Jump to content

Final Draft - Possible False Positive


js1428

Recommended Posts

Hello,

My Malwarebytes Premium software, which I have had for quite some time now, suddenly quarantined the file "Final_Draft_libFNP.dll" in the "Final Draft 10" folder in my "Program Files (x86)", citing "Malware.Heuristic.1001." This feels like a false positive, but I would like to check just to be sure.

Thank you!

Capture.JPG.a49402d509daa221f592e08eb755d5b3.JPG

Link to post
Share on other sites

Hi,

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option. This is normally disabled by default.

Could you zip and attach the detected file and the log showing the detection as well please.

Link to post
Share on other sites

  • Root Admin

Hello @js1428

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

Link to post
Share on other sites

Hi @Porthosand @AdvancedSetup,

Thank you both for your replies.

I do have "Use expert system algorithms to identify malicious files" enabled by default (I can't really remember ever changing that setting). I have attached the log showing the detection, but I can't seem to zip and attach the detected file as I have quarantined it just to be sure?

Thank you for your ongoing help!

malware.heuristic.1001.txt

Link to post
Share on other sites

  • 2 weeks later...
2 hours ago, DebiKay said:

Thank you so much

Please turn off "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option to avoid these detections

2021-05-25_19h49_28.png

Edited by Porthos
Link to post
Share on other sites

Thanks, @Porthos, I had done that and gotten Malwarebytes to run with no detections.

However, for various reasons, that adjustment is not something I'm comfortable leaving "off".

 

Sorry -- I should have mentioned that in the first post...that I had turned off that setting, but still request the whitelist.

 

 

Link to post
Share on other sites

1 minute ago, DebiKay said:

However, for various reasons, that adjustment is not something I'm comfortable leaving "off".

Thanks for reporting!

FYI. This setting is in the experimental stage.

That setting is to detect malformed files but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you are able to tell the difference between a FP and a legit detection. 

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Link to post
Share on other sites

4 minutes ago, Porthos said:

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Ah, thank you so much. I didn't even think of that.

Much appreciated!

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.