mbam4ever
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mbam4ever
-
-
Just now, Aura said:
You could delete it, yes. What I want to investigate is if there's a key/entry in the Registry which tells Malwarebytes that a software update is pending installation. If there is, simply deleting the file won't do anything, as you would have to modify that key/entry as well.
Gotcha. Thanks.
-
1 minute ago, Aura said:
Probably because the update has already been downloaded, and is now pending install. I don't know where that setting is being controlled. I can investigate tonight if I have time.
That makes sense, no rush. I guess if I find the downloaded package I can simply nuke it?
I didn't have a positive experience with 3.0 and I want to give it more time to mature before I try it again.
-
Please explain.
I unchecked harassment box (prior to) and I still get harassed.
-
3 hours ago, bdubrow said:
Hi mbam4ever--
We actually already have this in the "Upgrading to Malwareybtes 3.0" post in the Malwarebytes 3.0 Frequently Asked Questions pinned topic -- see last item in that post
:
I stand corrected. It doesn't jump on the eyes but you are absolutely right.
(...)I have tried Malwarebytes 3.0 but want to go back to MBAM 2.2.1
If for whatever reason you want to downgrade to MBAM 2.2.1 and wait for a new version of 3.0, you can do so easily. Simply uninstall Malwarebytes 3.0, reboot and then download and install MBAM 2.2.1 from here. -
1 hour ago, Aura said:
Hi mbam4ever
Here it is:
https://support.malwarebytes.com/customer/portal/articles/1835314?b_id=6438
I don't think it is necessary for this to be added to the current Malwarebytes 3.0 FAQ, since it isn't related to 3.0 at all.
Edit: It could be added to the version 2.x FAQ though.
https://forums.malwarebytes.com/topic/187842-malwarebytes-anti-malware-v2x-faq/
Thanks - adding it to 2.X FAQ is a more than fair alternative.
-
1 hour ago, TempLost said:
(...) v 3 (when they eventually get the bugs out of it) promises to offer several layers of protection in addition to those in v 2. So it seems pretty much a no brainer - nothing to lose and perhaps much to gain by upgrading to V 3 (when they get the bugs out!).
^The gain in bugs got me back to 2.x... Nevermind running faster, I'll give another try to 3.x once it learned how to walk without falling
-
Hi there,
Having known and already reported issues with 3.0 I decided to revert back to 2.X
- I couldn't find the previous version on Malwarebytes site. If it's there... It's not obvious to find.
- Reverting back to 2.X was not a simple install over. I'm not backed up running 2.x and happy again.
Can you add to the 3.0 FAQ a download link to the last stable 2.x version and maybe a small description of the procedure to downgrade to 2.X?
Thanks
-
Add me to the list of affected users. :-(
Web Protection in the GUI stays at STARTING and never starts. Then Real-Time Protection Layers turned off shows up in the notification tray.
-
Thanks again for your reply.
I just noticed the advanced settings for EP
For now I tend to vote for EMET as the main exploit mitigation tool as it is more "time proven" (at least in term of stability)
I will use 3.0EP only for my browsers and see how it goes over time.
-
2 minutes ago, Durew said:
Hi mbam4ever,
Wether it is the best can be debated but, with the correct settings in EMET, 3.0EP and EMET can run together. (I'll try to find the forum link in a moment or post my own EMET settings). You just need to know what protection features for what process needs to be disabled.
If you have to choose between the two I'd go for 3.0EP as it offers a more layered approach then EMET.
Just for the record: neither EMET nor 3.0EP use signatures.
I hope this helped/will help. If you have any questions, please ask.
Regards,
DurewThanks for your reply Durew,
I know EMET and 3.0EP are not using signatures, that's why I used "Module" as even libraries could have been also confused with Signatures.
I'm curious to know more about how to run them both without conflicts. As of now EMET prevented launching every processes enabled in both EMET and 3.0EP.
I didn't research much about the levels of protection offered by 3.0EP. Its GUI only provide a single ON/OFF per process/programs. Compared to EMET that has a checkbox for every of the 14 types of attacks. EMET is more tweakable when it comes to misbehavior with a given process/program.
-
News flash...
EMET does not let me open WinWord when 3.0EP is enabled for WinWord. Disabling EP for winword solved the problem. Which partially answer my question. ie EP and EMET (option 3 above) is not a good idea at least when they are both monitoring the same processes.
I guess I will opt for the one that is updated the most often and includes more current attacks.
EMET is updated more or less once a year.
What about the Malwarebytes EP module? (I know malware signatures are updated almost everyday)
-
Hello guys,
Sorry if it's a repost, I searched the forum "Malwarebytes 3.0" for EMET and the search engine returned most of pre 3.0 results.
I'm a long time EMET user currently running 5.51, now that 3.0 comes with some sort of EP. I wonder. I had very little issues with EMET.
Since I installed 3.0 (yesterday) I now have EMET who wants to sends a report to MS. WinWord is not even running.
-<Exploit Code="7">
<App>C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE</App>
<Module>C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE</Module>
<Registers ESP="e2f3d0" EBP="e2f45c" EDI="e79a68" ESI="1" EDX="0" ECX="b0c78311" EBX="6df7f1c3" EAX="0"/>
(...)
</Exploit>So what's is the best bet for the better blend of performance, stability and security.
- 3.0EP without EMET
- EMET without 3.0EP
- or EMET + 3.0EP
I'm not a fan of running real time protection from different companies in parallel... Always a good recipe for conflict and instability.
-
I guess that One could be me... Thanks ;-)
-
Hi Guys,
Subject says it all. Thanks.
-
Hello,
I have been a very long time user of MBAM. I bought my lifetime license a while ago.
I'm running VMWARE on my main PC on which I dared to also activate a second instance of my single MBAM license. I know, I know 1 license... Two PCs, that's an official no go.
But up to 2.1.8 it never been a problem. Both instances were running "registered". After upgrading to 2.2 on the VM instance, the lincense police kicked in and reverted it to limited Free.
Well - OK... fair enough
On what based 2.2 is considering a license legit?
Do I have to I have to de-activate it and re-activate it?
When I bought my initial license, it was activated on a laptop that got stolen. I re-installed/re-Activated on the new/current PC using my printed records. So technically it is still activated on the stolen PC and on my current one.
I don't want to also lose the legit one so I still run 2.1.8 on my main PC.
Shame on me but what should I do?
-
Sorry for the missing log and extra work you had to do. From now on I will include /developer log
Many thanks for the blistering fast support.
-
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
Database version: v2013.01.21.09
Windows XP Service Pack 3 x86 NTFS
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
\Internet\Serv-U\ServUDaemon.exe (Backdoor.ServU) -> No action taken.
\Internet\Serv-U\ServUTray.exe (Trojan.Ransom.ANC) -> No action taken.
-
I've recently reported this FP providing a single exe sample.
The following signature update GREATLY improved the FP rate. Now only few of the EXEs are still flagged with trojan.banker
This time I've included all the exes (only 7 of them)
Many thanks for your quick response.
-
(oups no edit possible)
To be more precise - theses FP are on EXEs I compiled myself few years ago.
And here's the compiler options from the .cfg file
-$A8
-$B-
-$C+
-$D+
-$E-
-$F-
-$G+
-$H+
-$I+
-$J-
-$K-
-$L+
-$M-
-$N+
-$O+
-$P+
-$Q-
-$R-
-$S-
-$T-
-$U-
-$V+
-$W-
-$X+
-$YD
-$Z1
-cg
-AWinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE;
-H+
-W+
-M
-$M16384,1048576
-K$00400000
-LE"\program files\borland\delphi6\Projects\Bpl"
-LN"\program files\borland\delphi6\Projects\Bpl"
-
Hello,
Suject says it all...
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
Database version: v2013.01.19.06
Windows XP Service Pack 3 x86 NTFS
-
MBAM is currently the only one in VirusTotal to report.
(It was submitted for the first time few months ago, back then 5 other products reported something)
None of the 41 engines in metascan reported something.
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
Database version: v2012.12.29.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Protection: Disabled
2012-12-29 17:05:49
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 231797
Time elapsed: 7 second(s)
Files Detected: 1
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateDrv.exe (Trojan.Agent.Gen) -> No action taken. [25faaa3aa0bda294ab0cea7d49bae719]
:
Malwarebytes 2.2.1.1043 Upgrade Harassment
in Malwarebytes for Windows Support Forum
Posted · Edited by mbam4ever
LoL that's pure gold. I killed the new installation file once, I'll see how many times it comes back.
As far as toying with the registry... If there's a key that needs some manual tweaking. That's fine with me. I know what I'm doing.