Malwarebytes false positive on IMatch 2017

Started by dcb, June 01, 2017, 12:09:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

dcb

June 01, 2017, 12:09:18 PM
I've just had Malwarebytes pull a false positive on IMatch 2017. It previously did this to me with IMatch 5.5 as well. I suggest anyone running malwarebytes create an exclusion for C:\Program Files (x86)\photools.com to pick up all versions.

I had installed the latest trial and after testing for an hour was running my new script to move files from Dropbox into an import director. That's right when malwarebytes struck and pulled the exe out from under me. Timing couldn't have been less perfect.

If something similar happens to you:

1. Create an exclusion
2. Reboot
3. Reinstall/repair IMatch
Have you backed up your photos today?

Mario

#1
June 01, 2017, 12:55:11 PM
You should never exclude an entire folder in ...program files... from a virus scan, just specific executables.
Something malicious could copy something into an excluded folder to trick your anti-virus.

I use VirusTotal.com (Google) to check IMatch with all major anti-virus products, in addition to the 3 + Windows Defender I use here.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

BanjoTom

#2
June 01, 2017, 02:08:46 PM
I also use Malwarebytes.  Would it be proper to exclude from detection all the applications (executable files) in the c:\Program Files (x86)\photools.com\IMatch6 folder? 

That would be the ".exe's" for exiftool, ffmpeg, ffprobe, IMatch2017, IMDBConverter, IMPackAndGo, impl, and PTDebug. 
— Tom, in Lexington, Kentucky, USA

Mario

#3
June 01, 2017, 02:21:01 PM
Yes. But I suggest you send the executables to the MWB vendor so they can check their code and fix it. Reporting a false positive is always a good thing.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

clpratt

#4
June 02, 2017, 10:50:03 AM

I reported a similar problem in the "IMatch 2017 just released" thread on 26 May 2017, 15:11:56

"IMatch 2017 installed and running well, but Malwarebytes is telling me that two IMatch files are a Ransomeware Agent, and it tells me to reboot my pc to complete the quarantine process.
When I do this IMatch  does not run anymore and has to be repaired.
Anybody else got this problem. I ran ESET and Windows Defender, neither sees IMatch as a threat."

Mario suggested I send a report to MLB which I did, but so far received no reply.
But since then MLB seems happy and I have had no further problems.

Mario

#5
June 02, 2017, 02:07:17 PM
Quote from: clpratt on June 02, 2017, 10:50:03 AM
Mario suggested I send a report to MLB which I did, but so far received no reply.
But since then MLB seems happy and I have had no further problems.
Great. This is the proper way to handle this. The anti-virus vendor can check the executable to see if it is OK and then update the engine signatures so the file passes the test.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook
Print
Go Up Pages1
User actions