vissha Posted November 20, 2016 Share Posted November 20, 2016 Malwarebytes Stumbles With False Positive On KB 3197868, The Win7 November Monthly Rollup Thanks to SC for the heads up. Looks like those of you running Malwarebytes on a Win7 system using Group A updating are in for a rocky ride. Symptoms of the kernel32.dll false positive include locked up systems, and machines that take five minutes or more to shut down. On Thursday, Malwarebytes narrowed down the problem and posted this solution: Quote What can I do if I have been affected by the Kernel32.dll false positive? This detection has been fixed as of database version v2016.11.16.11. This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future. Malwarebytes’ solutions are to uninstall KB 3197868 if you haven’t rebooted after installing it, use System Restore, or manually replace some system files (which is a bear!). Source UPDATE: Link to comment Share on other sites More sharing options...
Skunk1966 Posted November 20, 2016 Share Posted November 20, 2016 problems like this can easily be avoided by just waiting with installing Windows updates; I always postpone updates until there's more information about new updates Link to comment Share on other sites More sharing options...
Sylence Posted November 20, 2016 Share Posted November 20, 2016 only Malwarebytes had this problem or other antivirus vendors as well? Link to comment Share on other sites More sharing options...
Ballistic Gelatin Posted November 20, 2016 Share Posted November 20, 2016 I installed KB 3197868 on Nov. 8 and never experienced any conflicts with MBAM. Luck of the draw, I guess. Link to comment Share on other sites More sharing options...
namek Posted November 20, 2016 Share Posted November 20, 2016 I don't think it's false positive Link to comment Share on other sites More sharing options...
WALLONN7 Posted November 20, 2016 Share Posted November 20, 2016 1 hour ago, namek said: I don't think it's false positive In the last months Windows Updates = PUPs!!! So, it's not a false positive for sure!!! Link to comment Share on other sites More sharing options...
vissha Posted November 20, 2016 Author Share Posted November 20, 2016 2 hours ago, Skunk1966 said: problems like this can easily be avoided by just waiting with installing Windows updates; I always postpone updates until there's more information about new updates Yes, but installing Security Only Quality Updates can prevent this in a better way and also you'll get the systems patched too. Why we need a troubled Monthly updates packed with $h*t non-security updates? Also, if you install monthly update and got to uninstall it, you are making trouble to all previous monthly update since it is cumulative type. Link to comment Share on other sites More sharing options...
steven36 Posted November 20, 2016 Share Posted November 20, 2016 4 hours ago, Skunk1966 said: problems like this can easily be avoided by just waiting with installing Windows updates; I always postpone updates until there's more information about new updates What happened was Microsoft forgot to digitally signi their own file and this caused the problem . Quote We're doing everything we can right now. Ultimately this is on Microsoft for not digitally signing their own file (you can confirm by checking the certificate properties of a file still on the system), which activated Malwarebytes' protections; it was meant to protect you from files like this. We're trying to figure out to which pending update KB this kernel.dll file is related, it may be possible to save the system by killing that update so that the system will not need to switch over to the Windows side by side holding version of kernel.dll as it restarts. https://forums.malwarebytes.org/topic/190637-possible-false-positive-trojan-fake-ms/?do=findComment&comment=1072859 Its a bad update MS16-139: Security update for Windows kernel: Quote Windows6.1-KB3197867-x86.msu Security Only For all supported 32-bit editions of Windows 7Windows6.1-KB3197868-x86.msu Monthly Rollup For all supported x64-based editions of Windows 7:Windows6.1-KB3197867-x64.msu Security Only For all supported x64-based editions of Windows 7:Windows6.1-KB3197868-x64.msu Monthly Rollup https://support.microsoft.com/en-us/kb/3199720 kernel32.dll is botched in the Monthly Rollup because its not signed not sure about the standalone update if they signed it in that one ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.