Anti Malwarebytes just nuked 20 of our systems with False Positive

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Shadow, one thing you guys can easily change is to turn off default Auto quarantine checkbox.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

What happens when you do and there is a detection?

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

You get an old, well-known MBAM popup alert.

 

Re: Holly freaking shiat AntiMalwarebytes just nuked 20 of our systems with False Positiv

Feel bad...sent you a PM

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

in general: this can happen (and already happend) anytime to any antivirus software. but in case of $5k damage that ~ Snipped as per TOS ~ is guilty by default. a secure system can work without. thats why i liked mcafee some years ago: it had a system32-blocker by default running. and none of the present av's have such option nor can prevent crashing systemfiles, pity.

gpo at least is admins friend, not any software.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

True, The 5k I quoted was the amount of time and resources spent in re-imaging the systems after the system failure. I had to call in extra techs, call the off-site techs to support the other branches, and allow them to charge over-time. The backups were made, the backups were used. Those are not your usual Lockdown systems. We are running computing clusters with users who have elevated rights and thus any Anti-Malware runs with elevated rights. We are not a STIGED office environment so please don't assume you understand my computing enviroment.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

This is something we are looking at very hard as putting additonal safeguards into the client to prevent runaways like this. We are revamping all our backend procedures and fixed a few procedures and filtering systems already.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

I have most of my family on MBAM Pro...it got my pc but the fix worked fine leaving 7 quarantined files which were all on the drive so I deleted and all is well. My oldest son uses Windows Vista and his pc is in trouble...BSOD and in safe mode, black screen. I will work on it this weekend. My wife wasn't harmed at all so we came out okay I think. I won't stop using MBAM Pro...has saved or helped me too many times.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

While I don't use MBAM Pro personally, events like this are why I always have my security software to prompty me for action when a potential threat is found instead of automatically taking action.

In defense of Malwarebytes, I've been using MBAM free for many years and have run it on a number computers and it's only ever given a false positive for a single file. This is very impressive considering that back in the days when antispyware products were common, false positives were unfortunately very common.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Marcin passes along how MBAM is going to improve the update and detection process -
http://blog.malwarebytes.org/news/2013/04/improvements-to-our-updating-process/

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

I'm glad that the MBAM company has been doing all they can do to fix the damage for those users who have been hit by this.

===

But what if (and that it is a big *if*) you are bombarmed with hundreds of those alerts and you cannot quickly enough deal with them and your AV/AT/AM decides on its own to do what it wants?
I am now speaking in general and not in particular related to MBAM!
Read the postings from dear old friend Mele at DSLR.

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

Just an update from our ceo.

http://forums.malwarebytes.org/index.php?showtopic=125315

 

First of all, I am also glad I'm not running MBAM in real time anymore.

Secondly, we can all learn a lesson here. The importance of running back-ups of important data or storing OS images in case of emergency.

Malwarebytes have done something unforgivable for a security company; causing harm rather than preventing harm. But I have no doubt they'll work sincerely on preventing it from ever happening again.

I will continue to use MBAM in just the same way I did before this incident. I completely trust the developers!

 

for me i can tell you i will not use it anymore as i dont want to risk it never again,i remenber one time webroot secure anywhere send one of my laptop to the trush and i promise to my self not to trust any vendors any more for cases like what happened to mbampro false positive it is very dangerous

 

Agree with you jmonge, but how can you be sure the AV you are using now will not have false positive one day?

 

Image....restore.....image.....restore....

 

Is MB fixed now? Is it safe to run as of today?

 

siketa and antartica are correct,it is just i am alitle scare to have it in real time

 

WSA does not auto quarantine by default unless you set it that way, so who is at fault? Also you can set MBAM not to quarantine which is on by default.

TH

 

To be fair to jmonge, he did not say that WSA trashed his computer for the same reasons.

 

it was a strnage isue and it was the hips engine when it was triger my brother who select block and after that my laptop was burn

 

Are you positive this was cause by WSA?

 

There was only a window of 15 minutes when the file definitions that caused this problem was available.

 

Statically, same/simular accidents have a low problability to happen twice . . . so turning away from MBAM increases the risk you are running away from

 

Re: AntiMalwarebytes just nuked 20 of our systems with False Positive

From the links Shadowwar and siljaline provided:

That sounds good to me. 1 question though: Is the FP testing done manually or automated?