Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

6 Neutral


About pbust

  • Rank

Profile Information

  • Location

Recent Profile Visitors

114,656 profile views
  1. Depending on what your app is doing, you might also uncheck WMI abuse.
  2. Try unchecking it for browsers. Also, check under Advanced Settings -> App Behavior Protection and uncheck for Office VBA7 to see if that makes a difference. WARNING: You will be unchecking core protections which are actively abused by malware gangs.
  3. This is a block due to Malwarebytes system-hardening technique. The block should only happen when a page is visited that tries to load the vbscript.dll component. VBScript has been deprecated by Microsoft years ago. It is a gaping security hole and actively abused by web-based exploits and drive-by downloads. If you would like to take the risk (not recommended!) you can disable this hardening technique under the Advanced settings of Anti-Exploit, Application Hardening, "Prevent loading of VBScript Library".
  4. FWIW, .XYZ and .CLUB are fixed. We are still finetuning other gTLDs, so you might still see some aggressive gTLD blocks outside .XYZ and .CLUB. Over the next few days and weeks we'll tackle the rest of the gTLDs.
  5. Thanks for your productive criticism. When I said "completely" above, refers to the problem of near-blanket gTLD blocking, not distinguishing all good from all bad.
  6. We're targeting Monday or Tuesday next week.
  7. As a stop-gap measure, we have implemented an initial whitelist which went live a few minutes ago. We are implementing further mitigating measures and new logic in the next few hours and days which should completely solve the problem.
  8. Like I said above, the Malwarebytes product does not detect the file. The VT detection is irrelevant because those are heuristics and techniques not activated in the product.
  9. It's not a cache issue and it's not possible to do this on a case by case basis. VT scans millions of files per day. Btw, the same thing will happen with most other scanners in VT.
  10. Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal. This file has been whitelisted for our commercial products and it is not detected anymore.
  11. Really sorry for the late reply here. I was just made aware of this post. For transparency, the aggressive gTLD blocking was introduced when our browser extension was in prototype mode and as a way to test a bunch of really aggressive approaches and heuristics in order to come up with a good balanced blacklist-plus-whitelisting approach. Those gTLDs were selected due to the high ratio of malicious to legitimate websites found in those gTLDs. Many of those aggressive detection approaches are still in the browser extension but some of the whitelisting approaches never solidified as original
  12. Unfortunately this is a hard block for the time being. The anti-exploit component prevents any automated execution of scripting apps from Internet-facing applications. If you save the script to disk and execute it from a command line with a non-browser and non-mailclient parent process, it will be allowed to execute. We are evaluating some future enhancements to the anti-exploit component to allow more granularity around allowed/blocked dangerous actions.
  13. It is actually XP that starts unreliably and sometimes it takes longer than others, triggering the MBAE service timeout. If you really want to run the latest, try switching the MBAE service to Manual, and then creating a batch script that runs at boot, sleeps for a few minutes, then starts the MBAE service and then runs the mbae UI executable.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.