darksim905

David - I'm pretty sure this was due to an e-mail phishing (if you could call it that...) where users would open attachments arbitrarily just because who it comes from seems important. The first time it happened, the user had already clicked on the attachment & I didn't see anything unusual on the machine. After the machine was infected, MalwareBytes picked up some things after the fact. It must've been a new variant -- I believe it's the same one I went you from my work address coincidentally. The second time, I believe the attack vector was the same, sad to say. Different user. The variant was different & I don't have a copy of the executable in question. I don't know how it got on their machine. As a safeguard from the previous time we blocked zip attachments at our spam filter level so I'm not quite sure how this one got through. It's disappointing, to say the least. In this case, I'm not sure how MalwareBytes active protection didn't do anything as, as soon as I disconnected the network jack on the computer, MalwareBytes flipped out & detected Cryptolocker. It's unusal to say the least.

Ron - Regarding scheduling in MalwareBytes - is there any advanced logging that can be turned on to determine if & when it runs, and why it fails? I use PDQ Inventory at my organization to run that update command across all of the machines in my organization & I've walked up to some machines & I see MalwareBytes complaining it's out of date by a few days, maybe more even though it's scheduled to update everyday. It's been an issue previously & MalwareBytes support wasn't really able to resolve it.

Hi, At $parentcompany, we've been hit by Cryptolocker a second time. MalwareBytes Pro seemed to recognize a lot of the files & remove them successfully & I was able to restore from backup without any issues. My issue is - why didn't MalwareBytes do anything to stop this in it's tracks? I know MalwareBytes is pretty good about blocking communication to outside IP Addresses from malicious, unknown, or suspicious executables; but both times I've been infected by this malware, it did no such thing. Is it due to the relevant executables that being MalwareBytes database, or does MalwareBytes block based on what IP address a program is talking to? I feel like this part of MalwareBytes needs some work, or perhaps some detailed explaining for those of us in a System Administrator role.

Thank you, this is exactly what I need to resolve my issue and look into it further.

Thank you for that. Is there anything in the build strings, version number, or about tabs to denote this different build? Thanks!

Was my post that poor? Could've sworn I read it over...

I was wondering if there are any distinct differences between MalwareBytes Free/Pro, versions MalwareBytes Corporate/MSP as far as user interface, license keys, and or icons. I sent a message to MalwareBytes with this question, but figured I would post here also in case anyone else is curious. I've allegedly heard from someone when you properly register the corporate version of MalwareBytes, the icons, and user-interface will turn blue (much similar to the enterprise version that was touted recently).