Code-signed EXE file quarantining after executing other programs.

[RobPerkins]

I am a home office based software developer for my company. Malwarebytes has flagged one of my new Authenticode code-signed EXEs, which was installed using an MSI package, itself also code-signed, as "Ransomware," under the "Malware.Ransom.Agent.Generic" designation. It removed both the EXE and its Desktop shortcut. 

The quarantined file, called "SOLIDCast.EXE", launches a second program called which in turn has a function that launches a third EXE file, which in turn launches a fourth. All four EXE files have user interface elements and appear on the screen. The quarantine does not take place until "LASTIT.EXE" has run for a few seconds. 

In comparison, Malwarebytes does *not* interrupt and quarantine the current commercial version of this software, whose EXE files I am developing a replacement for and which I've also authored. This has been true for over 20 years. The only thing I can think of is that the process launch chain is one EXE greater in the quarantined case. MWB doesn't quarantine any other files. 

The files are proprietary, so I'm not willing to post them on a public forum, but if you supply an alternate way to communicate about this I'll be happy to use it. 

I attempted to download and run your logging installer, but, the installer entered an infinite loop and never completed. So I could use some guidance about that, too. 

[cli]

You can PM me the detected files. Thanks.

[tetonbob]

With regards to this:
 

Quote

I attempted to download and run your logging installer, but, the installer entered an infinite loop and never completed. So I could use some guidance about that, too. 

That issue has been resolved and a new version of the Support Tool has been released. You should not see that issue now.

[gringo_pr]

I am working this case on the Help-desk and it looks to be fixed at this time