarantine" turned on.  This was not quarantined.  I was surprised.  Is there a reason for that?

Was it a manual scan or a scheduled scan.  Re looked at your screenshot.

Edited by Porthos
Link to post
Share on other sites
5 minutes ago, Porthos said:

I have" automatically quarantine" turned on.  This was not quarantined.  I was surprised.  Is there a reason for that?

Auto quarantine means it will be pre checked on a manual scan for deletion. Auto quarantine is when the real time detection is triggered.

Link to post
Share on other sites
8 minutes ago, Porthos said:

Auto quarantine means it will be pre checked on a manual scan for deletion. Auto quarantine is when the real time detection is triggered.

Not sure I understand.   In the first sentence you seem to be saying auto quarantine applies to a manual scan while in the second you seem to be saying it applies to real time detection.  Is a manual threat scan considered part of real time detection?

I didn't see anything pre-checked for deletion. It was prechecked and the options were close or quarantine.

Here is what the report looked like.

image.png.ba201c50432a28f70c6de3aea5cffbe7.png

 

I hadn't seen before, but it says 1 items ignored and no action taken.

Why would it be ignored rather than quarantined?  

Bill

 

Edited by BillH99999
Link to post
Share on other sites
1 hour ago, BillH99999 said:

didn't see anything pre-checked for deletion.

You see the checkmarks from your screenshot below... If auto quarantine was off those boxes would be clear. I did the same scan on my computer  after I downloaded the same file  and did a threat scan my results looked the same.

 

image.png.d086ba16b219572a63a75a1eed2d48

 

Link to post
Share on other sites

Hi guys. This was a False Positive detection which will be fixed. It will take a little while for the new database to be published and propagate to your system.

As Porthos says though, many Nirsoft utilities can be detected, though typically as riskware. This was caught by our machine learning technology.

Link to post
Share on other sites
8 minutes ago, Porthos said:

You see the checkmarks from your screenshot below... If auto quarantine was off those boxes would be clear. I did the same scan on my computer  after I downloaded the same file  and did a threat scan my results looked the same.

 

image.png.d086ba16b219572a63a75a1eed2d48

 

OK, so I now do I have it right?  

When the auto quarantine setting is turned on:

For manual scans it will pre-check items for quarantine rather than for deletion (since there is no option for deletion on that screen).  Nothing is actually automatically quarantined. 

For real-time detections items will be automatically quarantined.

For shceduled scans the setting does not apply.  Auto quarantine is only done if the scheduled scan settings say to auto quarantine.

Thanks,
Bill

Link to post
Share on other sites
7 minutes ago, tetonbob said:

Hi guys. This was a False Positive detection which will be fixed. It will take a little while for the new database to be published and propagate to your system.

As Porthos says though, many Nirsoft utilities can be detected, though typically as riskware. This was caught by our machine learning technology.

Thanks!

Bill

Link to post
Share on other sites
1 minute ago, BillH99999 said:

OK, so I now do I have it right?  

When the auto quarantine setting is turned on:

For manual scans it will pre-check items for quarantine rather than for deletion (since there is no option for deletion on that screen).  Nothing is actually automatically quarantined. 

For real-time detections items will be automatically quarantined.

For shceduled scans the setting does not apply.  Auto quarantine is only done if the scheduled scan settings say to auto quarantine.

Thanks,
Bill

You got it.👍

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.