Malwarebytes hardens its stand against Potentially Unwanted Programs

Malwarebytes stand towards PUPs or Potentially Unwanted Programs is well known. It aggressively detects programs that it considers as unwanted and quarantines them and asks its users if they want to remove it. In the bargain, it has started identifying several programs, some even from large vendors as PUPs. The latest program to be identified by Malwarebytes as a PUP is Advanced SystemCare 10.

Malwarebytes is a popular antimalware software that protects computers against malware, ransomware, and other online threats. Since recently, Malwarebytes has decided to take an aggressive stand against all such software that it considers to be potentially unwanted. It has also laid down the criteria on the basis of which it classifies a software as a Potentially Unwanted Program, and quarantines such software. There is transparency in this case, and aggrieved software developers have the option to submit their case for reconsideration.

Malwarebytes Potentially Unwanted Programs PUP

 

Malwarebytes’ aggressive stand on PUPs

Recently, a user of Advance SystemCare 10 mentioned on their forum,

“Today my Malwarebytes Premium decided to quarantine ASC as a PUP and put all 526+ files into its quarantine area? I have restored them but why is it seeing ADS as potential damaging PUPs?”

Another user reported,

“MBAM Premium did the same thing to my ASC Pro yesterday. I had to restore over ASC files then rescan and tell MBAM to ignore all files in the future. This is crazy!”

Several other users have mentioned similar issues on the same forum.

Advanced SystemCare 10 is not the only program that has been detected as a threat by Malwarebytes. Some users have reported that some popular software by Auslogics are also detected as PUPs. One of the Auslogics product users reported on Dell Community,

“Auslogics Disk Defragmenter is included among the programs being detected… it is NOT a “False Positive” on MBAM’s part. I had “frozen” my Auslogics Disk Defragger program a few years ago (i.e., I intentionally haven’t updated it since then), so it’s possible that the newer/modern objections don’t apply to mine. Regardless, since it’s a program I want and use, I am instructing MBAM to allow/ignore it.”

Another program that was detected as a threat by Malwarebytes earlier was Baidu Antivirus. Baidu itself is an antivirus program; so it was quite a shock when one antivirus program had detected antivirus as a threat. Few users had reported this issue on our forum last year. One of the Baidu users had reported:

“Baidu antivirus addition, I have installed several computers Malwarebytes antimalware and recently detected a threat. But I put it down to make it detects a scanner that after cleaning and rebooting, reappears. It may be a false threat, but for testing whether Baidu and nothing else, I’ve uninstalled Baidu and these threats no longer appear, I have reinstalled and reappear.”

Posted a use of Wise Cleaner on a security forum:

I ran MalwareBytes AntiMalware (free) last night for a complete scan and guess what? It detected Wise Registry Cleaner (free) as PUP (I think 10 entries including dll, exe etc files) and when I click to remove them Wise Registry Cleaner just disappeared from my desktop. After the scan I have to re-install Wise Registry Cleaner again.

In response to questions by users about why Malwarebytes was flagging PCPitstop as a PUP, their forum administrator said:

The folks at Malwarebytes decided to flag our products as PUPs (Potentially Unwanted Programs) and their scans are removing our products. After reaching out to them, they made it clear that they are not interested in altering their database, so we have no choice but to remove them from any of our systems that are running both programs.

Seeing this stand of PCPitstop, will we see a future where competing security products starting flagging the other as PUPs?

PCPitstop clarifying its stand on this issue said:

Given the weak rationale behind the concerns outlined here and the fact that similar products are not labeled as PUP/PUA – we are lead to believe that the Malwarebytes classification of our products was actually motivated by our recent article that noted the AV-Comparatives test that highlighted poor detection rates for Malwarebytes.

Update:. It seems that Malwarebytes classification of PCMatic as a PUP has been resolved.

It is clear that Malwarebytes has upped the ante against what it considers as Potentially Unwanted Programs. In the list are included some software and/or installers from reputed companies like CyberGhost VPN too. If a user is sure that the software is safe and wants to continue using it, he/she will have to add the program to their Whitelist.

Since Malwarebytes quarantines programs it considers as PUPs, users are advised to check the list of threats detected by it before deleting anything. It could be that one of your useful programs was identified as a PUP and rendered useless by it.

Read: How to add Program to Malwarebytes Exclusion List.

I personally use Malwarebytes Free as a second opinion anti-malware scanner as it is good, but I always closely take a look at its detections very carefully, lest I end up quarantining or removing a legit program, due to it identifying it as a PUP or perhaps throwing up a false positive.

If you are a Malwarebytes user, what do you think of this aggressive stance by the antivirus? If you have found one of your programs identified as a PUP, what have you chosen to do? Remove it or Whitelist it and continue using the software. Do share your views.

Thanks for the heads up @PaulStreeting.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

45 Comments

  1. Bob

    Malwarebytes…overrated bloatware at best.

  2. Paul Streeting

    Malwarebytes seem to forget that they are not the only player in the market and I suspect many will now be looking for other alternatives. Kaspersky offers as good, etc.

  3. David Pearce

    bs, you don’t know what the hell ya talking about, try nortons, now thats bloatware

  4. MBAM is dying out, so they are just desperately trying to boost detection rate somehow.
    Zemana Antimalware is currently the top horse, until someone else comes along again.

  5. chad

    Malwarebytes has flagged both auslogics and ASC on my computer as ‘Pups’…I think it’s time to flag Malwarebytes itself as a ‘Pup’ !

  6. Bob

    I have a MS degree from MIT that guarantees that I know more about it than you do…lol

  7. Michael V.

    MBAM is great. Thank god we have companies like MBAM with balls enough to call out vendors that put adware and other crap on our systems. There is no conspiracy theory here. All a vendor has to do to get off MBAMs PuP list is stop putting crap on people’s computers.

  8. Paul Streeting

    Problem doing that is would we have any free versions of software left for those who can not afford the cost of commercial versions? In MBAM they try to flog users the paid version. Isn’t that a PUP too yet they expect users to allow that?

  9. Michael V.

    PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants. A periodic sales pitch from free software is not really like that (although it can be annoying). MBAM alerts you to the PuP… but you can still keep it if you desire. I tolerate the annoying tactics and ads to use the Driver Booster software. But Driver Booster is still not considered a PuP.

  10. MmeMoxie - ? Cert. Deplorable

    I have used MBAM for many years and will continue to do so. I know when it quarantines a PUP how to check it out and either delete it or not. I don’t see that being a problem. However, I have been using a small program called Unchecky and its job is to “uncheck” those unwanted extras that frequently come with free programs. Now, in all honesty, unwanted extras come with a lot of paid programs these days.

    Unchecky is a free program and works great. I don’t get a lot of PUPs in MBAM’s Quarantine since I have been using Unchecky. There is one game manager IWin, where I have some games that I have purchased, that MBAM will always put in the quarantine area. I know this and have learned to bypass this with my “approval”, meaning to restore and ignore them. I personally think that Unchecky has saved me a lot of time and energy with eliminating unwanted programs.

  11. Paul Streeting

    I like Unchecky too and have put it onto computers of older users that I help learn tech. All too often tick boxes for unwanted add-ons are hidden away and many older users miss them. This free small app’ does help.

  12. Paul Streeting

    That’s what I find a bit odd. Driver Booster is a good program from 10bit and used by techies to help track down unknown drivers on older computers. With their Advance System Care however they do try to plug their own Malware program and I am left wondering if this is part the reason MBAM is not liking it? Commercial rivals maybe? Personally I stay clear of the 10bit malware program but that is choice. I tried it on a test machine for a while and wasn’t keen on it.

  13. Kimi

    What I dont like is that it also returns my custom host file as malware.

  14. MmeMoxie - ? Cert. Deplorable

    I agree that Unchecky is great for the computer illiterate. It also saves time and energy for savvy computer users. I know that I have missed some of the “malware and iffy programs” when installing a new or older program. The one that I honestly dislike is the “add the Bing” to whatever you are installing. Sorry, I am not a big fan of Bing. I guess I am just use to using Google and my favorite DuckDuckGo! DDG is what the busy computer user wants to have – NO ads or garbage with DDG.

  15. JMJsquared

    With all due respect to the author and to many of the commenters moaning about MWB’s detection scheme: It is a complete non-issue because you can set MWB to simply “Warn the User” rather than to automatically quarantine the suspected application.

    It’s like complaining that your phone’s ringing scares you because it is too loud. Turn the damn thing down and let’s talk about something real.

  16. Paul Streeting

    That is OK for those who understand basics of software but sadly many using computers these days fail to learn the basics. I have helped teach people in their 70’s-80’s and it is frightening how many don’t even have basic security software running. Most users will just leave everything set to basics

    I have put MWB onto several computers as a 2nd line of defence and it has helped, till now and now seems to flag up more and more good reputable software. Don’t assume that everyone is good at understanding tech.
    I still see too many using Windows XP doing on-line banking on old computers and no anti-virus running.

  17. Hi there 🙂 I am not moaning. I merely stated facts as I saw them in as balanced a way as I could. And yes, you can set it to – Ignore Detections, Warn User, Treat PUPs as malware.

  18. Widgetsdaddy

    It’s a pity that you didn’t learn how to correctly construct a sentence in English whilst you were steeping yourself in technological academia.

  19. Bob

    You do know this is the internet,not English class…right?

  20. JMJsquared

    Hello Anand,

    I know that it is difficult to come up with interesting topics every day that will capture your readers’/browsers’ attention and, that, one way to do it is to use sensational headlines.

    I believe that is what you chose to do with this article’s headline.

    The entire “false-positive” issue with all malware-type-detection software (including WOT, AdBlocker, et al) will always be with us. It is inherent in what the detection software is designed to do. Therefore, IMO, to headline Malwarebyte’s as “harden[ing] its stand against Potentially Unwanted Programs”, while eye-catching and provocative, is somewhat misleading, unfair, and a disservice to the less tech-savvy among us, to whom @Paul Streeting refers. Those more-tech-savvy among us (loyal and appreciative readers), will tend not to over-react (if,at all) to the gravamen of this article.

    Further, IMHO, Malwarebytes may actually be doing a good thing in “forcing” the less-savvy computer user to become more cognizant of what programs, like registry cleaners, system tweakers and ‘niche’ anti-virus applications, actually do.

    In any event, alarming folks about “false positives” is creating a tempest in a teapot.

    Now, pardon me: I must go back to reading your article for today. 🙂

    –JMJ

  21. JMJsquared

    Gee! Let me join the troll parade… 🙂

    … even though Malwarebytes HAS, INDEED, become overly large and a HUGE resources hog that, at times — while NOT actively scanning anything– consumes more than a gigabyte of memory (Private Working Set, at that) on my Windows 7 x64 rig. In addition to its slowing my computers, that’s why, despite having lifetime licenses for the pro version, I do not run MWB except for updates and monthly full-scans.

    Now, on to the trolling:
    – Split infinitive: “…to correctly construct…” becomes “to construct….”
    – Readability: “a sentence in English” becomes “an English sentence”.

  22. Kim

    You do realize that you are the only one trolling here, don’t you?

  23. JMJsquared

    I didn’t think so before and, now, am absolutely sure.

  24. seafogvictor

    What? I have the new malewarebytes 3.0.6, which contains malewarebytes, anti exploit, & ransomware on a 64 bit windows 10 pc. Right now its using 0 -0.2% of the cpu and a whopping 44.9 MB of memory. With 12 windows open from 2 browsers, mail, and vlc player running Yeah its a real resource hog. The scan on the new product went from about 2 minutes to maybe 30 seconds.

  25. seafogvictor

    Just add the software to exclusion list if you feel its safe enough. All of the sudden I got PUP detection pop ups with many cam which I’ve used for yrs. Took seconds to add it to exclusions in settings. My version of many cam isn’t the free program its a paid version so the PUP detection covers more than the free software. No more problems.

  26. JMJsquared

    Yup. I spotted that level of memory usage several times and the figure is accurate. It was noticed only because I run PCWinTech’s CleanMem on all my machines and it alerted me to that high usage before flushing, with no noticeable side-effects, BTW. I, too, run MWB 3.0 .6 Premium, which includes all the free modules you mention.

    From time-to-time, I’ve also noted very high (700+ MB) memory usage by Zemana Antimalware (ZAM), even with its Cloud module disabled.

    MWB and ZAM go (and, for the foreseeable future, will go) on all my Internet-facing desktop/laptop machines.

    I appreciate your letting me know your experience. I thought my memory usage abnormally high but have not been able to track down any problems with my carefully maintained machines. Now, I will look again.

    Thanks. 🙂

  27. Rocky

    Malwarebytes has killed my ASC program, so I will think it over if I should kill my Malwarebytes as a revenge, there properly other programs on the marked that could protect my PC.

  28. Paul Streeting

    There are other alternatives and more coming on the market every week. I have always found ASC a good program despite it’s PUP’s but almost every software company stick them in to try sell paid versions of their software. Even MBAM sticks it’s own it which nags users of the free version to pay for the pro version. Seem MBAM forgets we are customers and if we don’t like their products we just find alternatives in a growing market..

  29. BigL

    Actually i do not care if these programs are targeted… if i know a tool and trust it i simply whitelist it.
    And if the program/app downloaded from somewhere other than the products homepage, im better save than sorry

  30. JMJsquared

    I agree completely. Even the venerable Malwarebytes, since becoming a commercial rather than a free product, has become more ‘glitzy’ in appearance and opaque in its functioning. For example, precisely how does its anti-ransomware module work under-the-hood? I have yet to learn the definitive answer.

    Anyway, when it comes to the rapidly- and ever-shifting security environment, I learn what I can and then, simply, lower my chin and proceed with caution.

  31. JMJsquared

    Me to.

  32. Raptor Jesus

    I have been running the purchased version of Malwarebytes for years. Today it wiped out my purchased, installed, registry cleaner of choice – IOBIT Advanced Systemcare.

    I don’t believe this is an accident – I believe they are attacking what they see as ‘competition’ in the anti-malware market.

    Not acceptable. They’re lost me as a customer for good.

    Anyone have a recommendation for a replacement for MWB?

  33. Paul Streeting

    There are a few more alternatives about now to Malwarebytes. I think what you said is partly true and 10bit/Malwarebytes did have some dispute some years ago. I have used 10bit and many pro’s use their Driver Booster for finding drivers much easy. Maybe Malwarebytes are getting worried on the pro version of 10bit Malware Fighter Pro?

  34. Raptor Jesus

    I installed Zemana last night and so far so good. MWB doesn’t get another penny from me.

  35. Carol Szlachta

    Keep it and just carefully check what the PUPs are…..then just uncheck them if you want to keep. I think it also gives you the option to “whitelist” it so it does not happen again. I love Mwbs
    and will keep on using it.

  36. Kathleen Dombrowski

    At present MBAM is in US Fed. Court over the Enigma Lawsuit. Since it’s inception in 2008 I have used MBAM free from time to time to detect PUP’s . Things changed in Oct. 2016 when MBAM became more aggressive and as of Dec. 4, 2016 their False Positives have turned into bullying. I have used Auslogic’s Disk Defrag for years and now MBAM recognizes that as a PUP and also Zookaware. It is impossible to contact them. If you do not have a good standalone uninstaller it’s also hard to remove. The forums of top PC people are alive with complaints. This has turned into a very clear case of Competitor Bashing.

  37. Paul Hill

    Recently I ran Malware Bytes and found PUP in the form of Advanced System Care 10, and deleted the files, but when I went to use ASC10 it had completely disappeared from my desktop. Before I run it again, I will go into the program and set it not to identify my cleaners as PUPs as they are legitimate and free from viruses, and other threats, as it was yesterday I did a thorough scan of my computer using McAfee Security from my provider BT I reinstalled ASC10 which I thankfully kept in my downloads folder.

  38. Paul Hill

    McAfee Security from BT is overbloated and takes many hours to fully scan all my files on both hard drives – must have a clean up and back up what I don’t need, but it took more than 12 hours to run the full check up. But at least I could do other things on the pc while it was running – but for 12 hours to do 2 hard drives is a bit much to say the least. More often than not I run a quick scan of the main areas of the pc.

  39. Paul Hill

    Just added my utility folders to the exclusion list so I don’t fall into the same trap again !

  40. JMJsquared

    Thanks for the info. Interestingly, when I went to learn more about your “tip” and followed the first link in a Google search, WOT flagged Enigma’s website as dangerous. Enigma are the same guys who are suing BleepingComputer. Are they falsely maligned or just serial litigators?

  41. Kathleen Dombrowski

    Answering your question, I think they are mad because nobody likes their product. That said, back when this all started with MBAM they were the very 1st. to so aggressively attack their competition. It really lit up the forums. It all boils down to Competitor Bashing. Every legit (I use that loosely) program they identify as a PUP is their competition for a market share of the Big Bucks. PS I know I overly used the C. word.

  42. I’m frankly not surprised that Malwarebytes is now flagging Advanced SystemCare and PCMatic as potentially unwanted programs (PUPs), because I DELETED both of those programs from my computer — ASC for being ineffective and PCMatic for being too aggressive (The latter kept flagging as PUPs software vital to the smooth operation of Windows — even repeatedly quarantining part of ASC!).

    So last year, I dumped ASC in favor of Glary Utilities and replaced PCMatic with Webroot SecureAnywhere. No conflict with MBAM to date.

  43. Paul Streeting

    Malwarebytes now has a problem with v1703 (Windows 10 Creators update)! I found it crashing explorer.exe excessively. Soon as I uninstalled Malwarebytes no problems.
    They say they know that there is a problem with the latest version of Windows 10. I am getting very fed up like many others with having brought a program from Malwarebytes that I have to keep tweaking to get even working only to find then more problems with it.
    Malwarebytes even tries to take over control of Windows Defender! Leaving users at risk. It does the same with Avast/AVG too.
    One user of Malwarebytes was even told by the company to go back to using the old version v2..! What is going wrong at Malwarebytes…?

  44. Rob

    The frustrating thing is it’s not like software companies just found out about 1703. They should have been testing with this from the get-go to ensure a smooth installation. The Windows upgrade is enough of an adventure without wondering what third-party software is going to go belly-up. I’m a Malwarebytes version 3 customer; thanks for the heads-up.

  45. Monique

    Today it blocked one of my SnagIt files; I had to white list it. I hope I did the right thing.

Leave a Reply

Your email address will not be published. Required fields are marked *


6 + 1 =