Jump to content
DavidMoore

MachineLearning/Anomalous.100% - FALSE POSITIVE

Recommended Posts

Hello,

i'm trying to install a tool used for medical billing on a user's computer in an enterprise environment.  For Skilled Nursing Facility patients on a Fee-for-service medical plan, this pricer is used to take diagnoses codes and turn them into billing codes with a monetary value.  Since medicare guidelines and approved codes change so often, the only way to bill accurately is to use their tool.  In the past I've downloaded them from CMS' website ( https://www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/PCPricer/SNF ).  As of today, our Malwarebytes Endpoint Protection is grabbing the .exe as a malware threat and quarantining them.  Releasing them and trying to run again just loops the process.  I've not found anything on the cloud admin portal where I can go in and white list the file name

I've attached one version (there's one for every year, this is 2020)

How can I get these installed, and tune our endpoint protection to stop grabbing them?

 

SNF FY2020.4 PC.zip

Share this post


Link to post
Share on other sites

Hi,

This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.

This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

Regards

 

 

6FEA71E280EC1838B2DA67F8D9395A85

B16595E4BB27F811460977698FE0A245

Share this post


Link to post
Share on other sites

Hey thisisu,

thank you for the prompt reply!  I've tried deleting the hubblecache file as a domain admin and local admin and both produce this error:

image.png.11b304cf7cc9c3fe2fd081b1b9bebc8c.png

I ended the "Malware Bytes Endpoint Protection" process via taskmanager, there's a "malwarebytes service" process as well that says, "access is denied"

Could this process be what's hindering the ability to delete that cache?

 

Thanks again

Share this post


Link to post
Share on other sites

You need to turn exit Malwarebytes from the tray icon. Right click and choose quit Malwarebytes.

@DavidMoore

 

Edited by Porthos

Share this post


Link to post
Share on other sites

Hey Porthos,

in the cloud based endpoint protection suite, the only option when right clicking the tray icon is to "start a threat scan", which is why i closed the console via task manager.

Share this post


Link to post
Share on other sites
5 minutes ago, DavidMoore said:

Hey Porthos,

in the cloud based endpoint protection suite, the only option when right clicking the tray icon is to "start a threat scan", which is why i closed the console via task manager.

Ah I see. I do not know how to shut it down as I am not familiar with cloud based endpoint.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.