Jump to content

Recommended Posts

2 hours ago, 96PGT said:

I had the same problem and put the file in the allow list many many months ago. I recently cleared the list and this false positive (I hope) comes back. I am attaching the file itself and the scan result in the zip.

PE_File+scan result.zip 1.85 MB · 0 downloads

Please turn off "Use expert system algorithms to identify malicious files” It is located in Settings > Security> Scan option to avoid these detection's

 

Link to post
Share on other sites

On 10/24/2021 at 2:24 PM, Porthos said:

Please turn off "Use expert system algorithms to identify malicious files” It is located in Settings > Security> Scan option to avoid these detection's

 

 

 

Sorry if this is a newbie post...I've seen this advice posted multiple times, and not sure why I would want to turn off protections because of false positives from a file from a common vendor (Asus) instead of Malwarebytes keeping up with whitlelisting new versions of this file?  I've seen numerous posts where Malwarebytes committed to whitelisting new versions of this file and would think this would be the best course of action going forward.  I've attached the file updated file from mid-October for a whitelist.

pe_file_asus_falsepositive.zip

Link to post
Share on other sites

5 hours ago, turls88 said:

and not sure why I would want to turn off protections

Because that protection setting should not be on in the first place. It is OFF by default on purpose.

FYI. This setting is in the experimental stage.

That setting is to detect malformed files, but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you can tell the difference between a FP and a legit detection. 

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Thanks for reporting!

Link to post
Share on other sites

20 hours ago, Porthos said:

Because that protection setting should not be on in the first place. It is OFF by default on purpose.

FYI. This setting is in the experimental stage.

 

That setting is to detect malformed files, but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you can tell the difference between a FP and a legit detection. 

 

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

 

Thanks for reporting!

 

Thanks, after digging more into the forums I have a better understanding of the reasoning.  The extenuating circumstance here is that this is the ONLY false positive on my entire system, so I'd rather keep having the exceptions added to the database, instead of turning the protection off altogether, even if it is an experimental setting.  In the past these were added by Malwarebytes (going off of previous forum interactions about this particular ASUS file), but this update is quite old and has (presumably) not been added.

I don't think just whitelisting on my own is a great substitute because what if a future update of this file does become malicious...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.