Doktor Notor

[FP] - C:\Install directory

12 posts in this topic

Really no idea why's this detected, I have C:\Install directory on my drive where I do store lots of utils, what's wrong with that? :)

Malwarebytes' Anti-Malware 1.21

Verze datab

Share this post


Link to post
Share on other sites

This is also the name of a folder that multiple rogues install out of .

If I whitelist this I am putting one person in front of many thousands that I am protecting .

If you would , please right click that entry and select ignore , it will never turn up in a scan again .

Share this post


Link to post
Share on other sites
This is also the name of a folder that multiple rogues install out of .

If I whitelist this I am putting one person in front of many thousands that I am protecting .

Shrug; it's just rather confusing - there's no risk in having C:\Install directory, it's the stuff in there that matters. I didn't assume this is intended to be detected, that's all... :)

Share this post


Link to post
Share on other sites
Shrug; it's just rather confusing - there's no risk in having C:\Install directory, it's the stuff in there that matters. I didn't assume this is intended to be detected, that's all... :)

I must admit I'm surprised by nosirrah's reply but will bow to his superior knowledge on the matter. If your directory contains utilities why not rename it C:\Utils?

Share this post


Link to post
Share on other sites
If your directory contains utilities why not rename it C:\Utils?

Well yeah, I can rename it to whatever else, that wasn't the point... :) I'm just surprised that such a horribly generic directory name triggers this... Maybe some better description of similar stuff instead of Rogue.Multiple would reduce the possible confusion. :)

Share this post


Link to post
Share on other sites

Rogue.Multiple is the def for all rogue antispyware/antivirus components that belong to more than one rogue application .

It is designed to remove the confusion between multiple rogue families . There are some rogues that have parts for 3 or more rogues and having defs like that would generate what looked like 3 completely different infections at the same time all the while there was only one .

This generic def is a big hammer that prevents the installation of an entire rogue family as every single installer jumps from temp to %ROOTDRIVE%\Install and then installs .

I do not like adding these and remove them once we no longer need them for protection but for now it is doing a lot of good .

Share this post


Link to post
Share on other sites
If I whitelist this I am putting one person in front of many thousands that I am protecting .

If you always detect it, then you are detecting and removing the installers for CompuCom's applications and drivers in their base image. CompuCom is not the only company that uses such a directory in the root of C: to store applications and drivers, so you are making it hard for Malwarebytes to score corporate contracts by always detecting that directory as malware. There either needs to be more advanced checks to determine if the software in this directory is safe, or you need to remove it from defs.

Share this post


Link to post
Share on other sites

If my girlfriend runs malwarebytes anti-malware she will delete this directory. I would remove this database entry, it could make a lot of problems :D

Share this post


Link to post
Share on other sites
If my girlfriend runs malwarebytes anti-malware she will delete this directory. I would remove this database entry, it could make a lot of problems :D

Use the whitelist and no problems.

Share this post


Link to post
Share on other sites
I am also no longer seeing the rogues using it so removing it should not cause a problem .

That's good. They probably figured out that since many of them were doing it, that it was too easy to block the install.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.