Bug Report Malwarebytes having an issue with updater.exe

[Proemas]

Well. That's not good. Tried to update OBS Studio today. Malwarebytes no like:

-Log Details-
Protection Event Date: 5/22/17
Protection Event Time: 7:58 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1997
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Users\mhors\AppData\Roaming\obs-studio\updates\updater.exe, Delete-on-Reboot, [0], [-1],0.0.0


(end)

 

[Lain]

(I edited the title to be slightly less alarmist-sounding - apologies in advance)

Others have reported this, it's definitely a false-positive. It's most likely mistaking it as malware because OBS downloads the update module and then the update module downloads the update and patches the program -- most likely causing it to mistake it for malware-like behavior when it's actually not. The updater module is just used to download the update so it can update OBS. (This whole thing is probably due to that whole ransomware thing that happened with the Wanacry virus earlier this month, not entirely surprising unfortunately)

We've submitted a false-positive report to Malwarebytes, hoping to see it resolved. The updater module is digitally signed by us, and the source code for it is on our github repository here: https://github.com/jp9000/obs-studio/tree/master/UI/win-update/updater

If you right-click on the updater.exe file and go to properties, in the "Digital Signatures" tab in properties, you'll see it lists "Open Source Developer, Hugh Bailey" (the author of the program). That's us, and that verifies that it's compiled/signed by us.

 

[Proemas]

Awesome. Thanks for the information. I can move on from that moment of serious panic now.

 

[Banyarola]

I have the pro version and lately found it was slowing down my system so I don't auto start it anymore.
I just scan every now and then.