Malwarebytes False Alarm

Started by erichaas, June 09, 2017, 01:08:17 AM

Previous topic - Next topic

erichaas

Malwarebytes has been flagging ExifTool as generic ransomware.  I tried setting an exclusion for ExifTool, but MB seems to be ignoring the exclusion. I submitted a support request to Malwarebytes, but so far I have only received a "Thanks for contacting us" email, which said, "IMPORTANT: We are currently experiencing delays in email responses due to high volume."


Mario

Quote"IMPORTANT: We are currently experiencing delays in email responses due to high volume."

That's a standard phrase you get from most companies these days....
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

erichaas

I finally heard back from Malwarebytes, and they claim the problem has now been fixed. I haven't had a chance to try it yet.

Mario

Sounds good. I guess these companies get thousands of reports every day and just need time to wade through.
Since I have shipped six versions of IMatch in the past two weeks, all naturally with changes binaries, the problem may have gone away anyway. Or re-appear  ;)
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

muranod

FYI, I just had this same flag pop up this evening, 7/20/2020. First time I've ever seen it.

Mario

I test every release of IMatch on VirusTotal.com and I run four different virus checkers on my own computers.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

muranod

I had no doubt about that. When it happened, I thought something got infected post installation, so just to be sure, I let Malwarebytes quarantine and delete the offending file. Had to reinstall Imatch, but nothing was lost.

Mario

As long as the digital certificate of the installer is valid (Windows will warn you otherwise) you have an unmodified copy of the installer. The installer and all DLLs and executables are signed.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook