• Content count

  • Joined

  • Last visited


About pbust

  • Rank

Profile Information

  • Location

Recent Profile Visitors

108,527 profile views
  1. That's a hard block. You don't want to allow Word to perform those types of actions. Its one of the top 3 malspam infection vectors. The only way to allow it is to deactivate the Word shield, which we obviously don't recommend. Seems like the parent is Java. Could this be by some in-house or third-party application? If that's the case, I'd be having a conversation about basic security best practices with the vendor. I know this puts you between a rock and a hard place and am sorry for that, but unfortunately from our perspective allowing this type of Word behavior would practically equate to allowing our customers to become infected.
  2. Correct, network exploits like SMB/NetBios are outside the scope of MBAE. Btw IPS/IDS engines would also be blind to it at 0-day without a signature to apply to it.
  3. Sorry it took so long. The MB 3.1 beta has just been published here: https://forums.malwarebytes.com/topic/200230-new-beta-malwarebytes-3101716/ It includes the fix for the Office issue. FWIW I think you are all right. We've had a lot of issues in the past for how to deal with conflicts with betas and 3rd party software, but OTOH MSFT started throttling Win10 CU and MB3 should be compatible out of the gate. Let's keep it civil and thanks for keeping us honest.
  4. We're working through Microsoft Virus Initiative (MVI). As soon as we give them the build they'll point their support people to it.
  5. David, I can assure you we are giving this issue top priority.There are a couple of other big moving parts with the impending release of 3.1 which includes this fix and is almost code complete. As soon as we have the build we will post it here and release an automatic Component Update to the entire user base. Sorry for the problem this has caused all of you. It was triggered due to an unforeseen last minute change in the Win10 Creators Update. We have been in communication with Microsoft since the first time this was reported and are working with them on a daily basis to deploy the fix asap.
  6. We're two weeks away from the next scheduled release for MB3, but we'll be discussing an emergency AeSdk-only Component Update tomorrow. Please stand by and thanks for your patience.
  7. This is a false positive by Spyshelter. See if you can exclude MBAE from Spyshelter.
  8. Thanks! It is not unheard of for signature-based products to trigger on certain characteristics of an exploit mitigation product. But that's just it, another draw-back of failed attempts of using signature approaches to trying to detect exploits, like the vast majority of the traditional AV vendors do.
  9. We're in touch with Grammarly and hope to have a more permanent solution for our common customers soon. Please stay tuned.
  10. Hi, try this: https://forums.malwarebytes.com/forum/225-malwarebytes-incident-response-beta/
  11. Can you please post the MBAE logs? Instructions in my signature.
  12. Our Research Team has been monitoring this application for some time and has decided to add detection based on triggers against our PUP detection criteria. https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/ The detection is correct and not a false positive. We will continue monitoring this application and if we notice a change in the behavior we will review it again.
  13. Unfortunately this is the nature of our generic/signatureless remediation technology (i.e. linking engine) which finds malware artifacts related to the original detected malware/PUP. There are some PUPs that are very large in size and this is an unfortunate side effect. On the positive side, it allows us to be really good at malware remediation. We do have an internal project ongoing to takes a different approach that might solve this for PUPs, but that project is still in incubation.