Malwarebytes flagging AdGuard file as PUP.

Discussion in 'Quality Control' started by Pentlands, Feb 2, 2015.

  1. Pentlands

    Pentlands Beta Tester

    Joined:
    Mar 11, 2014
    Messages:
    79
    Hi,

    Malwarebytes Anti-Malware is flagging a setup.msi file as a PUP, one which is as far as i can tell, is an Adguard file.

    For details see attached MBAM log and screenshot of Digital Signature Details found from (right click) properties of the .msi file.

    My best guess is that this is a false positive of an old file, if the version number in the MBAM log is anything to go by... v.5.8.1008.5204

    To be on the safe side I've quarantined the file until i hear it's either safe to delete, or to restore.

    Signature.JPG
    View attachment adguard.txt

    Regards.
     
  2. vasily_bagirov

    vasily_bagirov Administrator Staff Member Administrator

    Joined:
    Jul 1, 2014
    Messages:
    6,900
    Hello!

    Thank you for drawing our attention. This is most likely a false positive, especially considering it is an older version.
    We have some history of false positives from Symantec products, so there is no big surprise.

    Can I ask you why don't you use the latest released or beta version? I've checked our current setup.msi file and all antivirus software seem to be OK with it.
     
    Last edited by a moderator: Feb 4, 2015
  3. Pentlands

    Pentlands Beta Tester

    Joined:
    Mar 11, 2014
    Messages:
    79
    I have version 5.10.1190.6188 installed and running, i have no idea why the older setup.msi file is there. I can only assume that during the various updates it didn't get deleted by the Adguard installer.

    Also, i don't have any Symantec software on my pc, the programme that flagged the file was Malwarebytes Anti-malware.

    I presume you're referring to the Digital Certificate countersignature signed by "Symantec Time Stamping Server - G4" ~ full name visible by expanding the column in Digital Signature Details.

    Regards.
     
    Last edited by a moderator: Feb 3, 2015
  4. vasily_bagirov

    vasily_bagirov Administrator Staff Member Administrator

    Joined:
    Jul 1, 2014
    Messages:
    6,900
    Oops, I decided that Malwarebytes was a Symantec product, and obviously was wrong.

    To solve this problem you should first find where this setup.msi file is located. If it's in any other directory other than %Windir%/winSxS, you can just delete it. If setup.mis is in this directory, don't delete it. Windows storages all setup files there in order to be able to uninstall programs properly in the future. In this case,
    reinstalling of Adguard will be a solution (setup.msi will be replaced with the latest version).
     
  5. Pentlands

    Pentlands Beta Tester

    Joined:
    Mar 11, 2014
    Messages:
    79
    Thanks Vasily,

    Even after following these instructions to reduce the size of my %Windir%/winSxS folder:
    http://blogs.technet.com/b/askpfepl...h-a-new-update-for-windows-7-sp1-clients.aspx

    I'm still left with a folder of 6.03GB, containing 37,307 files in 8,639 folders, making it all but impossible to identify which setup.msi belongs to Adguard.

    I'm going to treat the old msi file as a false positive and delete it.

    The worst that can happen is i have to reinstall Adguard at some point... and even if that proves problematic i have Revo Uninstaller installed which should remove Adguard without the setup.msi file, allowing me to do a fresh install.

    Regards.