Jump to content

frozen

Honorary Members
  • Posts

    267
  • Joined

  • Last visited

Everything posted by frozen

  1. I am just glad I am not the only one seeing this behaviour. It was lonely here for the first 3 months
  2. Another Firefox update today. I started FIrefox using the profile that is stored on D: rather than the normal C: partition update came down via Help | About clicked on the restart Firefox after the update was applied and whamo Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/29/20 Protection Event Time: 9:52 AM Log File: 20da2f3a-d1ab-11ea-bcb0-90e6ba57cdd5.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27635 License: Premium -System Information- OS: Windows 10 (Build 18362.959) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end) The popup message said that it had blocked updater.exe. Started Firefox backup but this time using the Profile stored on C: drive and FIrefox was not blocked and showed that it was properly updated to version to version 79.0 I closed down FIrefox and started it up with the profile stored on D: drive and just let Firefox stay open there on the screen. Whamo: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/29/20 Protection Event Time: 10:04 AM Log File: cf88a218-d1ac-11ea-906f-90e6ba57cdd5.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27637 License: Premium -System Information- OS: Windows 10 (Build 18362.959) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end) I bet in a couple of days if I leave Firefox alone or at least not use it with the profile stored on D: that I will be able to start Firefox up and use the D: profile without any issues.
  3. It sure looks like there is an issue with MBAM Ransomware module since disabling it does not cause this behavior with the profile on the other partition. Even after updating MBAM with Ransomware enabled using the profile on another partition Firefox got shutdown. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/1/20 Protection Event Time: 2:17 PM Log File: 8cac3786-bbcf-11ea-81a1-90e6ba57cdd5.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.972 Update Package Version: 1.0.26255 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  4. Sigh this is getting old very quickly. Another Firefox update. This time I started FFox with a profile whose extensions are identical to the other other profile I normally use. I updated from 77.0.1 to 78.0.1 restarted FIrefox and everything seemed fine. Firefox was not squashed by Malwarebytes. Closed Firefox. Started it back up this time with my normal profile that is stored on another partition. Whamo Firefox was blocked from running. It was not quarantined but simply blocked. The shortcut on the desktop top would not work saying that I did not have sufficient rights. I closed MBAM and Firefox ran fine. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/1/20 Protection Event Time: 1:54 PM Log File: 39a305ae-bbcc-11ea-97fb-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26253 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  5. Like all the previous times before if Ransomware in MBAM is enabled and I start FF up with the profile stored on C:\ which has all the files from the problem profile Firefox is not quarantined/ affect by MBAM.
  6. Why is my notifications in MBAM say Thursday? It is still Wednesday here in Canada and this event at 7:23PM is me updating to Firefox 77.0.1. Also why is it saying it quarantined the threat when in fact there is noting in quarantine in MBAM?
  7. It is indeed Ransomware protection in MBAM that is causing this. I saw a new story that Firefox released 77.0.1 today so I checked via Help | About and Firefox downloaded the update and required me to restart. Up until this time Ransomware in MBAM was enabled yes enabled. Before I clicked on the button on the FF update screen to restart the browser I turned off Rasomware protection in MBAM and then allowed FF to restart. FF started up and ran fine. I close down FF went to MBAM and enabled Ransomware protection. MBAM said it had quarantined firefox.exe yet when I went to MBAM quarantined screen it showed no items in quarantine. I disabled Rasonmware in MBAM and was able to start FF up without any issues. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/3/20 Protection Event Time: 7:23 PM Log File: 9cb6fddc-a5f9-11ea-aa51-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24970 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  8. Before the update to Firefox version 77 aka 76.0.1 I had uninstalled MBAM and installed Anti-Ransomware. Quite frankly I can not remember whether during the time that I had Anti-Ransomware installed whether in fact FF actually had an update to it. Looking back at my prior posts here, I was able to run 76.0.1 profile on drive D:\ without issues with Anti-Ransomware. Then after running Anti-Ransonware for a while I went back to MBAM. When I ran the update from within Firefox 76.0.1 yesterday I was using the profile on D:\ and MBAM fully updated. MBAM did not flag FF 76.0.1 when FF started up and loaded. I was able to go to Help | About Firefox and click on update to version 77. Only after FF was updated and I restarted FF did MBAM start misbehaving and isolating FF exe. In the past when MBAM flagged FF as ransomware it quarantined it and I saw the firefox.exe in MBAM quarantine. Yesterday I saw no such behavior i.e. Firefox.exe did not show up in Quarantine. Firefox.exe was still showing up in its normal directory in Windows Explorer but i could not run it with MBAM running. When MBAM was shutdown Firefox ran fine via the same shortcut. Thing is Ransomware in MBAM was never disabled. If there is something in the profile then why is MBAM not flagging Firefox when I use the profile located on C:\ that has the files and subdirectories that are on the profile that is causing the issue on d:\ ? I am about to throw up my hands here. I never disabled Ransomware protection in MBAM. Just now I started Firefox 77 here this time using D:\ profile and MBAM did not quarantine it / isolate it like it was doing yesterday. I was able to go to websites etc. What the heck is going on here. Something is causing MBAM to flag Firefox but only when it updates. These updates to FF are always done via the D:\ profile and always done using Help | About process. Is there an issue with MBAM when running FF using a profile in a non standard profile location and doing an update to FF which after a couple of days fixes itself? Is it flagging some temp files used during the updating process using this particular D:\ profile configuration. I have no idea.
  9. Further update. When I closed down MBAM I was able to run firefox and the affected profile fine. So I had Firefox create a new test profile which by default is C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\randomGUIDdirectoryname . Then deleted all the files and folders in that randomGUIDdirectoryname folder and copied the contents from my Profile causing the issues from its folder on d:\ drive. I started MBAM up. I then started up Firefox and selected this new test profile and Firefox 77.0 ran fine. MBAM did NOT terminate it with malice. It seems that I can no longer store my profile over on D:\ drive if I want to use MBAM.
  10. Another Firefox update and another MBAM killing off Firefox. This time I even downloaded the Firefox 77 installer installed Firefox rebooted. When I started Firefox up I selected the default profile which is located on c:\ in the normal location. No problem. I closed Firefox down and started it back up again but this time I selected my normal profile which is store on D:\ drive in a different directory. Firefox loads displays the new tab page and them blam is terminated and MBAM said it quaratined Firefox. Yet when I check the Quartine there is nothing there. Detection history simply shows RTP detection on all three occasions when I attempted to run Firefox. First via the normal auto update and twice during a download and run the installer from Mozzilla. When I try to click on the shortcut on my desktop for Firefox I get the attached error message. When I go to C:\Program Files\Mozilla Firefox there is a 502KB Firefox.exe. What the heck is going on here I am getting fed up with this every time Firefox gets updated I have to deal with this. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/2/20 Protection Event Time: 11:29 AM Log File: 36944fb6-a4ee-11ea-8d34-90e6ba57cdd5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24906 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 0 (No malicious items detected) (end)
  11. Well I uninstalled Anti-Ransomware and reinstalled MBAM and activated it and of course like before Firefox works fine day to day. This flagging by MBAM is only occurring during the updating to new version for some reason.
  12. The reason I mentioned the Journals problem was that was the only folder that existed at the non conventional location and due to the path too long did not exist at the conventional location when I retested Firefox. Was wondering if something in Journals folder was what was causing MBAM to flag Firefox on updates.
  13. As I have not received any follow up from MBAM regarding this matter I wonder if I should leave Malwarebytes Anti-Ransomware beta installed on this computer or should I uninstall it and reinstall MBAM?
  14. I got MBAM beta protection enabled. Started Firefox 76.0.1 up this time using the problem profile which is on the D: partition that MBAM release version had issues flagging as generic Ransomware. MBAM beta did NOT flag or quarantine Firefox.
  15. One thing had happened the other day when I was copying my profile folder from the non conventional location to the normal directory. I got the following error message. I simply clicked on skip and allowed the copying process to continue. Firefox ran properly on c: in its default location. MBAM did not flag it. I am wondering if MBAM is flagging something in this Journals directory on my D: partition. Problem is that there are a fair number of subdirectories off the Journals directory.
  16. Uninstall MBAM after deactivating my license. Instaled the beta standalone which failed to activate. No place to enter my license either.
  17. Ok in order to see if I can narrow down what is causing this I did the following: 1) zipped up the profile folder for the prestine profile on C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\ that did not cause MBAM to quarantine Firefox. 2) renamed the pristine folder to a different name 3) copy my normal profile folder from D: to C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\ 4) renamed the profile folder so that it had the same name as the pristine folder originally had 5) started FIrefox up and selected the "pristine" profile which in fact was the same profile that was causing issues with MBAM 6) Firefox started up fine and MBAM did not flag it. It appears that Firefox is using a profile that is not being stored in C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\ and then you update Firefox to a new version via the About | Firefox click on download Update etc then MBAM for some reason is flagging Firefox.exe as Generic Ransomware.
  18. One thing with my regular Firefox profile that it is not stored where FIrefox normally stores the profile files aka C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\. Instead the profile is being stored on a different hard drive partition aka D: in a different folder altogether. If I start Firefox up with a prestine profile that is stored in the normal location then MBAM does not flag Firefox as malicious.
  19. Another Firefox update this one from 76.0 to 76.0.1 and MBAM is preventing Firefox from running at all. It is consistently quarantining it.
  20. They are but the update was being flagged as Ransomware during normal update process not once but twice. It was NOT being flagged when I did the latest test. Could MBAM of been flagging something in Firefox cache files that was not in the backup that I had used for the last test? I am grasping at straws here on what the heck was going on.
  21. I uninstalled Firefox 75. Restored a backup of a profile for FFox 74.0 which is the last version of Firefox that MBAM did not flag. I installed Firefox 74 started it up and checked for updates. It downloaded the update and applied it without issue.
  22. I tried that and when I installed the older version 73 of Firefox I was given this error message. I created a new profile and had no issues w MBAM.
  23. The thing is that prior to 74.0.1 the update procedure did not cause any issues and I am not using any new extensions in Firefox. I have disabled some of these extensions but the problem is hard to test since it requires Mozilla to push out an update for Firefox and I tell Firefox to update for the problem to show up. Disabling some of these extensions may show whether they are the cause of it but even if that is the case there is no way I could narrow down what extension is the issue.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.