Jump to content

Recommended Posts

Hello there,

We are getting reports from customers to indicate that MalwareBytes has been blocking NXPowerLite Desktop (mac) from working. I am employed by the makers of this software and would like to report these as false positives. Virus total does not see the DMG as a problem (https://www.virustotal.com/gui/file/cd523e578d977c94b9ca3854c4ff57775fcf1d4da9a66d065e6adf7bd8a21ccc) but there could be an issue with the files once they are installed. Users are not blocked from opening the DMG just from using the app once installed.
https://www.virustotal.com/gui/file/cd523e578d977c94b9ca3854c4ff57775fcf1d4da9a66d065e6adf7bd8a21ccc

The software can be downloaded from here; https://www.neuxpower.com/latest/desktop-mac/setup. 

Please can you check it out and reply when it has been whitelisted.

Thanks

Andy

Link to post
Share on other sites

Hello @ADargon:

The NXPowerLiteDesktop91_0.dmg file, with the above SHA-256 hash, is not currently detected by a malware scan with the current releases of Malwarebytes for Mac v4.13.5.4414 / DTBS 4.0.566, nor is the file in question flagged by Malwarebytes Browser Guard v2.3.10 (MBG).

Note: The above download source URL is current flagged with a HTTP 404 error.

If your customers are still seeing the .dmg file flagged by either Malwarebytes product, please reply with a screenshot of the error message.

Thank you.

Edited by 1PW
Link to post
Share on other sites

Hi @1PW,

As I mentioned in the previous post, the DMG is fine but the installed application (NXPowerLite Desktop) is being flagged. When customers exclude the app in your detections tab it allows the app to function properly.

The 404 error happened because there is an erroneous full stop at the end of the URL it should be: https://www.neuxpower.com/latest/desktop-mac/setup

Is there a way to stop the our mac app being flagged.

Thanks!

Link to post
Share on other sites

I just tried installing the NXPowerLite Desktop app, using the installer on the DMG from the VirusTotal link, then launched the app after it was installed. I'm not getting any blocks or detections of any kind from the latest version of Malwarebytes for Mac, and a manual scan doesn't detect anything. Can you provide more information about what's happening? If you've got access to a system where there's some kind of block or detection happening, a screenshot of what's happening would be very useful, as would getting a copy of the quarantine database. The quarantine database is located here:

/Library/Application Support/Malwarebytes/MBAM/Quarantine/quarantine.sqlite

That does not contain any of the actual quarantined files, just information about what has been detected and/or quarantined. However, it could contain information like user name (via the original paths to files detected in the user folder), so it would be best to send that to me directly rather than posting here.

Link to post
Share on other sites

So if you open the app and then drag any PDF/PowerPoint/Word/JPEG etc onto the app and then try to 'Optimize' (compress) it will crash. This crash is being looked into by our developers as it shouldn't crash, but the reason it crashes is that it is blocked at that point by MalwareBytes.

Once the App is excluded from Quarantine then it will work fine.

Thanks

Andy

Link to post
Share on other sites

@treed The customer is on Big Sur 11.6 and has version 4.13.5 of Malwarebytes installed. 
Once you have NXPowerLite Desktop installed you could try right-clicking a support file format to get the NXPowerLite Finder extension options. When you initiate a compression it will not crash but will get an Access Denied error. When NXPowerLite Desktop is excluded from Quarantine then processing of files is allowed. Effectively this is the same issue just a different way of invoking it.

Link to post
Share on other sites

I'm still not able to duplicate that here, with the same versions of Big Sur and Malwarebytes. However, I do see different behavior than on the older system I originally tested with. On the older system, I was able to optimize a PDF. On Big Sur, I was not, regardless of the state of Malwarebytes' real-time protection settings. Here's how I had it set:

269093389_ScreenShot2021-10-21at10_02_49AM.thumb.png.ed3d70cf22331fe76773b5849700d3ae.png

On clicking the Optimize button, I see this:

1886590326_ScreenShot2021-10-21at10_04_28AM.thumb.png.957d368b59474b3808d48c865bb9b426.png

This behavior is identical even with Malwarebytes uninstalled.

My first thought was that this might be due to the fact that the file was on the Desktop, and perhaps NXPowerLite was not able to access it due to TCC restrictions. However, I didn't see any prompts to allow access to the Desktop, and didn't see any process added to the Full Disk Access settings. I also tried moving the file to a location not covered by TCC, and still saw the same issue.

Link to post
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.