Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
===> False Positives <===
« previous
next »
Print
Pages:
1
...
14
15
[
16
]
17
18
...
30
Author
Topic: ===> False Positives <=== (Read 352427 times)
0 Members and 3 Guests are viewing this topic.
Reply #225
April 27, 2017, 03:44:52 AM
welbot
Newbie
Offline
1
Reputation:
0
Re: ===> False Positives <===
«
Reply #225 on:
April 27, 2017, 03:44:52 AM »
Hi,
Not sure if these have been reported yet, but I keep getting these 3 entries when I scan.
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found
The first 2 I'm not 100% certain of their function, but at a guess, I think they're for placing recently used programs at the top of the start menu.
The 3rd entry has been confirmed as a new addition to version 1703 of Windows 10 by Microsoft. (The folder contains another folder called BrowserCore, and inside that is a BrowserCore.exe, a manifest.json file, and a folder named en-US.
Virus total scan of BrowserCore.exe found 0 reports of infection. (
https://www.virustotal.com/en/file/9435f2f1d87523c13439887d0a76259cbb44dd6a37760fc353b7f1f023567160/analysis/1493256689/
)
Logged
Reply #226
April 27, 2017, 06:43:00 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #226 on:
April 27, 2017, 06:43:00 PM »
Hi welbot,
Welcome to Adlice.com Forum.
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and are, indeed, linked to recent entries in Windows Start Menu.
For more information, please read
RogueKiller Documentation
.
The Windows Security folder is a well known false positive.
This will be fixed on RogueKiller next release.
Regards.
Logged
Reply #227
May 04, 2017, 04:09:29 PM
JeffF73
Newbie
Offline
3
Reputation:
0
Re: ===> False Positives <===
«
Reply #227 on:
May 04, 2017, 04:09:29 PM »
Hello.
I did a scan and it came up with a false positive of:
[Adw.Elex|Tr.Zusy|PUP.Divcom] MBAMService.exe(4736) -- D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[7] -> Found
Logged
Reply #228
May 04, 2017, 04:10:43 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #228 on:
May 04, 2017, 04:10:43 PM »
Hi Jeff,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?
Regards.
Logged
Reply #229
May 04, 2017, 04:14:25 PM
JeffF73
Newbie
Offline
3
Reputation:
0
Re: ===> False Positives <===
«
Reply #229 on:
May 04, 2017, 04:14:25 PM »
Hello Curson Thank you.
Surely here it is.
Logged
Reply #230
May 04, 2017, 04:19:57 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #230 on:
May 04, 2017, 04:19:57 PM »
Hi Jeff,
Thanks for supporting our product.
RogueKiller is detecting MalwareBytes malware database.
This issue has been fixed when MBAM is installed on standard location but since you run it from the D: drive, the detection is still present.
As a Premium user, you can exclude it using
RogueKiller External Scanner
.
Regards.
Logged
Reply #231
May 04, 2017, 04:24:05 PM
JeffF73
Newbie
Offline
3
Reputation:
0
Re: ===> False Positives <===
«
Reply #231 on:
May 04, 2017, 04:24:05 PM »
You're welcome.
I kind of thought it maybe the Drive I have it installed on right after I attached the log.
I use an SSD for a Boot Drive/O.S Installation then my D: drive is for everything else lol. Glad to hear this.
Thank you
Logged
Reply #232
May 04, 2017, 04:55:04 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #232 on:
May 04, 2017, 04:55:04 PM »
Hi Jeff,
You are welcome.
Don't hesitate to open a new thread if you need help with RogueKiller External Scanner.
Regards.
Logged
Reply #233
May 06, 2017, 08:20:07 PM
GCRaistlin
Newbie
Offline
5
Reputation:
0
Re: ===> False Positives <===
«
Reply #233 on:
May 06, 2017, 08:20:07 PM »
False positives:
nncron.exe
- an executable of
nnCron
netfilter.sys
- from Kerio Control
Logged
Reply #234
May 07, 2017, 01:59:13 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #234 on:
May 07, 2017, 01:59:13 PM »
Hi GCRaistlin,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?
Regards.
Logged
Reply #235
May 07, 2017, 05:13:25 PM
GCRaistlin
Newbie
Offline
5
Reputation:
0
Re: ===> False Positives <===
«
Reply #235 on:
May 07, 2017, 05:13:25 PM »
Should I perform a rescan?
Logged
Reply #236
May 07, 2017, 05:25:58 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #236 on:
May 07, 2017, 05:25:58 PM »
Hi GCRaistlin,
No need.
To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a right click on the first line, the click on the "Export txt" button.
Regards.
Logged
Reply #237
May 07, 2017, 05:39:16 PM
GCRaistlin
Newbie
Offline
5
Reputation:
0
Re: ===> False Positives <===
«
Reply #237 on:
May 07, 2017, 05:39:16 PM »
I used RogueKillerCMD so there's nothing on this tab.
Logged
Reply #238
May 07, 2017, 05:43:57 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ===> False Positives <===
«
Reply #238 on:
May 07, 2017, 05:43:57 PM »
Hi GCRaistlin,
Could you please check C:\ProgramData\RogueKiller\Logs directory ?
If no log is there, please redo a scan.
Regards.
Logged
Reply #239
May 07, 2017, 06:06:40 PM
GCRaistlin
Newbie
Offline
5
Reputation:
0
Re: ===> False Positives <===
«
Reply #239 on:
May 07, 2017, 06:06:40 PM »
Logs
(one for nncron.exe, one for netfilter.exe)
Logged
Print
Pages:
1
...
14
15
[
16
]
17
18
...
30
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
===> False Positives <===