tetonbob

😂 Great punchline.

You're quite welcome!

Hi @Amaroq_Starwind- For the Anti-Rootkit Beta, you could, but there would be limited value in doing so. The only occasions where it might be useful is with specific infections which prevent Malwarebytes for Windows from running. For those situations, we have a special version as shown in this help topic https://support.malwarebytes.com/docs/DOC-1267 That only works on some specific rootkits though. This won't help for many of the most recent variants the SmartService rootkit. Basically, using MBAR is not necessary if you have Malwarebytes for Windows. For the question about Anti-Exploit, I think you'd be better off asking in the Anti-Exploit subforum.

You should see "Component package version: 1.0.505" on the About tab if the latest Beta CU was applied

Thanks for the feedback, @Max-H!

Hi @Fatou- Is this your first time running Malwarebytes Anti-Ransomware Beta? Or did you upgrade a previous installation? I wonder if there's another security product onboard potentially conflicting and preventing the MB3Service.exe from launching the tray (mbarw.exe). Let's get some logs, please Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Hi @ingber- Yes, please do deactivate the licenses before you reset the machines and decommission them. You can deactivate the license by using either of the methods outlined in this Knowledge Base Article: https://support.malwarebytes.com/docs/DOC-1037 You can always download the latest Malwarebytes for Windows installer file here: https://downloads.malwarebytes.com/file/mb3/ Further details are available in this Knowledge Base Article: https://support.malwarebytes.com/docs/DOC-1141

Hi @Scott_M - this file should no longer be detected, as long as the Malwarebytes client is allowed to reach our whitelisting server "cleanAction" : "block", "cleanResult" : "successful", Note the "block" rather than "quarantine". When this happens, the file is temporarily prevented from running. A reboot releases that temporary hold on the file. This also means our whitelisting server could not be reached. You may want to add this file to local exclusions.

Hi @Scott_M- Can you please attach a copy of this log file? C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\87859174-e5e0-11e8-b634-544810ab2078.json

Great, thanks for your report, and your patience!

That's great to hear, Scott. Thanks for letting us know!

This should be fixed now, Update package version 1.0.7533 I'm no longer seeing the block. Please confirm, @PeterJ

"cleanAction" : "block", "cleanResult" : "successful", This means our whitelisting server could not be reached. I would suggest you add this file to your local exclusions. The version seems to be different from what was previously reported, but it is also whitelisted on our server side.

Hi @Electro300- thanks for confirming!

Greetings. Component package version 1.0.482 is now released. It includes a fix for this issue.