AlexLeadingEdge

Thanks CLI.

And here is the file. Malwarebytes Business Support wanted me to restore the file back to the workstation and upload it to them. I'm not happy that I'm potentially putting an infected file back onto a workstation, this seems like a really dumb practice. Surely Malwarebytes should be able to upload a file from the local quarantine with (1) restoring the file back to its original location and (2) not interrupting the end user by jumping onto their machine to zip up the file and upload it? ASUSSmartDisplayControl.zip

As requested. MWB_LT-ASUS-FX506CHB.jdm.local_Diag_2023_07_24_11_09_02.zip

Hi guys, I'm not sure if this is a false positive, but would like this checked out as it seems important. Threat name Category Type Endpoint Location Date Trojan.ZLoader Malware file LT-ASUS-FX506CHB.REDACTED.local C:\ESUPPORT\EDRIVER\SOFTWARE\WIN32APP\ASUS\ASUS SMART DISPLAY CONTROL\1.4.8\13598\ASUSSMARTDISPLAYCONTROL.EXE 2023-07-22 06:00:02 AM

Thanks for the confirmation, I will restore & create an exclusion.

More of a question that a False Positive. We have a client that absolutely loves Soda PDF, but Malwarebytes picks it up as a PUP. Over the weekend a Malwarebytes scan has picked up Soda PDF and ripped it out. The client will be distraught when they find out (I'm not joking!) so I'm trying to pre-empt this before their phone call. Before I restore and whitelist, how do I know that all the following Quarantined detections at the same time are all related to Soda PDF? PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\PROGRAMDATA\SODA PDF DESKTOP 11\INSTALLATION\SODA_PDF_DESKTOP_11_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SodaDesktop11 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\SUPPORT\SODA_PDF_10_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\USERS\REDACTED\DOWNLOADS\SODA_PDF_11_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM

Excellent! Thank you! :)

I have reported this also via the OneView portal in Ticket #4196970

Hi guys, This is a training website here in New Zealand that is being picked up as Riskware: www.businesscentral.org.nz

Thanks :)

Hi guys, I'm pretty sure this is a false positive. It is part of our CMC simulation software, which has been in use for quite a while. Threat name Site Category Endpoint Location Action taken Date Malware.AI.941582366 REDACTED Malware REDACTED C:\PROGRAMDATA\HEXAGON\NCSIMUL INSTALLER\NCSIMUL 2022.0.0\INSTALL\B4B0E0F\CLIENT FILES\NCSIMUL 2022.0\INTERFACES\NCIGES2000.EXE Quarantined 2023-01-01 12:00:01 PM Virus Total says no issues: https://www.virustotal.com/gui/file/e756a00dc8b5312224fb89f30b4e24bacb3f4465059e582e0e0739f8d352ce8e/detection Suspect file is attached. nciges2000.zip

P.S. I want to give special thanks to Porthos for their attempt to help me.

Is it worthwhile to have a False Positive section for Business Customers? The initial help I get from the "Malwarebytes for Home Support" section tends to be irrelevant because Malwarebytes Home / Premium and Malwarebytes Nebula / OneView are so radically different. Or should I only open Business Support Tickets instead of posting on this forum?

Is there a False Positives section for Business Customers?

Thanks Porthos, I have opened a business support ticket.