Author Topic: MalwareBytes is suspicious AV software.  (Read 185 times)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6758
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
MalwareBytes is suspicious AV software.
« on: October 23, 2019, 02:08:58 AM »
It is unfortunate that MalwareBytes has joined the club of mediocre AV companies pumping out false positives to get their hit count up. A member of the PowerBASIC forum found the name of the file that offended MalwareBytes, an archive written by "Test Department" before the year 2000 and as I could not be bothered testing over 50 tutorials, I simply replaced the full source and binaries with a source only archive. Its there for folks who want to write a very old style of 32 bit assembler, it would be of very little use by modern standards.

I replaced the file "td_win32asm_all.zip" with "td_src_only.zip" and fed it through VirusTotal with no false positives recorded.

As far as MalwareBytes, a few basic lessons in who and what are the authority on file specifications, Windows (all) is produced by the Microsoft Corporation and the definitive specifications for portable executable file in Windows is PECOFF.DOC, not MalwareBytes. Noting that a ZIP file with content dating back before 2006 and actually written before 2000 does not comply with DEP, does not need a manifest or version control blocks, actually bothering to detect the file date is not hard to do.

At this moment I could not safely recommend anyone using MalwareBytes until they improve their performance.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

sinsi

  • Member
  • *****
  • Posts: 1187
Re: MalwareBytes is suspicious AV software.
« Reply #1 on: October 23, 2019, 03:11:27 AM »
It's still blocking this site for me.

Unfortunate, but I don't think I will renew my subscription in November  :sad:
My list of exclusions is getting out of hand.
I can walk on water but stagger on beer bourbon.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6758
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: MalwareBytes is suspicious AV software.
« Reply #2 on: October 23, 2019, 09:22:27 AM »
Mike from the PB forum said it is now unblocked so when you hit the deck today, see if it is clear now. I have run into internet vigilantes before years ago and I think it was the same file. This bunch of jerks contacted my host and made a complaint so I wrote an email to my host at the time to send back to them given they did not have a clue and funny enough I never heard from them again but they did make a PHUKN pest of themselves in their ignorance.

I ran the old binary past Kaspersky and it flagged it as clean, it appears that Kaspersky do their own AV scanning, not the half arsed collective that the junk AV scanners use.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

sinsi

  • Member
  • *****
  • Posts: 1187
Re: MalwareBytes is suspicious AV software.
« Reply #3 on: October 23, 2019, 09:56:24 AM »
Yep, it's finally unblocked.

Maybe I will keep it, nowadays you need some sort of AV and I've found it to be pretty light on system resources.
The other reason is the cost - I got in years ago and only pay $30 for 3 computers a year (now it's $87.99 for the same deal).

edit: Hit the "Post" button and guess what? BLOCKED. WTF?
I can walk on water but stagger on beer bourbon.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6758
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: MalwareBytes is suspicious AV software.
« Reply #4 on: October 23, 2019, 10:58:34 AM »
I found the solution, a tool from Kaspersky called KVRT.exe, their free virus removal tool. It does a lot more work than the free MalwareBytes and it is reasonably fast. I don't want something that runs in the background, I specifically need on demand scanning so if I can bypass Kaspersky's front end and find out what I need, I will buy it from them.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy: