MBAM a Threat ?

Discussion in 'Prevx Releases' started by CloneRanger, Feb 23, 2014.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I've set WSA to Block the MBAM Scheduler, as i don't need it. But why is WSA showing it as a Threat ?

    thr.png
     
  2. mwb1100

    mwb1100 Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    25
    I assume that "Win32.UserAdded" means that the user (you) added it to the block list.

    I do wish that AVs would provide some sort of glossary for the names they give to threats.
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Block it via the Firewall don't block in active processes as you see WSA will think it's bad. :ouch:

    TH
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ mwb1100

    Yes i added it.

    @ Triple Helix

    I do have it blocked @ the Firewall too. I don't see why WSA should automatically think somwthing is bad, just because we choose to block it. Not everything we want to prevent from running etc, is bad !
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    WSA considers blocked and bad to be identical. There is no supported circumstance in which a file would be only blocked and not removed. We've considered some aspects like this for an application control feature, but that is primarily for the business product.

    So, "UserAdded" is the correct determination. You could, however, leave it unblocked under Block/Allow files and leave it blocked under firewall if you're only looking to block its connections while still letting it run.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    Okey dokey ;)
     
Thread Status:
Not open for further replies.