itlifesaver

Members
  • Content count

    14
  • Joined

  • Last visited

About itlifesaver

  • Rank
    New Member
  1. Malwarebytes Business is destroying Dell wireless card drivers across various enterprises we manage. STOP THIS NOW!! 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour Quarantined HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Broadcom Wireless Manager UI 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE Dell.zip
  2. In our testing, we've found the keys only writable by the SYSTEM account, and workarounds to add or modify them pragmatically so far unsuccessful. If anyone comes up with an automated solution to add these settings we'd love to know about it!
  3. Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths] @="" "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes] @="" "mbam.exe"=dword:00000000 "mbamgui.exe"=dword:00000000 "mbamservice.exe"=dword:00000000 "mbamscheduler.exe"=dword:00000000 "mbamapi.exe"=dword:00000000 "mbamdor.exe"=dword:00000000 "mbae.exe"=dword:00000000 "mbae-svc.exe"=dword:00000000 "mbae-cli.exe"=dword:00000000 "SCComm.exe"=dword:00000000
  4. It only seems to be Windows 7 (64 bit? unconfirmed, but all ours were) effected, we did not get any calls from clients with Windows 10 and MBAM complaining. It happens after MSE updates to the latest definition. PC must have MBAM installed, in our case it is MBAM Business. It slows down and eventually locks up the PC. It appears to be a memory leak type issue, and/or a CPU utilization, or some other OS resource exhaustion. The PC eventually becomes unusable and unresponsive. You can see many event log messages with "fault bucket" and talking about the MSE process. Perhaps MBAM is killing or disrupting the MSE scanning? Booting into safe mode (or before the PC crashes) and disabling MSE real time scanning works around the issue. As does removing MBAM. It is definitely a conflict between the two.
  5. Agreed. There is a major issue between a definition update MSE received this morning and MBAM / MBAE. Computers are freezing, locking up, cannot be used, stuck, etc. Please help, this issue is progressing as the day continues! Others on reddit reporting the same: https://www.reddit.com/r/sysadmin/comments/5dmpri/anyone_having_lots_of_pcs_freeze_this_morning/
  6. Zero response from Malwarebytes sales or support so far. We were able to find the license email, it was emailed to an ex-employee's inbox. I don't know why they had to change their license code structure and break it, it should have just renewed as it has in previous years. I can't believe they'd release an update that would false positive on an important OS file, you'd think they would do a simple QA scan against a folder full of known good OS files before releasing to the wild and causing OS damage and systems not to boot. Very poor support from an otherwise good product.
  7. Active 160 seat enterprise license here too. Just paid renewal last month.
  8. Add me to the chaos, compounded by the fact that apparently our license key changed when we renewed and added more PCs and we're effectively locked out of the console so we can't just ignore the file. No response from Malwarebytes sales or support.
  9. We're locked out of our admin console because we added a bunch more PC licenses and apparently the licenses key changed and we can't get any response from Malwarebytes sales or support. Sigh.
  10. users are quarantining and it either locks up Windows 7 or renders the PC unbootable.