AntiVirus program has quarantined PSu saying it is ransomware

Post Reply
barneagle
Posts: 83
Joined: 13 Nov 16 13:18

AntiVirus program has quarantined PSu saying it is ransomware

Post by barneagle » 11 Jul 20 21:33

I recently installed MalwareBytes (MB) anti-virus. Today I ran PSu for the first time since acquiring MB and it soon stopped. I could not re-run it either from the taskbar or from the Start menu. I found that this was because MB had quarantined PSu. I told MB that I trusted PSu and ran it again, but MB quarantined it again, saying that it is ransomware.

Has anyone encountered this issue? Is it possible that the PSu exe file has been hijacked and contains ransomware?

I think that on each occasion MB only intervened and quarantined PSu after I started a processor and/or disk intensive activity (labelling about 100 photos). Is it possible that MB mistakenly interprets that intensive activity as the behaviour of ransomware?

Any advice, please?

Hert
Posts: 6250
Joined: 13 Sep 03 7:24

Re: AntiVirus program has quarantined PSu saying it is ransomware

Post by Hert » 11 Jul 20 22:53

You can report false positives to them:
https://support.malwarebytes.com/hc/en- ... es-Support

Also, always exclude the catalog folder from any virus scanner that you install. They heavily impact performance by trying to scan changes made to the SQLite database. SQLite creates and deletes temporary files constantly which Virus Scanners don't like. The Catalog Folder is the folder containing your *.cat.db and *.thumbs.db files.

If you're running Windows then keep in mind that you already have a very good virus scanner installed called Windows Defender. Also in Defender it's good practice to exclude the catalog folder.
This is a User-to-User forum which means that users post questions here for other users.
Feature requests, change suggestions, or bugs can be logged in the ticketing system

barneagle
Posts: 83
Joined: 13 Nov 16 13:18

Re: AntiVirus program has quarantined PSu saying it is ransomware

Post by barneagle » 12 Jul 20 11:21

Thanks very much for your advice, Hert.

I shall take it that you believe there is no reason for me to suspect that PSu has been hijacked by malware, and that the issue has been caused by MalwareBytes being over-zealous in looking out for suspicious disk/processor activity.

I shall get MB to unquarantine PSu then get rid of MB and go back to relying on Windows Defender.

I shall report the false positive to MB.

I shall also take your advice and exclude the Catalog folder from Defender's scanning.

barneagle
Posts: 83
Joined: 13 Nov 16 13:18

Re: AntiVirus program has quarantined PSu saying it is ransomware

Post by barneagle » 14 Jul 20 8:40

I've reported the issue to MalwareBytes and they have accepted that "it was a False Positive and should not be detected any more."

Hert
Posts: 6250
Joined: 13 Sep 03 7:24

Re: AntiVirus program has quarantined PSu saying it is ransomware

Post by Hert » 14 Jul 20 13:25

That’s great. Thank you for the feedback.
This is a User-to-User forum which means that users post questions here for other users.
Feature requests, change suggestions, or bugs can be logged in the ticketing system

Post Reply