AlexLeadingEdge
Honorary Members-
Posts
192 -
Joined
-
Last visited
Reputation
2 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
ASUS driver detected as trojan.zloader
AlexLeadingEdge replied to AlexLeadingEdge's topic in File Detections
Thanks CLI. -
ASUS driver detected as trojan.zloader
AlexLeadingEdge replied to AlexLeadingEdge's topic in File Detections
And here is the file. Malwarebytes Business Support wanted me to restore the file back to the workstation and upload it to them. I'm not happy that I'm potentially putting an infected file back onto a workstation, this seems like a really dumb practice. Surely Malwarebytes should be able to upload a file from the local quarantine with (1) restoring the file back to its original location and (2) not interrupting the end user by jumping onto their machine to zip up the file and upload it? ASUSSmartDisplayControl.zip -
ASUS driver detected as trojan.zloader
AlexLeadingEdge replied to AlexLeadingEdge's topic in File Detections
As requested. MWB_LT-ASUS-FX506CHB.jdm.local_Diag_2023_07_24_11_09_02.zip -
Hi guys, I'm not sure if this is a false positive, but would like this checked out as it seems important. Threat name Category Type Endpoint Location Date Trojan.ZLoader Malware file LT-ASUS-FX506CHB.REDACTED.local C:\ESUPPORT\EDRIVER\SOFTWARE\WIN32APP\ASUS\ASUS SMART DISPLAY CONTROL\1.4.8\13598\ASUSSMARTDISPLAYCONTROL.EXE 2023-07-22 06:00:02 AM
-
Thanks for the confirmation, I will restore & create an exclusion.
-
AlexLeadingEdge started following False Positive section for Business Customers? , Soda PDF 11 , Training website blocked - businesscentral.org.nz and 1 other
-
More of a question that a False Positive. We have a client that absolutely loves Soda PDF, but Malwarebytes picks it up as a PUP. Over the weekend a Malwarebytes scan has picked up Soda PDF and ripped it out. The client will be distraught when they find out (I'm not joking!) so I'm trying to pre-empt this before their phone call. Before I restore and whitelist, how do I know that all the following Quarantined detections at the same time are all related to Soda PDF? PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\PROGRAMDATA\SODA PDF DESKTOP 11\INSTALLATION\SODA_PDF_DESKTOP_11_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SodaDesktop11 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\SUPPORT\SODA_PDF_10_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\INTERFACE\{02FEE9C9-5D22-4D32-8529-2921C7CCC385} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP file C:\USERS\REDACTED\DOWNLOADS\SODA_PDF_11_INSTALLER.EXE 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DEFF4C3F-73B6-43C3-A2A2-28B529747811} 2023-06-24 06:00:02 AM PUP.Optional.BundleInstaller PUP reg_key HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{594E3602-3101-44F5-9CFF-11C8093E8ABE} 2023-06-24 06:00:02 AM
-
Training website blocked - businesscentral.org.nz
AlexLeadingEdge replied to AlexLeadingEdge's topic in Website Blocking
Excellent! Thank you! :) -
Training website blocked - businesscentral.org.nz
AlexLeadingEdge replied to AlexLeadingEdge's topic in Website Blocking
I have reported this also via the OneView portal in Ticket #4196970 -
Training website blocked - businesscentral.org.nz
AlexLeadingEdge posted a topic in Website Blocking
Hi guys, This is a training website here in New Zealand that is being picked up as Riskware: www.businesscentral.org.nz -
False Positive: CMC Simulation Software
AlexLeadingEdge replied to AlexLeadingEdge's topic in File Detections
Thanks :) -
Hi guys, I'm pretty sure this is a false positive. It is part of our CMC simulation software, which has been in use for quite a while. Threat name Site Category Endpoint Location Action taken Date Malware.AI.941582366 REDACTED Malware REDACTED C:\PROGRAMDATA\HEXAGON\NCSIMUL INSTALLER\NCSIMUL 2022.0.0\INSTALL\B4B0E0F\CLIENT FILES\NCSIMUL 2022.0\INTERFACES\NCIGES2000.EXE Quarantined 2023-01-01 12:00:01 PM Virus Total says no issues: https://www.virustotal.com/gui/file/e756a00dc8b5312224fb89f30b4e24bacb3f4465059e582e0e0739f8d352ce8e/detection Suspect file is attached. nciges2000.zip
-
Is it worthwhile to have a False Positive section for Business Customers? The initial help I get from the "Malwarebytes for Home Support" section tends to be irrelevant because Malwarebytes Home / Premium and Malwarebytes Nebula / OneView are so radically different. Or should I only open Business Support Tickets instead of posting on this forum?
-
Is there a False Positives section for Business Customers?
-
Thanks Porthos, I have opened a business support ticket.