PUP detections from MalwareBytes

Page 3 of 3 FirstFirst 123

  1. Posts : 30,094
    Windows 10 Pro x64 [Latest Release Preview]
       #21

    The first word in most of these acronyms is "Potentially", which is of course for the user to decide if the potential Risk, is greater than the actual benefits

    In my IT work I use a number of small apps to solve user issues, Some if not all of these have the potential to be used either illegally or for dubious purposes. I know what the programs do and have confidence that they are safe for me to use, However If I saw one of them on a client system I would strongly suggest that they remove it if they do not know how to use it, (owners of businesses, do not always know what is on the computers they own that are used by employees)

    All of these programs are required and safe for the purposes I use them for ... ... All of them are flagged as PUPs ... I simply click on ignore or store them in password protected ZIP files.
      My Computers


  2. Posts : 9,612
    Win 7 Ultimate 64 bit
       #22

    Malwarebytes tends to be quite annoyingly overzealous when it come to PUP detection. Apparently, they translate "potentially" as "definitely". I've been forced to temporarily disable Malwarebytes when installing or updating FreeFileSync to keep Malwarebytes from automatically blocking the install or update and deleting the installer. Afterwards, like Nigel, I zip the installer to keep it from being deleted by Malwarebytes, although I don't passord protect it (zipping also bypasses Carbonite's exclusion of .exe files).
      My Computer


  3. Posts : 30,094
    Windows 10 Pro x64 [Latest Release Preview]
       #23

    The reason I password protect the zips is dual purpose, It stops any unauthorized user accessing the applications, and it also stops Pro Anti Malware apps from accessing the contents of a Zip archive Which is normal
      My Computers


  4. Posts : 9,612
    Win 7 Ultimate 64 bit
       #24

    Barman58 said:
    The reason I password protect the zips is dual purpose, It stops any unauthorized user accessing the applications, and it also stops Pro Anti Malware apps from accessing the contents of a Zip archive Which is normal
    Your situation is different from mine--I'm the only user, for example--so I can understand you needng to password protect certain files. However, I'm also using the Pro version of Malwarebytes (I have four lifetime licenses grandfathered in) and I have yet to have it or anything else touch anything that has been zipped (I just now took a peek inside one just to be sure).
      My Computer


  5. Posts : 30,094
    Windows 10 Pro x64 [Latest Release Preview]
       #25

    I personally (on all my own devices), use Bitdefender for security, The interesting difference with the commercial suite I use is that PUP/PUA is a warning only - It informs that it is recognising an app that may be an issue, and it gives the option to learn more about the potential issues and the actual program, and gives an option to Quarantine the app or delete it, but the default is always the Stop and Warn

    Also a lot of Pro level network based endpoint security systems will include an option to scan inside Zip, Rar and zipped exe (installers that use Zip Compression), files as they are recognised as a serious threat for transmission of malware and other illegal content (after all a zip file opens easily in Windows these days

    Some companies will also quarantine things like .ISO files until they are mounted and scanned for malicious content
      My Computers


  6. Posts : 9,612
    Win 7 Ultimate 64 bit
       #26

    Barman58 said:
    I personally (on all my own devices), use Bitdefender for security, The interesting difference with the commercial suite I use is that PUP/PUA is a warning only - It informs that it is recognising an app that may be an issue, and it gives the option to learn more about the potential issues and the actual program, and gives an option to Quarantine the app or delay it, but the default is always the Stop and Warn
    Pity Malwarebytes isn't like that. They default to search and destroy. It is possible to change thateach time when manually doing a scan but I have yet to get the default to change permanently for scheduled overnight scans. In the case of FreeFileSync, the developer has removed the PUP from the installer for that very reason yet Malwarebytes will still hit on it.
      My Computer


  7. Posts : 30,094
    Windows 10 Pro x64 [Latest Release Preview]
       #27

    Seems like Malwarebytes, are working from a script, which will speed things up tremendously, but will, as in this case, still block a perfectly safe executable that happens to listed in the refused list. I wonder what would happen if you renamed the executable, would it then be forced to actually test it and find it to be clean and leave it alone ( I doubt the list would be that simple so am not suggesting you try it seriously, as if it was if you named a malware program to some known good name it might ignore it )
      My Computers


  8. Posts : 9,612
    Win 7 Ultimate 64 bit
       #28

    Barman58 said:
    Seems like Malwarebytes, are working from a script, which will speed things up tremendously, but will, as in this case, still block a perfectly safe executable that happens to listed in the refused list. I wonder what would happen if you renamed the executable, would it then be forced to actually test it and find it to be clean and leave it alone ( I doubt the list would be that simple so am not suggesting you try it seriously, as if it was if you named a malware program to some known good name it might ignore it )
    Actually, you may be partially right about that. I used to change the names of .exe, .msi, and .dll files by adding .disable to the end of them (still do for diagnostic purposes and temporary deletions) so Carbonite would automatically upload the without changing the file extension when downloaded later. However, it became a bit complicated for complicated program installers and I found it sometimes faked out Malwarebytes as well. I suspect they use a combination of a "hit list" as well as malware definitions and heuristics. My .zip files have the same file names as the original files but the extension is different.
      My Computer


  9. Posts : 25
    Windows 7 Home Premium 64 bit
       #29

    Hi goodlad, No, I'm sure it doesn't. I think it's the first time that pups have been found. I'm wondering whether I should pay for the Malwarebytes Premium service, go onto MSE and dump McAffee? So many different Anti-virus protection services out there!
      My Computer


 
Page 3 of 3 FirstFirst 123

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:12.
Find Us