Author Topic: ===> False Positives <===  (Read 155279 times)

0 Members and 1 Guest are viewing this topic.

Reply #225April 27, 2017, 03:44:52 am

welbot

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #225 on: April 27, 2017, 03:44:52 am »
Hi,

Not sure if these have been reported yet, but I keep getting these 3 entries when I scan.

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

The first 2 I'm not 100% certain of their function, but at a guess, I think they're for placing recently used programs at the top of the start menu.
The 3rd entry has been confirmed as a new addition to version 1703 of Windows 10 by Microsoft. (The folder contains another folder called BrowserCore, and inside that is a BrowserCore.exe, a manifest.json file, and a folder named en-US.

Virus total scan of BrowserCore.exe found 0 reports of infection. (https://www.virustotal.com/en/file/9435f2f1d87523c13439887d0a76259cbb44dd6a37760fc353b7f1f023567160/analysis/1493256689/)

Reply #226April 27, 2017, 06:43:00 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #226 on: April 27, 2017, 06:43:00 pm »
Hi welbot,

Welcome to Adlice.com Forum.

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and are, indeed, linked to recent entries in Windows Start Menu.
For more information, please read RogueKiller Documentation.

The Windows Security folder is a well known false positive.
This will be fixed on RogueKiller next release.

Regards.

Reply #227May 04, 2017, 04:09:29 pm

JeffF73

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #227 on: May 04, 2017, 04:09:29 pm »
Hello.
I did a scan and it came up with a false positive of:
[Adw.Elex|Tr.Zusy|PUP.Divcom] MBAMService.exe(4736) -- D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[7] -> Found

Reply #228May 04, 2017, 04:10:43 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #228 on: May 04, 2017, 04:10:43 pm »
Hi Jeff,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Reply #229May 04, 2017, 04:14:25 pm

JeffF73

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #229 on: May 04, 2017, 04:14:25 pm »
Hello Curson Thank you.
Surely here it is.

Reply #230May 04, 2017, 04:19:57 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #230 on: May 04, 2017, 04:19:57 pm »
Hi Jeff,

Thanks for supporting our product.
RogueKiller is detecting MalwareBytes malware database.

This issue has been fixed when MBAM is installed on standard location but since you run it from the D: drive, the detection is still present.
As a Premium user, you can exclude it using RogueKiller External Scanner.

Regards.

Reply #231May 04, 2017, 04:24:05 pm

JeffF73

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #231 on: May 04, 2017, 04:24:05 pm »
You're welcome.

I kind of thought it maybe the Drive I have it installed on right after I attached the log.
I use an SSD for a Boot Drive/O.S Installation then my D: drive is for everything else lol. Glad to hear this.
Thank you

Reply #232May 04, 2017, 04:55:04 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #232 on: May 04, 2017, 04:55:04 pm »
Hi Jeff,

You are welcome.
Don't hesitate to open a new thread if you need help with RogueKiller External Scanner.

Regards.

Reply #233May 06, 2017, 08:20:07 pm

GCRaistlin

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #233 on: May 06, 2017, 08:20:07 pm »
False positives:

Reply #234May 07, 2017, 01:59:13 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #234 on: May 07, 2017, 01:59:13 pm »
Hi GCRaistlin,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Reply #235May 07, 2017, 05:13:25 pm

GCRaistlin

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #235 on: May 07, 2017, 05:13:25 pm »
Should I perform a rescan?

Reply #236May 07, 2017, 05:25:58 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #236 on: May 07, 2017, 05:25:58 pm »
Hi GCRaistlin,

No need.
To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a right click on the first line, the click on the "Export txt" button.

Regards.

Reply #237May 07, 2017, 05:39:16 pm

GCRaistlin

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #237 on: May 07, 2017, 05:39:16 pm »
I used RogueKillerCMD so there's nothing on this tab.

Reply #238May 07, 2017, 05:43:57 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2310
  • Reputation:
    82
    • View Profile
Re: ===> False Positives <===
« Reply #238 on: May 07, 2017, 05:43:57 pm »
Hi GCRaistlin,

Could you please check C:\ProgramData\RogueKiller\Logs directory ?
If no log is there, please redo a scan.

Regards.

Reply #239May 07, 2017, 06:06:40 pm

GCRaistlin

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #239 on: May 07, 2017, 06:06:40 pm »
Logs (one for nncron.exe, one for netfilter.exe)