Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: PUP detections from MalwareBytes

18 May 2018   #21
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

The first word in most of these acronyms is "Potentially", which is of course for the user to decide if the potential Risk, is greater than the actual benefits

In my IT work I use a number of small apps to solve user issues, Some if not all of these have the potential to be used either illegally or for dubious purposes. I know what the programs do and have confidence that they are safe for me to use, However If I saw one of them on a client system I would strongly suggest that they remove it if they do not know how to use it, (owners of businesses, do not always know what is on the computers they own that are used by employees)

All of these programs are required and safe for the purposes I use them for ... ... All of them are flagged as PUPs ... I simply click on ignore or store them in password protected ZIP files.


My System SpecsSystem Spec
.
18 May 2018   #22
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Malwarebytes tends to be quite annoyingly overzealous when it come to PUP detection. Apparently, they translate "potentially" as "definitely". I've been forced to temporarily disable Malwarebytes when installing or updating FreeFileSync to keep Malwarebytes from automatically blocking the install or update and deleting the installer. Afterwards, like Nigel, I zip the installer to keep it from being deleted by Malwarebytes, although I don't passord protect it (zipping also bypasses Carbonite's exclusion of .exe files).
My System SpecsSystem Spec
18 May 2018   #23
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

The reason I password protect the zips is dual purpose, It stops any unauthorized user accessing the applications, and it also stops Pro Anti Malware apps from accessing the contents of a Zip archive Which is normal
My System SpecsSystem Spec
.

18 May 2018   #24
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by Barman58 View Post
The reason I password protect the zips is dual purpose, It stops any unauthorized user accessing the applications, and it also stops Pro Anti Malware apps from accessing the contents of a Zip archive Which is normal
Your situation is different from mine--I'm the only user, for example--so I can understand you needng to password protect certain files. However, I'm also using the Pro version of Malwarebytes (I have four lifetime licenses grandfathered in) and I have yet to have it or anything else touch anything that has been zipped (I just now took a peek inside one just to be sure).
My System SpecsSystem Spec
18 May 2018   #25
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

I personally (on all my own devices), use Bitdefender for security, The interesting difference with the commercial suite I use is that PUP/PUA is a warning only - It informs that it is recognising an app that may be an issue, and it gives the option to learn more about the potential issues and the actual program, and gives an option to Quarantine the app or delete it, but the default is always the Stop and Warn

Also a lot of Pro level network based endpoint security systems will include an option to scan inside Zip, Rar and zipped exe (installers that use Zip Compression), files as they are recognised as a serious threat for transmission of malware and other illegal content (after all a zip file opens easily in Windows these days

Some companies will also quarantine things like .ISO files until they are mounted and scanned for malicious content
My System SpecsSystem Spec
18 May 2018   #26
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by Barman58 View Post
I personally (on all my own devices), use Bitdefender for security, The interesting difference with the commercial suite I use is that PUP/PUA is a warning only - It informs that it is recognising an app that may be an issue, and it gives the option to learn more about the potential issues and the actual program, and gives an option to Quarantine the app or delay it, but the default is always the Stop and Warn
Pity Malwarebytes isn't like that. They default to search and destroy. It is possible to change thateach time when manually doing a scan but I have yet to get the default to change permanently for scheduled overnight scans. In the case of FreeFileSync, the developer has removed the PUP from the installer for that very reason yet Malwarebytes will still hit on it.
My System SpecsSystem Spec
18 May 2018   #27
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

Seems like Malwarebytes, are working from a script, which will speed things up tremendously, but will, as in this case, still block a perfectly safe executable that happens to listed in the refused list. I wonder what would happen if you renamed the executable, would it then be forced to actually test it and find it to be clean and leave it alone ( I doubt the list would be that simple so am not suggesting you try it seriously, as if it was if you named a malware program to some known good name it might ignore it )
My System SpecsSystem Spec
18 May 2018   #28
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by Barman58 View Post
Seems like Malwarebytes, are working from a script, which will speed things up tremendously, but will, as in this case, still block a perfectly safe executable that happens to listed in the refused list. I wonder what would happen if you renamed the executable, would it then be forced to actually test it and find it to be clean and leave it alone ( I doubt the list would be that simple so am not suggesting you try it seriously, as if it was if you named a malware program to some known good name it might ignore it )
Actually, you may be partially right about that. I used to change the names of .exe, .msi, and .dll files by adding .disable to the end of them (still do for diagnostic purposes and temporary deletions) so Carbonite would automatically upload the without changing the file extension when downloaded later. However, it became a bit complicated for complicated program installers and I found it sometimes faked out Malwarebytes as well. I suspect they use a combination of a "hit list" as well as malware definitions and heuristics. My .zip files have the same file names as the original files but the extension is different.
My System SpecsSystem Spec
18 May 2018   #29
turnercj

Windows 7 Home Premium 64 bit
 
 

Hi goodlad, No, I'm sure it doesn't. I think it's the first time that pups have been found. I'm wondering whether I should pay for the Malwarebytes Premium service, go onto MSE and dump McAffee? So many different Anti-virus protection services out there!
My System SpecsSystem Spec
Reply

 PUP detections from MalwareBytes




Thread Tools




Similar help and support threads
Thread Forum
Malwarebytes has a new software- Malwarebytes Anti Exploit
has anyone installed this? https://www.malwarebytes.org/antiexploit/ I got an email from Malwarebytes about it I just installed the free version on my windows 8 and windows 7 test machines so far I am not seeing any problems but then again I just installed it :P anyone else try it?
System Security
Set up Malwarebytes PRO
How often should I setup MBAM PRO to scan and how often should I change my antivirus to scan? I scan using my antivirus every day since I am delusional that I might get a infection. Side note: I finally will get to start using the software that I reccomend but don't use. Yippee!!
System Security
How to report ADWcleaner false positive detections?
Hi, Does anyone know how to report ADWcleaner false positive detections without signing up to the ADWcleaner help forum? I've noticed a couple of problems recently. "Self Destructing Cookies" add on for Cyberfox (Firefox 64bit) was recently being detected but that seems to have been resolved....
General Discussion
is this normal firewall detections?
When using comando and just browsing the internet I get up to 200+ out going connections. I use there DNS and stuff... so maybe thats why but is that alot? 0 incoming.. which I know is the big one... but I also get 225 intrusions blocked... again none are active like getting through but im very...
System Security
Malwarebytes
Hi good folks. Today after 1 year I downloaded the latest version on Malwarebytes and did a scan. My system was clean. I have been using MSE and avast for the past year. Never had a virus or malware in that time to report. However, avast had blocked me from a few sites which I decided to concur...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:59.
Twitter Facebook Google+