Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


KIS + MBAM Pro = False Positive??

  • Please log in to reply
6 replies to this topic

#1 okap1


  • Members
  • 25 posts
  • Local time:08:16 AM

Posted 04 July 2015 - 11:17 PM

Received this warning from KIS:  False Positive? Running KIS + MBAM Pro (permissions for each)  Win 8.1


Edited by okap1, 04 July 2015 - 11:28 PM.

BC AdBot (Login to Remove)



#2 1PW


  • Members
  • 316 posts
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:16 AM

Posted 05 July 2015 - 09:23 AM

Hello okap1 / DInosanto:
My opinion here would also hold true for the similar topic in DSLReports.com forum. https://www.dslreports.com/forum/r30152499-KIS-MBAM-Pro-False-Positive
IMO the findings of KIS are likely accurate where the C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware directory became the unwitting receptacle through denied use of the integral Malwarebytes Anti-Malware (MBAM) self-protection module.
Reference: https://www.malwarebytes.org/support/guides/mbam/AdvancedSettings.html

If asked, I would recommend allowing KIS to process the above discovery as a positive find. Furthermore, I would re-evaluate enabling MBAM's self-protection module.
A more detailed investigation would be necessary to confirm the above. The system in question may very well benefit from a thorough examination by a genuinely qualified malware removal expert followed by a re-assessment of the user's computer security processes.

Edited by 1PW, 05 July 2015 - 09:46 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

#3 Aura


    Bleepin' Special Ops

  • Malware Response Team
  • 19,193 posts
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:16 AM

Posted 05 July 2015 - 09:31 AM

I'm using Kaspersky Internet Security with Malwarebytes Premium. I could enable both options of the "Self protection module" and see if I can reproduce the detections. But in the years I've been using both programs together, this kind of detection never occured.

Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#4 MoxieMomma


  • Members
  • 471 posts
  • Local time:06:16 AM

Posted 05 July 2015 - 11:39 AM


Here is the explanation for this KIS detections:

These are not mbam files directly but created by our rootkit portion to do a file compare to see if the file is forged.

I should be a compare of this file: C:\windows\system32\drivers\ttnfd.sys

Would be a good idea to add this folder to exclusions in Kaspersky to prevent this from happening.


#5 okap1

  • Topic Starter

  • Members
  • 25 posts
  • Local time:08:16 AM

Posted 05 July 2015 - 03:11 PM

Somewhat of a novice here...so..

So they are MBAM created files and are safe? Let them remain and instruct KIS to ignore them?

As a novice, not sure I understand the secod line - is shadowwar suggesting putting the ttnfd.sys file located in system32\drivers into the KIS exclusion file?





Edited by okap1, 05 July 2015 - 03:17 PM.

#6 Sintharius


    Bleepin' Sniper

  • Members
  • 5,639 posts
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:16 PM

Posted 05 July 2015 - 03:29 PM

Hi there,

I believe what shadowwar meant to say is to add the path of the folder mentioned in the Kaspersky report (looks like C:\ProgramData\Malwarebytes Anti-Malware - I uninstalled MBAM so cannot confirm it) to KIS' exclusion list.

#7 okap1

  • Topic Starter

  • Members
  • 25 posts
  • Local time:08:16 AM

Posted 05 July 2015 - 03:39 PM

Thanks, Alexstrasza..

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users