Malwarebytes flagging AdGuard file as PUP.

P

Pentlands

Beta Tester
Hi,

Malwarebytes Anti-Malware is flagging a setup.msi file as a PUP, one which is as far as i can tell, is an Adguard file.

For details see attached MBAM log and screenshot of Digital Signature Details found from (right click) properties of the .msi file.

My best guess is that this is a false positive of an old file, if the version number in the MBAM log is anything to go by... v.5.8.1008.5204

To be on the safe side I've quarantined the file until i hear it's either safe to delete, or to restore.

Signature.JPG
View attachment adguard.txt

Regards.
 
vasily_bagirov

vasily_bagirov

Administrator
Staff member
Administrator
Hello!

Thank you for drawing our attention. This is most likely a false positive, especially considering it is an older version.
We have some history of false positives from Symantec products, so there is no big surprise.

Can I ask you why don't you use the latest released or beta version? I've checked our current setup.msi file and all antivirus software seem to be OK with it.
 
Last edited by a moderator:
P

Pentlands

Beta Tester
I have version 5.10.1190.6188 installed and running, i have no idea why the older setup.msi file is there. I can only assume that during the various updates it didn't get deleted by the Adguard installer.

Also, i don't have any Symantec software on my pc, the programme that flagged the file was Malwarebytes Anti-malware.

I presume you're referring to the Digital Certificate countersignature signed by "Symantec Time Stamping Server - G4" ~ full name visible by expanding the column in Digital Signature Details.

Regards.
 
Last edited by a moderator:
vasily_bagirov

vasily_bagirov

Administrator
Staff member
Administrator
Pentlands said:
I have version 5.10.1190.6188 installed and running, i have no idea why the older setup.msi file is there. I can only assume that during the various updates it didn't get deleted by the Adguard installer.

Also, i don't have any Symantec software on my pc, the programme that flagged the file was Malwarebytes Anti-malware.

I presume you're referring to the Digital Certificate countersignature signed by "Symantec Time Stamping Server - G4" ~ full name visible by expanding the column in Digital Signature Details.

Regards.
Click to expand...
Oops, I decided that Malwarebytes was a Symantec product, and obviously was wrong.

To solve this problem you should first find where this setup.msi file is located. If it's in any other directory other than %Windir%/winSxS, you can just delete it. If setup.mis is in this directory, don't delete it. Windows storages all setup files there in order to be able to uninstall programs properly in the future. In this case,
reinstalling of Adguard will be a solution (setup.msi will be replaced with the latest version).
 
P

Pentlands

Beta Tester
Thanks Vasily,

Even after following these instructions to reduce the size of my %Windir%/winSxS folder:
http://blogs.technet.com/b/askpfeplat/archive/2013/10/08/breaking-news-reduce-the-size-of-the-winsxs-directory-and-free-up-disk-space-with-a-new-update-for-windows-7-sp1-clients.aspx

I'm still left with a folder of 6.03GB, containing 37,307 files in 8,639 folders, making it all but impossible to identify which setup.msi belongs to Adguard.

I'm going to treat the old msi file as a false positive and delete it.

The worst that can happen is i have to reinstall Adguard at some point... and even if that proves problematic i have Revo Uninstaller installed which should remove Adguard without the setup.msi file, allowing me to do a fresh install.

Regards.
 
You must log in or register to reply here.
Top