itlifesaver

Members
  • Content count

    14
  • Joined

  • Last visited

About itlifesaver

  • Rank
    New Member
  1. Dell WLAN driver false positive

    Malwarebytes Business is destroying Dell wireless card drivers across various enterprises we manage. STOP THIS NOW!! 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour Quarantined HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Broadcom Wireless Manager UI 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE Dell.zip
  2. In our testing, we've found the keys only writable by the SYSTEM account, and workarounds to add or modify them pragmatically so far unsuccessful. If anyone comes up with an automated solution to add these settings we'd love to know about it!
  3. Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths] @="" "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes] @="" "mbam.exe"=dword:00000000 "mbamgui.exe"=dword:00000000 "mbamservice.exe"=dword:00000000 "mbamscheduler.exe"=dword:00000000 "mbamapi.exe"=dword:00000000 "mbamdor.exe"=dword:00000000 "mbae.exe"=dword:00000000 "mbae-svc.exe"=dword:00000000 "mbae-cli.exe"=dword:00000000 "SCComm.exe"=dword:00000000
  4. It only seems to be Windows 7 (64 bit? unconfirmed, but all ours were) effected, we did not get any calls from clients with Windows 10 and MBAM complaining. It happens after MSE updates to the latest definition. PC must have MBAM installed, in our case it is MBAM Business. It slows down and eventually locks up the PC. It appears to be a memory leak type issue, and/or a CPU utilization, or some other OS resource exhaustion. The PC eventually becomes unusable and unresponsive. You can see many event log messages with "fault bucket" and talking about the MSE process. Perhaps MBAM is killing or disrupting the MSE scanning? Booting into safe mode (or before the PC crashes) and disabling MSE real time scanning works around the issue. As does removing MBAM. It is definitely a conflict between the two.
  5. Agreed. There is a major issue between a definition update MSE received this morning and MBAM / MBAE. Computers are freezing, locking up, cannot be used, stuck, etc. Please help, this issue is progressing as the day continues! Others on reddit reporting the same: https://www.reddit.com/r/sysadmin/comments/5dmpri/anyone_having_lots_of_pcs_freeze_this_morning/