Honeywell Enterprise Provisioner quarantined

[Hounded]

A few days ago I installed Honeywell's Enterprise Provisioner, which is used to generate barcodes that are used to configure wireless barcode scanner terminals. I used the program several times with no problems. Today I launched the program, loaded in three saved XML files that store the terminal configuration and the program started to render the data from the XML files. About that time, the program vanished, Malwarebytes popped up and said it had blocked ransomware and wanted to reboot to finish the job. I rebooted and looked at the log, which showed the executable for the program quarantined. I find it hard to believe that there is any ransomware program that targets this particular program, since it is a very uncommon program for anyone to be running on their PC. The file is C:\Honeywell\EnterpriseProvisioner\provisioner.exe

The ransomware name is Malware.Ransom.Agent.Generic

I should mention that my computer also has the Carbon Black endpoint sensor, required by my company, and it detected nothing.

 

[Porthos]

8 minutes ago, Hounded said:

C:\Honeywell\EnterpriseProvisioner\provisioner.exe

Please zip and attach provisioner.exe and the log showing the detection.

[Hounded]

provisioner.zip

Here it is. The log is also in the zip file.

 

[cli]

Thanks for reporting, this will be fixed in 10 minutes. 

[Hounded]

Do you mean a fix will be put into the next Malwarebytes update so this doesn't get flagged again?

[Porthos]

2 minutes ago, Hounded said:

Do you mean a fix will be put into the next Malwarebytes update so this doesn't get flagged again?

It means it should be not detected now.

If it is detected for you,

Please clear your hubble cache by doing the following:

1. Click on the Malwarebytes icon in the system tray
2. Select "Quit Malwarebytes"
3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
4. Delete the file HubbleCache
5. Open Malwarebytes

 

[Hounded]

Got it. Thanks for the help.