False positive shown for DriverMax Pro

[SineNomine]

Malwarebytes quarantines files for DriverMax Pro. It is a legitamtate program and safe to use.

[David H. Lipman]

This?

https://www.malwarebytes.com/blog/detections/pup-optional-drivermax

 

[SineNomine]

All that is in that article has not happened to me. Malwarebytes has isolated one file and that is all, which stopped DriverMax from working.

Since using DriverMax near the beginning of the year, I have found it to be a helpful, essential and efficient program for keeping drivers up to date.

The article is for version 11. I'm using 15.1 I've not had any Potentially Unwanted Program notifications.

Malwarebytes quarantined innostp.exe in the main instalation folder, rendering the program unusable till it was restored.

[screen317]

Can you please attach a scan log from Malwarebytes showing the detection? We'll be happy to take a look.

[SineNomine]

Thank you.

This post includes some important information from DriverMax Pro Support.

The history of how I am asking for this to be addressed is because a few days ago, Malwarebytes was preventing a recent Windows Update from being installed. I was getting a "Something did not go as planned" and the installation had to be reversed. Some research revealed that if I uninstall Malwarebytes the update could be installed. Reluctantly I uninstalled knowing it would erase all my whitelisted items and the windows update successfully happened, and I reinstalled Malwarebytes. (That issue should be addressed by Malwarebytes too, I can't replicate it anymore because I solved it). Simpy closing Malwarebytes for the instalation of the Windows update did not work.

Sometime after that as soon as DriverMax Pro found a driver that needed updating, Malwarebytes quarrantined a DriverMax file rendering the program inoperable. I had to reverse the quarantine.

I've been using DriverMax Pro since March 2023, and yes there were problems I discovered in April 2023, and I asked DriverMax if I should be concerned, because Malwarebytes DID find some PUPs. On their advice I whitelisted DriverMax, and since doing that I had no adverse experience of using DriverMax. The program has operated efficiently and not done anything visibly annoying.

Here is a transcript of the dialogue I had with DriverMax Pro Support. (My Request for information is pasted first, followed by DriverMax's Reply. The Reply has some important information).

My Request includes the log at the time from the Malwarebytes software

Dear DriverMax,

MalwareBytes is finding the following and wants to quarrantine. Do I Quarantine or ignore.

Thank you for your assistance.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/23
Scan Time: 8:42 AM
Log File: 1fbf3d42-e6df-11ed-83bd-a8a1596e232d.json

-Software Information-
Version: 4.5.27.262
Components Version: 1.0.1991
Update Package Version: 1.0.68762
License: Premium

-System Information-
OS: Windows 11 (Build 22621.1555)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 350138
Threats Detected: 25
Threats Quarantined: 0
Time Elapsed: 5 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 15
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\.dmx-info, No Action By User, 12922, 811914, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\dmx-info-file, No Action By User, 12922, 811915, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\innodmx, No Action By User, 12922, 811916, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, HKU\S-1-5-21-1246235688-2040418567-2376503442-1001\SOFTWARE\INNOVATIVE SOLUTIONS\DriverMax, No Action By User, 12922, 811919, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverMax Notification, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CBE575CE-65AA-4322-BAA7-BADF13E91B92}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{CBE575CE-65AA-4322-BAA7-BADF13E91B92}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverMaxAgent, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3A18A13-98C5-449F-A195-2648A71664B6}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A3A18A13-98C5-449F-A195-2648A71664B6}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverMaxWelcome, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5D9DE22D-295F-49EB-86A3-5778365991CD}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5D9DE22D-295F-49EB-86A3-5778365991CD}, No Action By User, 12922, 814654, , , , , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\DriverMax, No Action By User, 12922, 811917, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DMX5_is1, No Action By User, 12922, 811918, 1.0.68762, , ame, , , 

Registry Value: 1
PUP.Optional.DriverMax, HKU\S-1-5-21-1246235688-2040418567-2376503442-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DRIVERMAX_RESTART, No Action By User, 12922, 814654, 1.0.68762, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.DriverMax, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVERMAX, No Action By User, 12922, 811906, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, C:\USERS\PC\APPDATA\LOCAL\INNOVATIVE SOLUTIONS\DRIVERMAX, No Action By User, 12922, 812461, 1.0.68762, , ame, , , 
PUP.Optional.DriverMax, C:\USERS\PC\APPDATA\ROAMING\INNOVATIVE SOLUTIONS\DRIVERMAX, No Action By User, 12922, 812462, 1.0.68762, , ame, , , 

File: 6
PUP.Optional.DriverMax, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\DriverMax.lnk, No Action By User, 12922, 811906, , , , , FEF4F56DAAFCE2C730AB041C899FE7F9, 072DC572FE4BC4150B4AD79C1AA4F647DEF9058B899393B3D62DD3AEFCF5E41A
PUP.Optional.DriverMax, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\Uninstall DriverMax.lnk, No Action By User, 12922, 811906, , , , , B4A70C2631741EC854FD8953A96855A1, 2BBA931439608895E67F126B71A032A24E2A291D7EB6C4A8AD876C0024E7FF2F
PUP.Optional.DriverMax, C:\USERS\PC\DESKTOP\DRIVERMAX.LNK, No Action By User, 12922, 811910, 1.0.68762, , ame, , AFBCD31CEFA4D0758D5182E2551197E3, F5E9CC8799727E98F39CEFED2E0757AF26C4027709E1B4E7236301005D6171DC
PUP.Optional.DriverMax, C:\WINDOWS\SYSTEM32\TASKS\DriverMax Notification, No Action By User, 12922, 814654, , , , , A1285253938EDF030973AC4ADE845917, 1A06A958339C4EE4A33116BAE02DDDCF6242AF058104244FE093A6976CCD604D
PUP.Optional.DriverMax, C:\WINDOWS\SYSTEM32\TASKS\DriverMaxAgent, No Action By User, 12922, 814654, , , , , 66BBD441113A31EB45C2A0BF2894DD2B, D4D95819C1347DB2925D9E8C5A8E9C980417DD17DB3BFF95988630C80B41FCA4
PUP.Optional.DriverMax, C:\WINDOWS\SYSTEM32\TASKS\DriverMaxWelcome, No Action By User, 12922, 814654, , , , , 0CB3626AF24972B9F140195D07D0564A, 71A10B15FD1047C3AB7C628E41ECCFBEF22000AA78CF1172E4402DC51387AC72

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Reply from DriverMax Pro

Hi,

Thank you for writing to us. Sorry for the delayed answer. Our programs are FREE of viruses and Trojans.
We are aware of the issue and keep fighting to solve this false positive. AppEsteem, a software company, added us to a malware list. When we contacted them, they removed our software from that list - but it was enough for antivirus companies to list us.

Since January 2023, we have kept sending emails and filling out web forms to remove us from virus databases.
Please try adding our program to your antivirus program's exception list. If you can not do this, please send a false report to its support team. That way, you can help us fix this issue since they are not responding to our messages.

Antivirus companies try to detect as much malware on your PC as possible; otherwise, you wouldn't buy their product. The competition between antivirus companies forced them to sometimes see harmless files as "potential threats". Let's look at cookies: they are not evil at all. Sometimes websites store in cookies your browsing preferences, so they can offer you a better experience next time you visit them. However, you will find many antivirus and antimalware solutions, considering them "malware". This is incorrect, and the same practice applies to other harmful programs. Our suggestion is to report this as a false positive because:

a. You agreed to install DriverMax, and it wasn't deployed on your PC without your knowledge

b. You can deactivate it or stop using it at any time you like - and this is not something malware would allow you to do

c. DriverMax is also listed in the Add / Remove Programs applet of your PC, allowing you to remove it from there as well

d. You were informed about the way DriverMax works

An application should be considered "malware" only if installed on a user's PC without their knowledge or with an improper description of its actions.

If you want to continue using DriverMax, you'll need to follow the steps below to turn off Automatic Quarantine and PUP detection.

1. Open Malwarebytes
2. Click Settings (Gear icon in top right)
3. Click the Security tab
4. Scroll down to Detect Potentially Unwanted Programs (PUPs) and set to Warn User (or Ignore).

Re-install DriverMax and when Malwarebytes shows a detection, choose Always Ignore.

After the installation is complete, run a Threat Scan with Malwarebytes. Un-check any detections for DriverMax in the Scan Results and click Next. Choose 'Always Ignore' when prompted with how to proceed.

Kind regards,
Ane Mari Tache

 

 

MB Scan Report.txt

[Porthos]

46 minutes ago, SineNomine said:

Simpy closing Malwarebytes for the instalation of the Windows update did not work.

You DID NOT have to uninstall Malwarebytes to install the update. You needed to first turn off Malwarebytes from starting with Windows.

Then quit Malwarebytes from the system tray icon.

The update that failed was an optional early preview update for Windows 11.

56 minutes ago, SineNomine said:

I've been using DriverMax Pro since March 2023

 

57 minutes ago, SineNomine said:

Malwarebytes DID find some PUPs.

PUP's are Potentially Unwanted Programs. NOT Malware or Viruses.

58 minutes ago, SineNomine said:

On their advice I whitelisted DriverMax

That is what you should do if you do not agree with Malwarebyte's stance on PUP's and wish to continue using such programs.

1 hour ago, SineNomine said:

I had no adverse experience of using DriverMax.

Good for you. Others have reported over the years about Driver updating programs (in general) causing computer issues including crashes and non-booting computers so Malwarebytes blocks as many of them as they know about.

The same goes for system-optimizing programs and registry cleaners.

Drivers should always come from the maker of the hardware DIRECTLY.

If you and others need to whitelist it again,

To exclude these items you need to perform a scan (a Threat scan should do) and then at the end when it shows the list of detections, uncheck any item that you do not want removed and click Next.  When prompted on what to do with the remaining unchecked items, select Ignore Always and they will be added to your exclusions and will no longer be detected by future scans.

 

[SineNomine]

5 minutes ago, Porthos said:

You DID NOT have to uninstall Malwarebytes to install the update. You needed to first turn off Malwarebytes from starting with Windows.

Then quit Malwarebytes from the system tray icon.

 

Thank you for the information, most appreciated. I'll remember for future use.

7 minutes ago, Porthos said:

 

The update that failed was an optional early preview update for Windows 11.

That's odd I have that option turned off.

 

9 minutes ago, Porthos said:

PUP's are Potentially Unwanted Programs. NOT Malware or Viruses.

I know.

_______________________________________________

Do you have any comment to make on DriverMax, support comment? Are they wrong?

[Porthos]

24 minutes ago, SineNomine said:

Do you have any comment to make on DriverMax, support comment? Are they wrong?

You asked.

1 hour ago, SineNomine said:

Our programs are FREE of viruses and Trojans.

Malwarebytes never said it did.

1 hour ago, SineNomine said:

The competition between antivirus companies forced them to sometimes see harmless files as "potential threats".

It is not listed as a threat but a PUP.

1 hour ago, SineNomine said:

Let's look at cookies: they are not evil at all. Sometimes websites store in cookies your browsing preferences, so they can offer you a better experience next time you visit them. However, you will find many antivirus and antimalware solutions, considering them "malware".

Malwarebytes does not play the Cookie Monster game.

1 hour ago, SineNomine said:

a. You agreed to install DriverMax, and it wasn't deployed on your PC without your knowledge

b. You can deactivate it or stop using it at any time you like - and this is not something malware would allow you to do

c. DriverMax is also listed in the Add / Remove Programs applet of your PC, allowing you to remove it from there as well

d. You were informed about the way DriverMax works

1 hour ago, SineNomine said:

Since January 2023, we have kept sending emails and filling out web forms to remove us from virus databases.

Again, they misunderstand why they are blocked like other driver update programs.

They are blocked simply because they update drivers which is not recommended from any source other than the MFG of the hardware. Not to mention, NO MFG charges for any drivers.

I hope that in the future, you never have to suffer from a bad driver install (I have had to clean install many client computers over the years due to it)and do not have an image backup to restore your system.

That is my unofficial take on the subject.

I have grown to trust Malwarebyte's decision on Potentially Unwanted Programs. My computer thanks me by working without issue.

 

Edited November 28, 2023 by Porthos

[SineNomine]

Thank you for your response, and I understand all you have said.

Agreed Malwarebytes is the best.

I have had only one bad driver install, which I was able to reverse back from and flag it with never update.

Thankfully I do have an image created every day. Actually 2 images, because I don't trust a single software, as well as a system restore point every day.