Jump to content

dozens of files equal false positives


knwillis

Recommended Posts

I've been finding the same group of files all over my company. We have clients all over the state and nearly every machine we scan with MBAM comes up with these results. The files are non-existent on the computers.

I've attached the initial quick scan logs for two computers along with the /developer quick scan logs for the same machines.

mbam logs.zip

Link to post
Share on other sites

Greetings and welcome to our support forums :)

What antivirus and/or endpoint security solution are you using?

I suspect it is Kaseya, and if so, then please either be sure to whitelist Malwarebytes Anti-Malware's 3 main executables from it, all located by default in C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware for x64 systems:

  • mbam.exe
  • mbamgui.exe
  • mbamservice.exe

Also note that if you are running Kaseya's endpoint solution, that the latest released version does not cause this issue as we reported it to them and they corrected it.

Please let me know if this has resolved the problem for you or not.

Thanks :)

Link to post
Share on other sites

Thanks Sam. The files I posted in the first post actually have two different machines. One computer is running the Kaseya agent with the Kaseya anti-virus (re-branded AVG) and one machine runs the Kaseya agent but not their anti-virus (using MSE instead). The Kaseya agent does not manage any virus scans without that re-branded AVG installed.

Link to post
Share on other sites

Ah, OK, so they do all have Kaseya agent installed and running?

If so, then it is the same issue I was referring to, and you'll likely need to upgrade your Kaseya software to the latest version. I don't believe it's related to AVG when used in Kaseya for AV, it's actually older versions of Kaseya agent itself that cause this.

Link to post
Share on other sites

Thanks for letting me know. I got a bit more detailed info on the issue for you.

Please have your Kaseya admin whitelist mbam.exe in the App Blocker on the server side and that should eliminate it, though you may still want to have your Kaseya admin contact Kaseya Support as this was supposed to be fixed in one of their recent releases.

Also make certain that your Kaseya App Blocker on the server is the latest, as that's the root cause of the detections.

Link to post
Share on other sites

  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.