Jump to content

MalwareBytes Real-Time Protection blocked CPU-Z install using winget


RandomUserName
Go to solution Solved by Porthos,

Recommended Posts

While trying out winget, the Linux-like software updater for Windows, I used it to update my install of CPUID CPU-Z. Unfortunately, as soon as winget launched the CPUID installer, MalwareBytes Real-Time Protection immediately blocked it claiming it was an exploit affecting Microsoft OneNote. I am confident this is a false positive. Other than disabling RTP, how do I resolve this?

Quote

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/23/23
Protection Event Time: 12:21 PM
Log File: 77c40f04-41d9-11ee-8757-7cd30a80ba00.json

-Software Information-
Version: 4.5.32.271
Components Version: 1.0.2051
Update Package Version: 1.0.74347
License: Premium

-System Information-
OS: Windows 11 (Build 22621.2134)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Users\Jim\AppData\Local\Temp\WinGet\CPUID.CPU-Z.2.06\cpu-z_2.06-en.exe C:\Users\Jim\AppData\Local\Temp\WinGet\CPUID.CPU-Z.2.06\cpu-z_2.06-en.exe \SILENT \NORESTART \LOG=C:\Users\Jim\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir\WinGet-CPUID.CPU-Z.2.06-2023-08-23-12-21-14.513.log, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft OneNote
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Users\Jim\AppData\Local\Temp\WinGet\CPUID.CPU-Z.2.06\cpu-z_2.06-en.exe C:\Users\Jim\AppData\Local\Temp\WinGet\CPUID.CPU-Z.2.06\cpu-z_2.06-en.exe \SILENT \NORESTART \LOG=C:\Users\Jim\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir\WinGet-CPUID.CPU-Z.2.06-2023-08-23-12-21-14.513.log
URL:

 

(end)

 

Link to post
Share on other sites

Just now, RandomUserName said:

Simply changing the Penetration Testing setting to OFF as you suggested for my other issue worked great and allowed winget to perform the install. Thanks for the very quick help!

It is advised not to change any setting from default in that section. To be honest, Most defaults should be left alone.

image.png.b2f9cc3f026facf6144c700e24df5de2.png

  • Like 1
Link to post
Share on other sites

An additional note/explanation about penetration testing setting.

That setting is specific to penetration testing (i.e. not actual threats) so enabling won't really do anything unless the system is tested using third-party testing tools/test exploits.  It is purely for testing purposes to verify that protection is working properly, however, it is not needed for protecting your system from actual malware which is why it is turned off by default.

I hope that helps to clarify things and if there is anything else we might help with please let us know.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.