Jump to content

Feature Requests


y0himba

Recommended Posts

Hello. I absolutely love MBAM. However, there are going to be false positives with heuristics. Right now almost all of Nirsoft's utilities are coming up as false positives.

My feature requests are:

An easier way to report false positives. Possibly a button on the alert to send an email or take you to the forums with all the info you need already there to copy or filled in.

An easier way to add to ignore list for both files and IP addresses. Again, possibly a button on the alert dialog that says "Add to Ignore List" which instantly adds it to ignore.

Thanks for the product!

Link to post
Share on other sites

Hello y0himba:

Thanks for your interest and suggestion. I'd request to post your suggestions in Comments and Suggestions. As far false positives are conserned please carefully read False Positives and post them

Should you have any other question(s) please post back

In order to report a false positive, one must scan run mbam.exe /developer then rescans the directory and post a lost file to the forums. Most of the time my false positives are found while the machine is idle and I have not run a scan, I jsut come back and there is a warning. MBAM then locks my machine up requiring a restart.

There should be a much easier way to report false positives, something automated directly from the detection dialog. A button to take you to the forums with ready information.

A single, one step button to report false positives, or an easier way to gain the information needed for a false positive report would be nice.

If I moderator could move this post over to the Comments and Suggestions thread to prevent a double post I would appreciate it.

Link to post
Share on other sites

The tools by Nir Sofer in particular are not FP's. We flag them because they can be, and have been, used by malware to perform malicious actions on a system. We expect that individuals who are using these tools for non-malicious purposes will recognize the detections as they're listed and choose to ignore them since most normal PC users don't use such tools.

The PM does have an "Ignore" button, but it does not add the item to the ignore list and only ignores the detection until the system is rebooted. If you're getting detections from the protection module when the file being detected is not running in memory then it is likely due to SuperFetch if you're using Vista or Windows 7 due to memory caching of processes.

Link to post
Share on other sites

The tools by Nir Sofer in particular are not FP's. We flag them because they can be, and have been, used by malware to perform malicious actions on a system. We expect that individuals who are using these tools for non-malicious purposes will recognize the detections as they're listed and choose to ignore them since most normal PC users don't use such tools.

The PM does have an "Ignore" button, but it does not add the item to the ignore list and only ignores the detection until the system is rebooted. If you're getting detections from the protection module when the file being detected is not running in memory then it is likely due to SuperFetch if you're using Vista or Windows 7 due to memory caching of processes.

Thanks for this answer. I appreciate it and it clears a lot up.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.