Loading...
> >

DAZ Studio Ransomwear blocked??

marblemarble Posts: 7,500
edited July 2022 in Daz Studio Discussion

I was just working in DAZ Studio as usual when it crashed and a notification appeared on my screen saying Malwearbytes has quarrantined it due to detected ransomwear. This is something of a worry ...

Ransomewear.jpg
1048 x 260 - 48K
Post edited by marble on

Comments

  • Richard HaseltineRichard Haseltine Posts: 100,804
    edited July 2022

    It doesn't like it if you update products through Daz Studio, so it is replacing one file with an updated version of itself - I've had to set MWB to ignore my installed content directories for that (they would hardly be my first concern in the event of a real attack sicne they can be  reinstalled) You'll note it is Generic (meaning it looked at behaviour) rather than finding an actual piece of malware.

    Post edited by Richard Haseltine on
  • marblemarble Posts: 7,500

    Richard Haseltine said:

    It doesn't like it if you update products through Daz Studio, so it is replacing one file with an updated version of itself - I've had to set MWB to ignore my installed content directories for that (they would hardly be my first concern in the event of a real attack sicne they can be  reinstalled) You'll note it is Generic (meaning it looked at behaviour) rather than finding an actual piece of malware.

     

    I don't think I was updating any products but I agree that I should feel somewhat secure as it looks like a false positive. I've had more of those with MalwareBytes than I get from Windows Defender (or whatever it is called these days).

  • TaozTaoz Posts: 9,940

    Funny, the same happened to one of my own programs I was updating and just had compiled, a couple of days ago.  I had copied it to another folder and ran it from there, then it suddenly shut down with a message from MWB which had quarantined it saying it was ransomware.  I then made a new copy from the same original and scanned it with MWB, but it said it was clean and it was running fine afterwards.  Wonder what's going on. 

  • marblemarble Posts: 7,500

    Taoz said:

    Funny, the same happened to one of my own programs I was updating and just had compiled, a couple of days ago.  I had copied it to another folder and ran it from there, then it suddenly shut down with a message from MWB which had quarantined it saying it was ransomware.  I then made a new copy from the same original and scanned it with MWB, but it said it was clean and it was running fine afterwards.  Wonder what's going on. 

    Don't know but I've had false positives from MWB a few times but never in the middle of working in an app. It just shut DAZ Studio down and quarrantined it. They have a forum dedicated to false positives so maybe they err on the side of caution (or obsession)?

  • Richard HaseltineRichard Haseltine Posts: 100,804

    Generic/heuristic scans can be a pain. I'm sure they do catch the odd thing that is a real thread but they are very prone to catching legitimate actions too - and the developers, at least Norton when I have queried one, are far too certain that the threat is real which must cause a lot of problems for those not able to draw their own conclusions.

  • marblemarble Posts: 7,500
    edited August 2022

    Richard Haseltine said:

    Generic/heuristic scans can be a pain. I'm sure they do catch the odd thing that is a real thread but they are very prone to catching legitimate actions too - and the developers, at least Norton when I have queried one, are far too certain that the threat is real which must cause a lot of problems for those not able to draw their own conclusions.

    I gave up of the big guys like Norton and McAfee. Just more hassle than benefits to my mind. I've had MWB for a dozen or more years and only had problems lately. Otherwise I have Windows Security running too and I am very careful about what links I click and what sites I visit. Plus I am not bombarded with links from Social Media because I disabled facebook and have not installed any of the others. Thankfully DAZ still provides a forum rather than directing users to their Facebook page although the forum needs a bit of work.

    Basically my PC is a dedicated DAZ Studio workstation.

    Post edited by marble on
  • TaozTaoz Posts: 9,940
    edited August 2022

    marble said:

    Taoz said:

    Funny, the same happened to one of my own programs I was updating and just had compiled, a couple of days ago.  I had copied it to another folder and ran it from there, then it suddenly shut down with a message from MWB which had quarantined it saying it was ransomware.  I then made a new copy from the same original and scanned it with MWB, but it said it was clean and it was running fine afterwards.  Wonder what's going on. 

    Don't know but I've had false positives from MWB a few times but never in the middle of working in an app. It just shut DAZ Studio down and quarrantined it. They have a forum dedicated to false positives so maybe they err on the side of caution (or obsession)?

    Programs being shut down has happened to me several times, both with MWB and Defender.  Mostly stuff I've written and compiled myself, which means a lot of different versions over time since the code changes whenever you modify and recompile it, so the chance of sometimes hitting a byte sequence that looks suspicious to an AV program is fairly high. 

    Post edited by Taoz on
  • TaozTaoz Posts: 9,940

    I stick to Windows Defender and MWB too.  Defender is actually considered one of the best by many, here's a test from 2019 and one a couple a months old.

    https://www.techspot.com/news/81396-windows-defender-ranked-joint-best-antivirus-program.html
    https://www.howtogeek.com/225385/what’s-the-best-antivirus-for-windows-10-is-windows-defender-good-enough/

    MWB often has issues though, I don't think they test enough before releasing new versions.

Sign In or Register to comment.