Jump to content


Photo

dozens of files equal false positives


  • Please log in to reply
13 replies to this topic

#1 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 April 2012 - 01:57 PM

I've been finding the same group of files all over my company. We have clients all over the state and nearly every machine we scan with MBAM comes up with these results. The files are non-existent on the computers.
I've attached the initial quick scan logs for two computers along with the /developer quick scan logs for the same machines.

Attached Files



#2 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 23 April 2012 - 02:39 PM

Greetings and welcome to our support forums :)

What antivirus and/or endpoint security solution are you using?

I suspect it is Kaseya, and if so, then please either be sure to whitelist Malwarebytes Anti-Malware's 3 main executables from it, all located by default in C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware for x64 systems:

  • mbam.exe
  • mbamgui.exe
  • mbamservice.exe

Also note that if you are running Kaseya's endpoint solution, that the latest released version does not cause this issue as we reported it to them and they corrected it.

Please let me know if this has resolved the problem for you or not.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 24 April 2012 - 10:46 AM

You are correct on Kaseya! I'll give this a shot and see if it helps us. Thanks for the quick reply!

#4 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 24 April 2012 - 12:04 PM

You're welcome :)

Either of the above options I provided should resolve it, but if not, then please do contact your system administrator so that they can get the latest Kaseya endpoint solution installed (which is the recommended option).
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 26 April 2012 - 01:09 PM

Hi Sam, some of the systems I'm running MBAM on do not have Kaseya's endpoint solution. I have some with MSE and some home users with Norton/Symantec. Still getting the same results. Any other ideas?

#6 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 26 April 2012 - 01:58 PM

For the systems not running Kaseya agent at all, I'd recommend posting a developer's log of one of the scans as you did in the first post.

I'll have to get one of our Research team members to take a look for you.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 30 April 2012 - 06:00 AM

Thanks Sam. The files I posted in the first post actually have two different machines. One computer is running the Kaseya agent with the Kaseya anti-virus (re-branded AVG) and one machine runs the Kaseya agent but not their anti-virus (using MSE instead). The Kaseya agent does not manage any virus scans without that re-branded AVG installed.

#8 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 30 April 2012 - 12:44 PM

Ah, OK, so they do all have Kaseya agent installed and running?

If so, then it is the same issue I was referring to, and you'll likely need to upgrade your Kaseya software to the latest version. I don't believe it's related to AVG when used in Kaseya for AV, it's actually older versions of Kaseya agent itself that cause this.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 02 May 2012 - 07:57 AM

I just updated the Kaseya agent on my computer to the newest version and ran a quick scan but got the same results from MBAM.

#10 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 02 May 2012 - 12:11 PM

Thanks for letting me know. I got a bit more detailed info on the issue for you.

Please have your Kaseya admin whitelist mbam.exe in the App Blocker on the server side and that should eliminate it, though you may still want to have your Kaseya admin contact Kaseya Support as this was supposed to be fixed in one of their recent releases.

Also make certain that your Kaseya App Blocker on the server is the latest, as that's the root cause of the detections.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 May 2012 - 06:30 AM

I've opened a support request with Kaseya directing them to this forum thread. I'll let you know what I find out. Thanks

#12 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 04 May 2012 - 09:43 AM

Excellent, thanks for the follow up.

I look forward to hearing back from you, hopefully with good news.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 knwillis

knwillis

    New Member

  • Members
  • Pip
  • 7 posts

Posted 10 July 2012 - 08:24 AM

Still working with Kaseya support. So far, no resolve.

#14 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 14 July 2012 - 11:07 PM

Thanks for keeping me posted. I'm sorry that they haven't been able to correct the problem yet. I hope that they will soon so that you won't have to deal with the issue any longer.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users