Author Topic: mbamservice.exe false positives  (Read 20187 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84564
  • No support PMs thanks
Re: mbamservice.exe false positives
« Reply #45 on: November 12, 2010, 10:12:48 PM »
The rootkit scan although integrated into the Full scan I believe would produce the normal rootkit alert as it isn't using signature detections as the other parts of the full system scan. So at the very least I don't think it could be integrated into the report file and none of the alerts you got are rootkit related but signature detections.

So not running the rootkit scan as you are suggesting wouldn't make any difference as it isn't the rootkit part of the scan that is alerting.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #46 on: November 12, 2010, 11:59:40 PM »
Okay, I'll take your word for it, and instead of messing around with disabling the rootkit portion of the Custom scan, I'll disable the memory area.  All indicators point to that being the solution to this issue.  And if doing so does cause the detections to cease, I'll be even more puzzled by the fact that Full system scans (that claim to scan "modules loaded in memory") are not producing these detections.  I'll report back.  Appreciate the input!

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #47 on: November 13, 2010, 08:27:37 PM »
Removed memory area from the Custom scan.
It has now been one day in a row without the mbamservice.exe detection, on either machine.  :)
But I have to see if it is going to last.
On a previous occasion I have experienced back-to-back days of zero mbam detections.
If the issue is resolved by this, then I plan to slowly add back in the other areas I have removed or reset to default... like sensitivity, Scan all files and full rootkit scan.

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #48 on: November 14, 2010, 03:14:01 PM »
Two days in a row.   :)

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #49 on: November 16, 2010, 07:33:11 PM »
With the memory area removed from the Custom scan, it's been four days without a mbamservice.exe detection.

Yesterday I added back all of the other Custom scan settings that I prefer...

Full rootkit scan
Heuristics on High
Sensitivity set to test whole files
Scan for PUPS
and
Scan all files

... and no mbam detections. 

The problem totally lies within the memory scanning portion of the Custom scan, whereas there is no such issue with the memory scanning portion of the Full system scan.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84564
  • No support PMs thanks
Re: mbamservice.exe false positives
« Reply #50 on: November 16, 2010, 09:01:44 PM »
Which is what I have been saying all along, scanning the memory in a custom scan will find and alert on the unencrypted virus signatures loaded by MBAM when they are present.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #51 on: November 16, 2010, 09:21:43 PM »
Which is what I have been saying all along, scanning the memory in a custom scan will find and alert on the unencrypted virus signatures loaded by MBAM when they are present.
You have been saying that? 
Where exactly have you been saying that?
<just joking, DavidR>

In fairness, you have also said the problem might be in other areas as well...

"Well test whole files (and Scan for PUPs) isn't on by default and is possibly the area where it is picking them up."
"Well my guess is it also depends on the other settings you have in your custom scan as you appear to have it set to the absolute maximum sensitivity, etc."
But I give you credit for identifying the problem even when avast support was calling it a false detection that they would fix.
Now if only they would fix what we have found.  :)

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: mbamservice.exe false positives
« Reply #52 on: December 06, 2010, 09:39:36 PM »
Just a quick follow up note (even though the thread is old I was advised it would be best to post here)...

the mbamservice.exe memory detections during custom scan have all but stopped over the last couple of weeks. 

I had broken the custom scan into two, one with and one without memory scanning. Naturally, all the detections then occured in the memory scans.  But it has now been a full week, at least, without any detections whatsoever (on either machine), and maybe just a couple prior to that, going back two weeks. 

Perhaps either avast or MBAM changed something, or maybe it is the implementation of v1.50.  Whatever the case, I wanted people to see the follow up, even though it involves resurrecting an old thread.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69302
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: mbamservice.exe false positives
« Reply #53 on: December 07, 2010, 08:36:54 AM »
Thanks for the feedback..!
asyn
Win 8.1 [x64] - Avast PremSec 21.2.2451.Beta#2 [UI.599] - EEK - Firefox ESR 78.8 [NS/uBO/PB] - TB 78.8
Avast-Tools: Secure Browser 88.2 - Cleanup P 21.1 - SecureLine 5.9 - Driver Updater 21.1 - CCleaner 5.77
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11077
  • No support PM's thanks
Re: mbamservice.exe false positives
« Reply #54 on: December 07, 2010, 08:49:03 AM »
Glad that it's all working fine for you now, it was certainly a mission :)