Jump to content
REGITDept

We are suspecting false positives

Recommended Posts

Dear Malwarebytes,

One of our client today suddenly unable to use anything Office 2016.

I take a look and it seems like it is a false positives.

Please help me take a look into it to make sure that it is a false positives and nothing malicious.

Thanks.

Screenshot 3.jpg

Screenshot 2.jpg

Screenshot 1.jpg

Quarantine.zip logs.zip

Share this post


Link to post
Share on other sites

I have asked for your post to be moved to the FP section so it will get noticed quicker.

Share this post


Link to post
Share on other sites
Posted (edited)

Hi, can you provide the files detected and mbamservicelogs?

Edited by cli

Share this post


Link to post
Share on other sites

@cli Do any of the logs in the first post help. This is an endpoint client.

Share this post


Link to post
Share on other sites

No, it only gives me the detection name and file name and from the quarantine folder, I was able to recover only some of the files.

Share this post


Link to post
Share on other sites
Just now, cli said:

No, it only gives me the detection name and file name and from the quarantine folder, I was able to recover only some of the files.

Just trying to assist the user. Guess we have to wait for the OP to respond.

Share this post


Link to post
Share on other sites

No worries, thanks for trying. :)  While we wait, I'm trying to see if I can find information I need using alternative methods.

Share this post


Link to post
Share on other sites
35 minutes ago, cli said:

Hi, can you provide the files detected and mbamservicelogs?

Dear cli,

Here are the files that was quarantined.

Thanks.

Quarantined.zip

Share this post


Link to post
Share on other sites
1 hour ago, Porthos said:

I have asked for your post to be moved to the FP section so it will get noticed quicker.

Thank you Porthos 😀

Share this post


Link to post
Share on other sites
41 minutes ago, cli said:

Hi, can you provide the files detected and mbamservicelogs?

cli,

Where is this mbamservicelogs that you needed?

Thanks.

Share this post


Link to post
Share on other sites

I believe it's located at "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs". Thanks.

Share this post


Link to post
Share on other sites
4 minutes ago, cli said:

I believe it's located at "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs". Thanks.

cli,

I have included that in the initial post.

Thanks.

Share this post


Link to post
Share on other sites
21 minutes ago, REGITDept said:

cli,

I have included that in the initial post.

Thanks.

I thought there might be additional logs in there.
 

Also, it's odd because I scanned the files in Quarrantined.zip and not seeing any of them being detected. For example, 

windows_wlan.exe - Backdoor.RevengeRAT.MSIL
https://www.virustotal.com/gui/file/da77035d3363da6f57ae6cce593a6cd77ac630f3aff1c94f35df4ea31e3aea71/detection
 

Excel.exe  - Trojan.Malpack.VB

https://www.virustotal.com/gui/file/fa70b41c7e3c7a9122132524a5db3b2f48da9568c36bd97b71e78bc523d2a146/detection

 

I'm going to continue digging.

Share this post


Link to post
Share on other sites
3 minutes ago, cli said:

I thought there might be additional logs in there.
 

Also, it's odd because I scanned the files in Quarrantined.zip and not seeing any of them being detected. For example, 

windows_wlan.exe - Backdoor.RevengeRAT.MSIL
https://www.virustotal.com/gui/file/da77035d3363da6f57ae6cce593a6cd77ac630f3aff1c94f35df4ea31e3aea71/detection
 

Excel.exe  - Trojan.Malpack.VB

https://www.virustotal.com/gui/file/fa70b41c7e3c7a9122132524a5db3b2f48da9568c36bd97b71e78bc523d2a146/detection

 

I'm going to continue digging.

Yes, very weird because it only happened once to only this one client.

Thanks.

Share this post


Link to post
Share on other sites

Can you have that client do another DB update and rescan? Thanks.

Share this post


Link to post
Share on other sites
1 minute ago, cli said:

Can you have that client do another DB update and rescan? Thanks.

After I restored the files, it's not picking up again. Databases is already up to date.

Share this post


Link to post
Share on other sites
Posted (edited)

Oh I see. The client might have had a corrupt database since it was limited to just that client and I wasn't able to reproduce the detection. 

However, please let us know if you're seeing the detection again. Thanks.

Edited by cli

Share this post


Link to post
Share on other sites

That was an odd issue.

Case closed for now.

Thanks for all the help guys 😀

Share this post


Link to post
Share on other sites

Just a tip. May want to see about upgrading to the latest available version. Whitelisting and protection are greatly improved and things like this should not happen with the latest version available. 

Share this post


Link to post
Share on other sites
On 6/25/2020 at 5:16 AM, shadowwar said:

Just a tip. May want to see about upgrading to the latest available version. Whitelisting and protection are greatly improved and things like this should not happen with the latest version available. 

shadowwar,

There is a newer version under the Malwarebytes Endpoint Security?

Thanks.

Share this post


Link to post
Share on other sites

You may want to talk to your business rep but i believe you would have to upgrade to the cloud version. 

 

Share this post


Link to post
Share on other sites
On 7/1/2020 at 10:34 AM, shadowwar said:

You may want to talk to your business rep but i believe you would have to upgrade to the cloud version. 

 

shadowwar,

But isn't this more of a different product than an upgrade? One is cloud-based, and one is on premise based?

We would like to see an update to the on premise.

Thanks.

Share this post


Link to post
Share on other sites
23 minutes ago, REGITDept said:

We would like to see an update to the on premise.

Are these just standalone workstations, how many, or is there a server involved?

Share this post


Link to post
Share on other sites

Please see here:

https://www.malwarebytes.com/upgrade/mbes-to-ep

or

https://www.malwarebytes.com/upgrade/mbes-to-teams

I am just in research so i dont really have the sales knowledge. The product has a client that runs on the machine but is cloud managed. 

 

Malwarebytes Endpoint Security product will be discontinued/end of life  on August 4, 2021

 

Share this post


Link to post
Share on other sites
On 7/2/2020 at 5:47 PM, Porthos said:

Are these just standalone workstations, how many, or is there a server involved?

We are using Malwarebytes Endpoint Security which involved a dedicated on premise server.

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.