Malwarebytes flagged Windows SteadyState behaviour as HIJACK

Look

 

LMAO - wow

Anyways,send those guys a FP report and let'em know that Steadystate is a harmless program.

 

Reported how? all I see is a bunch of registry entries that can be ignored (Mbam can't determine if the user changed it or malware)

 

I didnt pay much attention to the screenshot as Steadystate is harmless period,so anything that came up on scan as you say,should def. be ignored

 

How do you know those registery keys are related to SteadyState? does SteadyState disable task manager?

 

yes. haha

 

let's put microsoft to quarentine lol

 

I am with Cudni on this one. There are no signs of SteadyState in that detection screen, just modified Windows base settings which can also be modified by malware. It is up to the user himself to add these settings he himself has changed in Windows (by using SS) to MBAM ignore list.

 

Does SteadyState still have system wide configuration of settings such as disabling TM, Control Panel, My Computer that sort of thing. Considering the primary role for SS these sort of features make sense and of course as Cudni has already said MBAM is going to flag them as it cannot distinguish between malware or SS that is disabling them.
Add to ignore list will quiet things down.

 

I know, I know I just find it funny

 

Well,

That was the reason why I did not use MBAM, until a friend told me that the ignores can be remembered. MBAM also flags a lot of GPEdit (Policy Management) security settings as suspicious. Some of them are really stupid (the value of the setting means increased security). On the other hand a value filter would only deal with half of these FP's. There are a lot of combo's (one regsitry setting fixing something to be unchangeable by the user, another containing the fixed value). Deep inspecting all those fixed values would be quite complex.

Now I use MBAm and Hitman Pro as second opinion before backing up images

 

yes it is true what kees said cause every time i tweak my registry mbam detects some thing

 

Our official policy has always been to make the detection clear and both the key and value appear right in the scan and log so that advanced users can evaluate the results and use ignore if intentional.

Novice users that have had these same values modified through malware will be rescued.

There is no perfect answer here but the alternative (forcing novice users to figure out disabled functions themselves) is not the right option for the vast majority of our users.