Those who have the latest "Malwarebytes" v3.0.6 installed will encounter this issue upon installing an update to "A1 Sitemap Generator".



Since the "sitemap-setup.tmp" file is (incorrectly) detected by Malwarebytes as Ransomware and automatically quarantined, the update to A1 Sitemap Generator therefore does not complete properly.

The solution I found was to "Quit Malwarebytes" (right-click icon in taskbar) and then run the "sitemap-setup.exe" file once again. The install routine will complete properly, as usual. Then you can load Malwarebytes again and run latest version of A1 Sitemap Generator without issue.

Thank you for reporting this - we will report the false positive to Malwarebytes

Relevant pages seem to be:

https://support.malwarebytes.com/customer/portal/articles/1835387-how-do-i-report-a-false-positive-found-using-malwarebytes-anti-malware-for-business-?b_id=6442

https://forums.malwarebytes.com/forum/42-file-detections/

https://www.malwarebytes.com/support/business/#techhelp

Do please also feel free to submit a false positive / bug report to them if possible.

---

I have submitted the case here:
https://forums.malwarebytes.com/topic/196634-program-or-installer-detected-as-ransomware/

And an additional question here:
https://forums.malwarebytes.com/topic/196850-getting-log-of-runtime-detection/

And another additional question here:
https://forums.malwarebytes.com/topic/196854-if-somehing-is-reported-as-ransomware-is-that-the-same-as-a-pup/

Quote
We found out from a customer that when installing the current version of A1 Sitemap Generator - one of the temporary files generated during installation is flagged and quarantined (sitemap-setup.tmp)

Starting mbam.exe with /developer command line does not help much as the false positive is not reported when doing a right click scan.

(And I have been unable to find any log by mbam after the quarantine during the installation.)


You can download the tool from here
http://www.microsystools.com/products/sitemap-generator/


You can find latest report by virus total report

URL (0 / 64)
https://www.virustotal.com/en/url/05bd8f7aa4017f809a984b73ea8cc83b0b8691088dcfdd6488ca76783c57a02d/analysis/1487695458/

Download (0 / 58)
https://www.virustotal.com/en/file/a683208a09a8ff6415a5530f09437d313c6fe749d0586818f57ae9e9e7110852/analysis/1487695464/


For reference:

The installer + all the executables are signed.

• Executables are created in Delphi 2007 to Delphi XE2
• 3 executables are included installed during installation.
• The "best" depending on OS and 32/64bit is then selected as default sitemap.exe during installation which the desktop shortcuts etc.
• Installer is InnoSetup.

If I can get logging working, I will be happy to report that.

Below the above, I have also posted a copy of the report you posted here including the work-around.

Update:
A full week in - and no response related to the false detection whatsoever. Have now posted in another more used subforum for false positives:
https://forums.malwarebytes.com/topic/197002-realtime-scanner-detects-my-software-during-installation-as-ransomware-if-first-installed-no-problem/

After posting in the other subforum - the problem was fixed very quickly by Malwarebytes

So problem has been solved

(just update to newest version / newest definitions)