

You can find the log here: C:\ProgramData\Malwarebytes\MBAMService\LOGSġ0/10/17 " 18:30:42.276" 149347385 05e4 0cf4 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 1056 "Received threat detection callback from ARW SDK, ObjectPath=C:\Program Files\digiKam\digikam.exe, Sha256Hash=91687d294705a92a9d234a49c1f3942b01e3eb04dfba37ace4f70f567c681340"ġ0/10/17 " 18:30:42.982" 149348103 05e4 0cf4 ERROR HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 297 "HTTP request failed, status code: 502"ġ0/10/17 " 18:30:42.982" 149348103 05e4 0cf4 ERROR CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 398 "Error code 502 returned in PUT to Hubble"ġ0/10/17 " 18:30:42.984" 149348103 05e4 0cf4 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 248 "White list status (not cached): File 'C:\Program Files\digiKam\digikam.exe' => Hubble:Error"ġ0/10/17 " 18:30:43.011" 149348118 05e4 0cf4 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 1081 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. Mind to zip and attach the MBAMService.LOG file as well, this so I can have a look what exactly happened in your case.

* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) * You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files." and browse to the file you want to exclude.

* Then, select "Exclude a File or Folder" (this should be prechecked already by default) * Below, click the button: "Add Exclusion" * To add the exclusion, open Malwarebytes > Settings > Exclusions tab What you can do in this case is, create an exclusion in Malwarebytes for this file. So that's where malwarebytes makes the "better safe than sorry" decision and kills the process, just in case it's ransomware indeed. This happens in some cases when there's a problem with connecting to the internet during the scan, as it can't finish additional checks on the file to make a final verdict. In your case, it seems it hasn't deleted the program/file (otherwise it would show in your unquarantine). It looks like it only killed the active process based upon suspicious activity (since the action you are describing - tagging JPG file - which is tampering with it, what Ransomware also does).
