Malware.Ransom.Agent.Generic - strongly suspect this is a false positive

[Andy2No2]

MalwareBytes has quarantined part of Quartus 21.1, and flagged it as Malware.Ransom.Agent.Generic.

This seems very unlikely to be true, to me, but since it's such an extreme claim, I don't feel able to get on with what I wanted to do.

I'm trying to use Quartus with VHDPlus as a front end.  I have no reason to suspect either contains malware.  I installed Quartus 21.1 from Intel's website, probably a few months ago, and I installed VHDPlus from their website, within the last couple of weeks.

On maybe the third or fourth use of VHDPlus to compile something, which uses parts of Quartus in batch mode, MalwareBytes decided C:\intelFPGA_lite\21.1\quartus\bin64\quartus_sh.exe contained ransomware, and quarantined it.

 

I really doubt this is true.  What can I do to have it checked?  Can I submit the file to be checked properly?

 

Here is the report, from the MalwareBytes software:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/28/22
Protection Event Time: 3:30 AM
Log File: 886d3a36-5668-11ed-84b8-80c16ef073ca.json

-Software Information-
Version: 4.5.14.210
Components Version: 1.0.1772
Update Package Version: 1.0.61623
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

File: 1
Malware.Ransom.Agent.Generic, C:\intelFPGA_lite\21.1\quartus\bin64\quartus_sh.exe, Quarantined, 0, 392685, 0.0.0, 57240f9677463e6ac333f5a25c4f001c, 95bec250e446dabf0819b9c9fac571f4ac1adb93873917a60eafde3907c68aa1

(end)

 

FWIW, I previously registered with this forum in 2011, but am unable to recover that account, or register again with the same username.

[Andy2No2]

Screenshot and summary report attached.

2022-10-28 MB flags quartus_sh.exe as ransomware.txt

[Andy2No2]

I now see there's a False Positives > Ransomware section.  Presumably, you can move this topic there, if you need to.

 

I've attached  the most recent section of MBAMSERVICE.LOG, which appears to cover it, and the two quarantine files (.quar and .data), in a zip.

MBAMSERVICE.LOG quartus_sh-quarantined.zip

[Porthos]

48 minutes ago, Andy2No2 said:

Presumably, you can move this topic there, if you need to.

Not necessary. I moved it here for best exposure. Your first post , in this case was all that was needed.

[miekiemoes]

Hi,

Thanks for reporting. This will be fixed!

[CarlosOdohui]

On 10/27/2022 at 10:49 PM, miekiemoes said:

Hi,

Thanks for reporting. This will be fixed!

Hi, do you know by any chance when is this patch coming up?
I got the same problem here

[miekiemoes]

This has been fixed already, the moment I responded to this :)

 

Edited to add, if this is still being detected, please post the detection log as you did in the first post, where the exact detection is listed, so we can have a look if this is the same file or something different.

Thanks!

Edited November 10, 2022 by miekiemoes

[Andy2No2]

So, it is agreed that this was a false positive, and is it safe to retrieve quartus_sh.exe from quarantine?

[miekiemoes]

Yes, that's correct :)

[Andy2No2]

Okay.  Thanks.