Jump to content

Possible False Positives


TheDrgn

Recommended Posts

Hi, I was wondering if I could get conformation that these are false positives. I am running a free trial of Malwarebytes premium at the moment and I turned on the "Use expert system algorithms to identify malicious files." Then I left it on a full custom scan (C, D, and E drives with all options on) and I let it run while I was away.  

When I came back I saw that it had 10 file detections: 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/20/21
Scan Time: 1:29 PM
Log File: 140c442c-b9aa-11eb-9fd7-8c04ba992800.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40702
License: Trial

-System Information-
OS: Windows 10 (Build 19043.985)
CPU: x64
File System: NTFS
User: DESKTOP-0U77RA8\510co

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 686239
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 48 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 10
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{2BFB2C26-CC8B-4F2B-B5C9-E2131DEFED5C}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, C2565BCCA73137DD2D3C2F7C268B47B0, 6C544FEED9B986FDC3FFC815FD512A89ADFDFE0A044787DEE33F5A5E0B62B207
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{822AAF78-06DB-4C14-85A2-BCE22E3B81A9}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, CE2652E8222DC72EE05AFC208408F1EB, 45E98EBC6C1842B230188CC723D1F8686AF04B3FB43B5236C35123C7D7AEFB05
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{A4114DAF-C7EB-477F-B984-8A45FBA745E3}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, CCC707703DCA3D3BC914E4111FD086DD, 8BBBC6E00ACEC987D12EE4C9208E347EEB8544DF2C4F76A4A2D17910E3033051
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{342330C8-D6E1-4522-AF15-2E457BC58464}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, 98C1A5C6788D06FAC4DDBD1829CECD10, 628284D1EA59EAF16B9D068D1FA9F4D69B0A9410F9A956B9ADD031EB3EEEC6CA
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{8C91E386-C6DD-4387-AD74-415895342AE5}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, B8CF2E07B6461FADFE6B8F13D3E8BA28, 87B435984155D61C8594B7ACD8002ABC4CB69EB34A31D48F61199243323BFCB8
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{A5015A20-3D3D-427D-9783-73FB369BD6B9}\ISSETUP.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003E9, dds, 01253903, 7C64586830766A39F5255429B442CFE0, A889348D7A4671B941D665C44E6B551CEDC325CEF3FCE77AE0A4690548502ED0
Malware.Heuristic.1003, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MICROSOFT.VISUALSTU#\A62478EFA06D171B98CCCE5EFE8FF2CE\MICROSOFT.VISUALSTUDIO.TOOLS.OFFICE.HOSTADAPTER.V10.0.NI.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003EB, dds, 01253903, BDD49153589DDE19C50DD5C65A3A64F1, 8D2EB7B17DE7B101F805478724776AA9CFE4FE3EB4E590C67F9C1B7DC7A86C99
Malware.Heuristic.1003, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MICROSOFT.VISUALSTU#\0E61EA3982597BA829AB0D6EB3051296\MICROSOFT.VISUALSTUDIO.TOOLS.OFFICE.OUTLOOK.HOSTADAPTER.V10.0.NI.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003EB, dds, 01253903, 9719B737F79D17AB9C3D39FA98F76D26, 2A341851DCB3F5E4E9CC4F9C93AA6764F07F62CAA0E943FF4DB061ED3B622F97
Malware.Heuristic.1003, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MICROSOFT.VISUALSTU#\BBA8A039CA75E31E880C129D29EAEFC0\MICROSOFT.VISUALSTUDIO.TOOLS.OFFICE.WORD.HOSTADAPTER.V10.0.NI.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003EB, dds, 01253903, A2E491128D7789EFCB335B562EA20D76, 7FB51DE48371B2EF1A13A82ECCB04D39AE14D46F33E8979288957DCC82AE6F02
Malware.Heuristic.1003, C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MICROSOFT.VISUALSTU#\B0D278F3E0EAD4223F021C1FD0432232\MICROSOFT.VISUALSTUDIO.TOOLS.OFFICE.EXCEL.HOSTADAPTER.V10.0.NI.DLL, Quarantined, 1000001, 0, 1.0.40702, 0000000000000000000003EB, dds, 01253903, 7E7618628119B60C467843BF10027A47, BEFF3307A89CEB64A68192DBE8FFB203F4324CF8DA6717F91BE63432C7FF8C08

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

After doing some digging I believe these are false positives. Since this I have been updating Malwarebytes and running different scans on the each of the locations (both with the expert algorithms option on and off). I have only seen these files flagged with the Expert algorithms option on. I have also scanned the files with Windows defender, McAfee, and Virus total. With Virus total only flagging a few of the ISSETUP.DLL files with 1 warning. Presently I have unquarantined the files. 

1. I want to confirm these are false positives 

2. I want to report this as I know that reporting FP's can help the software improve. 

 

Link to post
Share on other sites

  • Staff

I only looked at the ones that you attached and didn't see malicious behavior so I whitelisted them. I would need the files for the other detections in order to whitelist them. 

Expert algorithms is default off since it can cause more FPs than normal. If you don't mind the FPs and wish to keep this setting on to tune the AI algorithm, it may be good to disable auto-quarantine. This will save you the effort of having to restore a file from quarantine.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.