ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

I hate False Positives and need help correcting one

(1/3) > >>

wraith808:
First a disclaimer: I run malwarebytes.  I don't really think that given my habits its a necessity, but I do it anyway.  Mostly for ransomware as my server got hit with it a while ago, though it wasn't user error, rather an exploit of RDP.  That was a real nightmare, so I continue to run it.

I was installing some things in msys2 and hadn't thought to exclude my dev tools directory.  MB incorrectly identified Pacman.exe as ransomware, and removed all rights from the file, and changed the owner to noone.  I have now added an exclusion, but is there a way to reverse the actions of MB, i.e. make pacman accessible?  Deleting it wouldnt' have been worse than this. 

I really don't want to start from scratch with a new installation of msys2.  Does anyone know of a way to regain access to a file that's been locked down like this?

I hate False Positives and need help correcting one
I hate False Positives and need help correcting one

Stoic Joker:
You should just be able to take ownership of the file and then renable inheritance (and/or assign whatever permissions you like/need) for it.

wraith808:
You should just be able to take ownership of the file and then renable inheritance (and/or assign whatever permissions you like/need) for it.
-Stoic Joker (March 07, 2018, 11:12 AM)
--- End quote ---

Nope.  The owner was set to nothing, and since there was no owner and I didn't have permissions, I couldn't take ownership.

I did keep going as this was pretty critical and figured it out with the help of Malwarebytes techs.

I disabled antiransomware, and it restored the permissions.  Then I was able to enable it, and with the exclusions in place it didn't detect it.  With that work around in place, it makes it a lot less questionable what they did, but it did almost give me a heart attack.  I was up until 2 AM my time trying before I gave up.

Also for anyone interested, the logs are there- they just don't show up in the protection log.  You have to look in C:\ProgramData\Malwarebytes\MBAMService\ArwDetections to see if it's there.  If it's not, it's in the mbamservice.log located in C:\ProgramData\Malwarebytes\MBAMService\LOGS

Shades:
Is the Admin account on your system not capable of changing ownership of files and/or folders?  This account is by default disabled, but enabling it is done in a second or so.

wraith808:
Is the Admin account on your system not capable of changing ownership of files and/or folders?  This account is by default disabled, but enabling it is done in a second or so.
-Shades (March 07, 2018, 09:40 PM)
--- End quote ---

Again, they had removed (or apparently changed to an account that they created) the ownership.  The admin account couldn't access it either, as all rights had been removed.

Navigation

[0] Message Index

[#] Next page

Go to full version