[VPN Service installed without permission]

Couldn't find another topic to post to so I started a new one.

I notice MB installs the files MBVpnTunnel_mbtun.dll, MBVpnTunnel_wireguard.dll, and MBVpnTunnelService.exe even though I do not want to use the MB VPN that is being offered. I cannot remove them without getting into permissions and I suspect will be re-installed with a new version. I have disabled the service but still the idea of installing files that support services I don't want is annoying and intrusive.

Granted the files don't consume a lot of storage but the idea that companies can just install whatever stuff they want (MS is the worst) and consume my resources that I paid for without so much as a "please, may we?" is really rude behavior and not at all respecting of the customer.

Sorry - just a rant I suppose.

 

 

[Malwarebytes 5.0.15.93 more issues.]

I found my issue. Proxy Settings got turned on. I turned it off and I can update.

[Malwarebytes 5.0.15.93 more issues.]

I have 5.0.14.89. I can't find 5.0.15.93.

I try and run manual update and get the screen below.

 

[Samsung Magician 8.0]

I've had a similar experience as above. Even when I went back to 7.3 I couldn't get Samsung to run. I believe Samsung Magician is at fault. I have no way to prove this and I can't get any response from Samsung but when I uninstall MB and run SM and it still doesn't work I can only conclude Samsun software is buggy. 

[Samsung Magician 8.0]

I got the file from Samsung. I downloaded another file from another forum today and the MB problem went away. The app is still giving me troubles but it is not MB related. I'll go talk to Samsung and see what they have to say.  Thanks.  

[Samsung Magician 8.0]

I updated to Samsung Magician 8.0 (Windows 10 / updated MB).

I had a program blocked by MB and I'm not sure what I should do as I am unable to run Magician 8.0.

A scan did not reveal any problems.

Not sure of my next step.

Below is what I received.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/25/23
Protection Event Time: 6:53 AM
Log File: 28896c60-5b9a-11ee-a8bb-e0d55ee12a6f.json

-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2151
Update Package Version: 1.0.75631
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3448)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Start-Process -FilePath 'C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe' -WindowStyle hidden -Verb runAs, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Start-Process -FilePath 'C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe' -WindowStyle hidden -Verb runAs
URL:

[POP UP AD]

OK. Technically, you are correct. From a customer experience point of view it is a pop up reminder that MB is doing something. It is something that creates an impression or reminder of MB. So while not an ad in the sense it's trying to entice me to buy something it is a marketing technique to remind me of the company MB. Like product placement in a movie. Not direct advertising but it is something that reinforces brand awareness. In this case unsolicited.

I am already aware of my status and how protected I am. I configured it. I can look at a change log if I am intersted in changes. I elected not to care about backgrounds. From, my perspective it was an unwanted and unnecessary intrusion. It was unsolicited. Perhaps others welcome such notices. Don't care. Put an option in program that asks if the user wants to be notified of something. Then I can uncheck it and go about my business. Not have to stop my workflow and deal with a pop up. I want this program to operate quietly only notifying me of something potentially harmful and requiring a decision or an action on my part. 

[POP UP AD]

Yes. 

[POP UP AD]

I DON'T APPRECIATE YOUR POP UP ADS ON MY COMPUTER.

I ALREADY OWN YOUR PRODUCT.

I DON'T NEED YOUR ADS.

STOP IT.

[[ RESOLVED ] Event Viewer Code Integrity error]

When I uninstall Bonjour with Revo iMazing (iM) does not work with my iPhone / iPad. No problem. I don't use iM that often and when I do the install of the drivers is no big deal. I'll just make a note and uninstall Bonjour when I am done with iM.

I will remember to use the Malwarebytes uninstall tool instead of Revo. However, I do not plan to uninstall MB. It has served me well for the many years I have had it. I have been a user since the beginning (2011 or 2012). 

My questions are answered.

Thank you. 

 

[[ RESOLVED ] Event Viewer Code Integrity error]

I uninstalled Bonjour - the message went away - now I have to plug my phone in and see if imazing works. I always attempt to uninstall as opposed to deleting - I use Revo. 

[[ RESOLVED ] Event Viewer Code Integrity error]

I also have read that Bonjour is worthless. But I am ignorant of many things. I want to be able to take mp3 files and load them to my iPad / iPhone so when I travel I can listen to them. Itunes is a piece of junk on Windows. So I found iMazing which allows me to put my music on devices. It appeared to install Bonjour which I understood would allow me to connect to my devices. I will delete it and see what happens as I don't really want Bonjour but thought it was the only way to achieve what I want.

Thanks.

[[ RESOLVED ] Event Viewer Code Integrity error]

Well it's impractical for me to remove it. I have installed iMazing which allows me to communicate and manage my music on my iPad and iPhone. A different version of iTunes basically.  And it, of course, uses Bonjour.

So unless you think the error message represents something really bad I guess I will just live with it.

[[ RESOLVED ] Event Viewer Code Integrity error]

I was reviewing the Event Viewer logs and found the following message in the Code Integrity log (numerous occurences of this message).

I am not sure what, if anything, I should do.

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

I am running MB 4.5.19 and Windows 10 x64.

[False MS Office Positive with MBAE V 1.13 Build 424]

I was unaware that "Use expert system algorithms to identify malicious files" and Rootkit scanning should not be enabled as well" options should not be activated. If you aren't supposed to enable them why are they options?  

[update to MB 4.4.7.134 left wrong version in registry so SUMo flagged it]

Thank you.

[update to MB 4.4.7.134 left wrong version in registry so SUMo flagged it]

This is too much. I still don't know if I have an issue. I don't think so from what I can figure out. I just have to accept the fact that the numbers don't match for whatever reason. I don't have time to check all these numbers. I buy the product and simply expect it to be current so I can get on with my life with some degree of confidence. Just your typical consumer I guess.

[update to MB 4.4.7.134 left wrong version in registry so SUMo flagged it]

Why do I have to uninstall it? Why doesn't MB just fix it?

[Blocking 212.102.52.87]

I have been informed by PIA that this IP is associated with their VPN service. 

Below is their response.

I would prefer to error on the side of caution and if you feel this is a "bad" IP{ address I will not allow it.  

 

 

 

Thank you for contacting PIA Support.

We understand that you are having issues with Malwarebytes blocking PIA IPs. Rest assured that we are here to assist.

Due to two(2) of the protection systems found in Malware Bytes, it may sometimes interfere with the processes our VPN application requires to operate. To resolve this, please follow the below instructions: 

1. Right-click on the Malware Bytes icon in your system tray. 
2. Click on Malwarebytes Anti-Malware. 
3. Click the Settings icon at the top. 
4. Select the Detection and Protection menu on the left-hand side of the window. 
5. Click into the drop-down menu under the heading "PUP (Potentially Unwanted Program) detections," and select "Warn User About Detections."
6. Click into the drop-down menu under the heading "PUM (Potentially Unwanted Modification) detections," and select "Warn User About Detections." 

[Blocking 212.102.52.87]

I should have added I have Private Internet Access as well.  Sorry. 

[Blocking 212.102.52.87]

This is NOT a request for unblocking!

Lately, as I visit various sites MB pops up and blocks 212.102.52.87. This apparently is owned by a company called DataCamp in the UK.  Why is this site marked as malicious? 

Just curious. It is the only site that pops up regularly.  I don't have a problem with it. 

[Blocking DHCP]

I didn't see this as a MB Windows Firewall Control issue.  All the firewall is doing is reporting what's happening.  I'm not blocking DHCP on MB WFC. The variable is MB. When I allow an IP address on MB the firewall no longer reports the IP as blocked.  It reports it as allowed. 

My question is why is MB blocking a IP address that should be a private address.  

Or am I missing something?

[Blocking DHCP]

I have MB and MB Windows Firewall Control (MBWFC) installed.

I have two rules that allow DHCP to In / Out with no restraint.

When I look at the log in MBWFC it shows that DHCP IN is blocked. 

I go to MB and set an IP address to allow DHCP IN.

Later, looking at the log I see another IP address blocked.

The source IP is 10.0.0.243.

I have unblocked two Destination IPs.

10.12.240.131 and 10.18.187.230.

I have a feeling that I could be allowing IP addresses to be unblocked in MB for quite awhile.

I have no problems with the internet - everything is working.

I am curious to know if I am creating myself a problem or if I even have a problem.

I understand that IP addresses from 10.0.0.0 - 10.255.255.255 are local addresses and not accessible from the internet. 

I am using a VPN.

 

 

 

[Release 4.2.3.199]

Thanks...I wish Majorgeeks would be a little more clear on that.  

[Release 4.2.3.199]

On Nov 13 MajorGeeks (Official Mirror for Malwarebytes) showed that a new version of MB was available - 4.2.3.199.

I have looked everywhere on the MB forum for this release.  

I have not downloaded this "update" as I cannot verify it is a legitimate update - not even as a beta.

And I let MB decide when to update.

What's the story? I like MajorGeeks very much but I'm concerned that wrong information might exist.     

Thanks.