Jump to content

Some False Positives


Recommended Posts


i have some false positives here is my scan log:

Malwarebytes' Anti-Malware 1.31

Datenbank Version: 1460

Windows 6.0.6001 Service Pack 1

04.12.2008 18:39:55

mbam-log-2008-12-04 (18-39-36).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 50057

Laufzeit: 9 minute(s), 15 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites

  • Staff

MBAM is aggressive against many typical malware install patterns and executable files in user root is one that we see so often that the heuristics here are very aggressive . User root is not a location anything other than folders should be . If you were to put a folder in your user root folder and then these same files in that folder we would not hit any of them as this is not typical malware activity . If this were me I would either make a folder called installers in user root or user docs to store these files .

I cant turn down heuristics and unprotect all of our users so that a very few people can store executables in very odd locations because this is exactly what the bad guys want me to do .

Link to post
Share on other sites

  • Staff
So I shouldn't save any exe-files in the C:\Users\ directory? :D

Not something I would do . Not all executables you put here will be flagged by MBAM , its just that heuristics there are cranked way up to catch the piles of malware that runs from there .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.