Jump to content

frozen

Members
  • Content Count

    240
  • Joined

  • Last visited

About frozen

  • Rank
    Advanced Member

Recent Profile Visitors

4,318 profile views
  1. It sure looks like there is an issue with MBAM Ransomware module since disabling it does not cause this behavior with the profile on the other partition. Even after updating MBAM with Ransomware enabled using the profile on another partition Firefox got shutdown. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/1/20 Protection Event Time: 2:17 PM Log File: 8cac3786-bbcf-11ea-81a1-90e6ba57cdd5.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.972 Update Package Version: 1.0.26255 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  2. Sigh this is getting old very quickly. Another Firefox update. This time I started FFox with a profile whose extensions are identical to the other other profile I normally use. I updated from 77.0.1 to 78.0.1 restarted FIrefox and everything seemed fine. Firefox was not squashed by Malwarebytes. Closed Firefox. Started it back up this time with my normal profile that is stored on another partition. Whamo Firefox was blocked from running. It was not quarantined but simply blocked. The shortcut on the desktop top would not work saying that I did not have sufficient rights. I closed MBAM and Firefox ran fine. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/1/20 Protection Event Time: 1:54 PM Log File: 39a305ae-bbcc-11ea-97fb-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26253 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  3. Like all the previous times before if Ransomware in MBAM is enabled and I start FF up with the profile stored on C:\ which has all the files from the problem profile Firefox is not quarantined/ affect by MBAM.
  4. Why is my notifications in MBAM say Thursday? It is still Wednesday here in Canada and this event at 7:23PM is me updating to Firefox 77.0.1. Also why is it saying it quarantined the threat when in fact there is noting in quarantine in MBAM?
  5. It is indeed Ransomware protection in MBAM that is causing this. I saw a new story that Firefox released 77.0.1 today so I checked via Help | About and Firefox downloaded the update and required me to restart. Up until this time Ransomware in MBAM was enabled yes enabled. Before I clicked on the button on the FF update screen to restart the browser I turned off Rasomware protection in MBAM and then allowed FF to restart. FF started up and ran fine. I close down FF went to MBAM and enabled Ransomware protection. MBAM said it had quarantined firefox.exe yet when I went to MBAM quarantined screen it showed no items in quarantine. I disabled Rasonmware in MBAM and was able to start FF up without any issues. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/3/20 Protection Event Time: 7:23 PM Log File: 9cb6fddc-a5f9-11ea-aa51-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24970 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  6. Before the update to Firefox version 77 aka 76.0.1 I had uninstalled MBAM and installed Anti-Ransomware. Quite frankly I can not remember whether during the time that I had Anti-Ransomware installed whether in fact FF actually had an update to it. Looking back at my prior posts here, I was able to run 76.0.1 profile on drive D:\ without issues with Anti-Ransomware. Then after running Anti-Ransonware for a while I went back to MBAM. When I ran the update from within Firefox 76.0.1 yesterday I was using the profile on D:\ and MBAM fully updated. MBAM did not flag FF 76.0.1 when FF started up and loaded. I was able to go to Help | About Firefox and click on update to version 77. Only after FF was updated and I restarted FF did MBAM start misbehaving and isolating FF exe. In the past when MBAM flagged FF as ransomware it quarantined it and I saw the firefox.exe in MBAM quarantine. Yesterday I saw no such behavior i.e. Firefox.exe did not show up in Quarantine. Firefox.exe was still showing up in its normal directory in Windows Explorer but i could not run it with MBAM running. When MBAM was shutdown Firefox ran fine via the same shortcut. Thing is Ransomware in MBAM was never disabled. If there is something in the profile then why is MBAM not flagging Firefox when I use the profile located on C:\ that has the files and subdirectories that are on the profile that is causing the issue on d:\ ? I am about to throw up my hands here. I never disabled Ransomware protection in MBAM. Just now I started Firefox 77 here this time using D:\ profile and MBAM did not quarantine it / isolate it like it was doing yesterday. I was able to go to websites etc. What the heck is going on here. Something is causing MBAM to flag Firefox but only when it updates. These updates to FF are always done via the D:\ profile and always done using Help | About process. Is there an issue with MBAM when running FF using a profile in a non standard profile location and doing an update to FF which after a couple of days fixes itself? Is it flagging some temp files used during the updating process using this particular D:\ profile configuration. I have no idea.
  7. Further update. When I closed down MBAM I was able to run firefox and the affected profile fine. So I had Firefox create a new test profile which by default is C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\randomGUIDdirectoryname . Then deleted all the files and folders in that randomGUIDdirectoryname folder and copied the contents from my Profile causing the issues from its folder on d:\ drive. I started MBAM up. I then started up Firefox and selected this new test profile and Firefox 77.0 ran fine. MBAM did NOT terminate it with malice. It seems that I can no longer store my profile over on D:\ drive if I want to use MBAM.
  8. Another Firefox update and another MBAM killing off Firefox. This time I even downloaded the Firefox 77 installer installed Firefox rebooted. When I started Firefox up I selected the default profile which is located on c:\ in the normal location. No problem. I closed Firefox down and started it back up again but this time I selected my normal profile which is store on D:\ drive in a different directory. Firefox loads displays the new tab page and them blam is terminated and MBAM said it quaratined Firefox. Yet when I check the Quartine there is nothing there. Detection history simply shows RTP detection on all three occasions when I attempted to run Firefox. First via the normal auto update and twice during a download and run the installer from Mozzilla. When I try to click on the shortcut on my desktop for Firefox I get the attached error message. When I go to C:\Program Files\Mozilla Firefox there is a 502KB Firefox.exe. What the heck is going on here I am getting fed up with this every time Firefox gets updated I have to deal with this. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/2/20 Protection Event Time: 11:29 AM Log File: 36944fb6-a4ee-11ea-8d34-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24906 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  9. Well I uninstalled Anti-Ransomware and reinstalled MBAM and activated it and of course like before Firefox works fine day to day. This flagging by MBAM is only occurring during the updating to new version for some reason.
  10. The reason I mentioned the Journals problem was that was the only folder that existed at the non conventional location and due to the path too long did not exist at the conventional location when I retested Firefox. Was wondering if something in Journals folder was what was causing MBAM to flag Firefox on updates.
  11. As I have not received any follow up from MBAM regarding this matter I wonder if I should leave Malwarebytes Anti-Ransomware beta installed on this computer or should I uninstall it and reinstall MBAM?
  12. I got MBAM beta protection enabled. Started Firefox 76.0.1 up this time using the problem profile which is on the D: partition that MBAM release version had issues flagging as generic Ransomware. MBAM beta did NOT flag or quarantine Firefox.
  13. One thing had happened the other day when I was copying my profile folder from the non conventional location to the normal directory. I got the following error message. I simply clicked on skip and allowed the copying process to continue. Firefox ran properly on c: in its default location. MBAM did not flag it. I am wondering if MBAM is flagging something in this Journals directory on my D: partition. Problem is that there are a fair number of subdirectories off the Journals directory.
  14. Uninstall MBAM after deactivating my license. Instaled the beta standalone which failed to activate. No place to enter my license either.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.