Jump to content

Some False Positives


delphin136

Recommended Posts

Hello

i have some false positives here is my scan log:

Malwarebytes' Anti-Malware 1.31

Datenbank Version: 1460

Windows 6.0.6001 Service Pack 1

04.12.2008 18:39:55

mbam-log-2008-12-04 (18-39-36).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 50057

Laufzeit: 9 minute(s), 15 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites

MBAM is aggressive against many typical malware install patterns and executable files in user root is one that we see so often that the heuristics here are very aggressive . User root is not a location anything other than folders should be . If you were to put a folder in your user root folder and then these same files in that folder we would not hit any of them as this is not typical malware activity . If this were me I would either make a folder called installers in user root or user docs to store these files .

I cant turn down heuristics and unprotect all of our users so that a very few people can store executables in very odd locations because this is exactly what the bad guys want me to do .

Link to post
Share on other sites

So I shouldn't save any exe-files in the C:\Users\ directory? :D

Not something I would do . Not all executables you put here will be flagged by MBAM , its just that heuristics there are cranked way up to catch the piles of malware that runs from there .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.