Jump to content

A false positive: Bitcomet


EugeneB
 Share

Recommended Posts

The problem is that, if I open Malwarebytes, it'll immediately quarantine BitComet again (not understanding what's going on, I've reinstalled it after the first time).

I can restore the quarantined file afterwards, I suppose...

Anyway, thanks for replying so quickly, I'll see what I can do.

Link to post
Share on other sites

  • Staff

Hi,

Yes, you can restore the quarantined file. The detection log also certainly helps.

You can easily find this if you go through Detection History > History > Click the entry where the detection appears. You'll see a "view" icon, and that's where you'll see the detection, where you will be able to export the results (to clipboard, so you can paste it here).

Link to post
Share on other sites

  • Staff

Hi Eugene,

This isn't a false positive. This installer is bundled with additional software, which we call PUP.Optional.InstallCore. Other AVs probably detect this as well.

You can however create an exclusion for this (or temporary disable MBAM) when reinstalling, as PUP means, Potentially Unwanted Program, so it's not really malware. but please be careful and read through the installation screens carefully when it presents additional software to you that isn't Bitcomet (unselect these if you don't want them), as these are often adware.

Link to post
Share on other sites

Allow me to disagree...

Firstly, Malwarebytes deleted TWO files -- one of which (bitcomet.exe) is NOT an installer and isn't bundled with anything. There's absolutely no reason to delete it.

The second file, bitcomet_setup, is indeed an installer, and it's indeed bundled with some kind of antivirus software -- but THE USER IS ASKED WHETHER THEY WANT IT OR NOT. So, again, no reason to quarantine it.

I might add that quarantining the installer isn't much of a problem, as one needs it for a very short time only -- but it'd be great if you could reclassify bitcomet.exe as harmless.

I understand that I can create an exclusion for it, of course, but there is a bigger issue here: keeping it listed as malware is a clearly hostile act towards your fellow IT people (and, judging by their product, fairly good professionals at that).

Link to post
Share on other sites

  • Staff

We actually detect on the installcore component which is a PUP, so this isn't only and always in installers.

This is the same for utorrent, where we detect some versions as PUP.Optional.Opencandy, where the utorrent.exe located in the program files (launcher) is also bundled with OpenCandy.

We can however review the Bitcomet.exe file itself again.

Link to post
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.