• 0

Malwarebytes released a false positive and brought systems to their knees.


Question

Today Malwarebytes pushed out an update which proceeded to quarantine most of the system32 directory among other folders bring systems to their knees. You can follow the information at the following thread.

The newest update that just downloaded broke - hard.

http://forums.malwar...pic=125127&st=0

An update has been released which fixes the bad definition.

Link to comment
Share on other sites

17 answers to this question

Recommended Posts

  • 0

...reminds me of an old xp system 32 joke

I forget how it went, but essentially deleting system 32 cleans all spyware from xp

(Untrue and a silly thing to do, granted)

Link to comment
Share on other sites

  • 0

This is causing us about 70 re-installations of Windows, Office, etc. tonight. NOT FUN. We were on the Enterprise version and all of a sudden all of our workstations came crashing down. The enterprise got the update and pushed it out to all the clients simultaneously. We just purchased it about a week ago.

Link to comment
Share on other sites

  • 0

This is causing us about 70 re-installations of Windows, Office, etc. tonight. NOT FUN. We were on the Enterprise version and all of a sudden all of our workstations came crashing down. The enterprise got the update and pushed it out to all the clients simultaneously. We just purchased it about a week ago.

Yeah that isn't any fun at all. This is why you'll have to have an update gateway on the Enterprise level allowing you to test updates in the lab before allowing them loose on the install base. Sucks, but when stuff like this gets through it burns hard.

If Malwarebytes doesn't allow that I would just chuck it until it did.

Link to comment
Share on other sites

  • 0

These types of things are always a risk when using real time protection. I've had to help deal with other system-breaking issues caused by bad updates in the past with other products (100% cpu usage issue that prevented the system from logging in (Trend PC-Cillin, a reboot loop (can't remember what product that was) and false positives breaking various programs).

Link to comment
Share on other sites

  • 0

You don't use any antivirus or antimalware programs?

AV protection is overrated.

A good blacklist should suffice.

Link to comment
Share on other sites

  • 0

And this is why we now use Forefront at our university. Worst that ever happened was a Google Chrome false positive.

Also reinforces my use of Windows Defender at home.

Link to comment
Share on other sites

  • 0

You don't use any antivirus or antimalware programs?

I never use anything on my personal machines. I put usually put MSE or MBAM on machines I give to my family but I haven't used anything in years and have been fine. As long as you're smart, I don't think it's a problem. I also never install Java on my own machines which probably helps. ;)

Link to comment
Share on other sites

  • 0

Hello,

No idea what happened here, but some anti-malware developers test their virus signature database updates against supported operating systems (all the combinations of service pack levels, localizations, CPU architectures) as well as popular applications (Microsoft, Adobe, Google, et cetera) before releasing them to ensure a hit on a false positive doesn't reach their customers.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • 0

Hello,

No idea what happened here, but some anti-malware developers test their virus signature database updates against supported operating systems (all the combinations of service pack levels, localizations, CPU architectures) as well as popular applications (Microsoft, Adobe, Google, et cetera) before releasing them to ensure a hit on a false positive doesn't reach their customers.

Regards,

Aryeh Goretsky

yeah, and it seem malwarebytes skip this process.

Link to comment
Share on other sites

  • 0

I think this is very much a coming of age story for every antimalware provider. I genuinely cannot think of any that have managed to learn this lesson the easy way, although for some the memory is a bit fuzzy from time. I think AVG had one of the most practical responses with a bootable Linux ISO available the next day which would undo the damage.

At least you can be sure that they won't make that mistake twice and MBAM's realtime protection is finally ready for production. :rofl:

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.