Jump to content

Likely false positive, please check


Recommended Posts

Getting these possible ransomware warnings for Surelock kiosk software. (42gears company) Please check what's up.

I've been using that software for 3 years but had to reinstall it not from Google Play anymore but as an .apk from the official website.

Will also post this in the general PC section of false positives considering there isn't one for Android.

Screenshot_20230113-151857_Malwarebytes.jpg

Screenshot_20230113-150231_Malwarebytes.jpg

Link to post
Share on other sites

Hello!

Version number in attachment.

With "official website" I meant the developers's page that was sent to me by their e-mail support:

https://www.42gears.com/downloads-page/

I failed to renew my license on time and had to extend it manually, the Google Play version however is stuck in trial mode, so they suggested me to try their apk version, but apart from not working either it also sent Malwarebytes into warning and I let MBAM delete the app.

I'm in contact with their support but obviously they don't control MBAM behavior.

Also, I kinda get why MBAM might flag a kiosk app. But it never did so with the Google Play version.

Thanks for your time and attention. This is actually the first time MBAM Android flagged anything in like 5 years of MBAM subscription/use.

Screenshot_20230113-174410_Malwarebytes.jpg

Edited by Lanto
Link to post
Share on other sites

  • Staff

Hi @Lanto,

Okay, that makes sense now!  

This warning is from our advanced ransomware scanner.  Apps that have elevated privileges and that have been installed using side loading (anything installed outside of Google Play) are flagged as potential ransomware.

Installation from outside the Play Store plus elevated privileges are big red flags. Therefore, we warn our customers that a suspicious app was installed that displays ransomware like properties. It’s up to the user to ignore our warnings or not.

However, in the case of Surelock, we went ahead and added a special exclusion to whitelist it.  It will available on the malware DB release.

Thanks for reaching out,

Link to post
Share on other sites

Thanks for your thorough reply. Surelock (as I newly installed it) is still triggering the same warning, though, so I am not sure if it has been whitelisted correctly. I am currently running a MBAM scan but I might have to add an exclusion myself. I just wonder what happened.

Link to post
Share on other sites

  • Staff

Hi @Lanto,

Thank you for bringing this to our attention. Sorry for the delay.

Surelock is now whitelisted in malware DB 2023.01.16.01.  If you don't already have this malware DB, you can force update Malwarebytes for Android: Manually update database in Malwarebytes for Android

Once again, sorry for the delay,

Edited by mbam_mtbr
Resolution found
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.