Jump to content

Tag That Photo false positive


Recommended Posts

I'm with the Tag That Photo support group and some users are saying that malwarebytes is blocking their installation.

The following files under the Tag That Photo folder are legitimate.

Screenshots attached.1998270296_Schermopname_104_.png.7705265a8aef266bc31b87242094dc3d.png

Schermopname _105_.png

Link to post
Share on other sites
  • Staff

Hi,

It is unclear what the exact detection is as above screenshots are from the exclusions.

Please post the log where the detection is displayed so we can have a look. No screenshots, but logs.

Thanks!

Link to post
Share on other sites

Here is a snippet from the log file but that is all he was able to find...  since he has whitelisted the app now it appears to be working for him.

 

04/16/21    " 09:00:17.074"    56718    1a34    0534    INFO    CleanControllerImpl    mb::cleanctlrimpl::utility::FileSignatureVerifier::IsSignatureValidPerWinVerifyTrustImpl    "filesignatureverifier.cpp"    350    "WinVerifyTrust failed for  file='C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe', result=0x800b0100, last error='Geen handtekening aanwezig in het onderwerp.  (0x800b0100)'"
04/16/21    " 09:00:17.074"    56718    1a34    0534    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::HubbleCache::GetValueFromCache    "hubblecache.cpp"    244    "Found hash 'shuriken|8B045D2AD22044D70088244D055FEB77EF65F84D83B40EFB65F78932AB337ACB' in Hubble cache, white list status = 'WhiteListed'"
04/16/21    " 09:00:17.074"    56718    1a34    0534    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus    "hubblewhitelister.cpp"    245    "Found hash of file 'C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe' in Hubble's cache, value = WhiteListed"
04/16/21    " 09:00:17.074"    56718    1a34    0534    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus    "whitelistmanager.cpp"    296    "White list status: File 'C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe' 8520B2DFF47EEBD330ED99407E46CD36 (shuriken) => Hubble:WhiteListed"
04/16/21    " 09:00:17.074"    56718    1a34    0534    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::WhiteListManager::GetWhiteListStatus::<lambda_4fd8974f0ce770d1d6022064dca8c9fc>::operator ()    "whitelistmanager.cpp"    237    "Completed single object white listing"
04/16/21    " 09:00:37.164"    76796    1a34    1f9c    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "aecontrollerimplhelper.cpp"    2591    "App Injected (TAGTHATPHOTO)"
04/16/21    " 09:00:37.291"    76921    1a34    1f9c    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "aecontrollerimplhelper.cpp"    2591    "App Injected (TAGTHATPHOTO)"

04/16/21    " 09:01:03.850"    103484    1a34    1f9c    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "aecontrollerimplhelper.cpp"    2591    "App Injected (cmd)"
04/16/21    " 09:01:04.050"    103687    1a34    5824    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "aecontrollerimplhelper.cpp"    2591    "App Injected (cmd)"
04/16/21    " 09:01:30.373"    130015    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisImpl::CheckForIrisContent    "irisimpl.cpp"    582    "Checking for Iris content files"
04/16/21    " 09:01:30.378"    130015    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisScheduler::run    "irisimpl.cpp"    998    "Checking for message updates from Iris"
04/16/21    " 09:01:30.378"    130015    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisImpl::IrisCheck    "irisimpl.cpp"    124    "Entering IrisCheck. Checking with Iris for messages."
04/16/21    " 09:01:30.379"    130015    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisImpl::SendIrisRequest    "irisimpl.cpp"    155    "Entering SendIrisRequest with URL (https://iris.mwbsys.com/api/v2/messages/mbam-c/668dac80acd436636bfb1f9d37704b65a4205af8?array_compatibility_mode=true)."
04/16/21    " 09:01:30.381"    130015    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisImpl::SendIrisRequest    "irisimpl.cpp"    187    "Sending Request to Iris Server."
04/16/21    " 09:01:31.040"    130671    1a34    20c4    INFO    IrisImpl    mb::updatecontrollerimpl::IrisImpl::SendIrisRequest    "irisimpl.cpp"    209    "Response from Iris: {""message_collections"":[{""id"":2080,""slug"":""expt149"",""description"":""EXPT149 - Short Term CP AV"",""collection_target_id"":40,""conditions"":[{""rank"":""0"",""ref_id"":""0c4a3ade"",""messages"":[2146],""matching_conditions"":[{""matching_operator"":""geq"",""matching_condition"":""0"",""conditional_parameter"":""default_cohort_group_id""},{""matching_operator"":""leq"",""matching_condition"":""3333"",""conditional_parameter"":""default_cohort_group_id""},{""matching_operator"":""leq"",""matching_condition"":""24"",""conditional_parameter"":""hours_since_clean_installation""},{""matching_operator"":""eq"",""matching_condition"":""en"",""conditional_parameter"":""settings_language""},{""matching_operator"":""eq"",""matching_condition"":""true"",""conditional_parameter"":""avcomp_avast""},{""matching_operator"":""eq"",""matching_condition"":""Trial"",""conditio

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.