Jump to content

pbust

Staff
  • Content Count

    3,406
  • Joined

  • Last visited

Everything posted by pbust

  1. Welcome. Please replicate the block again and then attach here the mbae-default.log file from C:\ProgramData\Malwarebytes\MBAMService\LOGS directory.
  2. We'll see what we can do @hake. I have a similar experience as you since early 90's and even if just for the memories I'd like MBAE standalone to continue protecting XP machines.
  3. Thanks for confirming Ian. We are still investigating as it might not have been your fault. It might have accidentally turned itself on for some time during an upgrade or config change condition.
  4. Thanks for reproducing it again without pentesting and providing fresh set of logs. Team is looking into it.
  5. I wonder what MSFT is doing with all those super large enterprises which have paid it millions to continue supporting XP. Maybe there's a hotfix for them, just not available publicly. Lemme discuss internally with the team.
  6. Good practice. We've noticed what "could be" corrupt config files after upgrades, but no concrete evidence yet. If you experience that, please let me know. Edit to clarify: it's just a hypothesis at the time, and only for a small segment corner-case users.
  7. Are you sure you didn't turn this on yourself? Yes please, try again after turning it off.
  8. Can you also check if you created a custom anti-exploit shield for python.exe?
  9. No, it should be disabled by default. The weird thing is that the block you are reporting should only occur if pentesting mode is enabled. Can you please verify that pentesting is disabled, then reboot, replicate the problem again, and upload a fresh set of logs? Thanks for all your help!
  10. Welcome to the forums iwatts3519. Can you please confirm that you don't have "pentesting mode" enabled under the anti-exploit settings? Also, please check if there is a custom anti-exploit shield for python.exe.
  11. Welcome to the forums Alwyn. Can you please confirm that you don't have "pentesting mode" enabled under the anti-exploit settings?
  12. Sorry, my bad. Try again: https://malwarebytes.box.com/s/gqzmc4l63nj8r3qq2fccawkussrrqpnj
  13. The ZIP seems corrupt and/or incomplete. Can you please try to gather logs again? Alternatively, just post the files mbae-default.log and mbae-default.xpe. You will find them in C:\ProgramData\Malwarebytes\MBAMService\LOGS directory.
  14. Try this one please: https://malwarebytes.box.com/s/gqzmc4l63nj8r3qq2fccawkussrrqpnj
  15. Right, that might be due to MSFT's deprecation of SHA2 digital signatures and new signing requirements. I'll post a new installer in the next few days.
  16. Hey hake, long time no talk. Please try the latest build we're creating and let me know if it improves the situation: https://malwarebytes.box.com/s/c03ui7nw60sxfzc0ip299kzxf6pezacu
  17. Completely disabling anti-exploit is not a good idea as this is our main and most effective infection prevention layer that's not based on signatures. Please replicate the problem on an endpoint and post the anti-exploit logs (mbae-default.log and mbae-default.xpe) from the ProgramData folder. We'll look at the logs and let you know how to best tweak anti-exploit to prevent the issue without disabling too many protections.
  18. If you don't want to manually have to deal with unquarantining FPs you should run in default configuration. I believe there's a button to "restore to defaults".
  19. Thanks for reporting zimlo. Did you manually enable the "expert systems algorithms" option under the Advanced Settings?
  20. We are pushing changes to the detection logic, but Google publishing process has slowed down considerably. Used to be a couple of hours and nowaday's it's a couple of weeks. But rest assured, it is getting fixed.
  21. Depending on what your app is doing, you might also uncheck WMI abuse.
  22. Try unchecking it for browsers. Also, check under Advanced Settings -> App Behavior Protection and uncheck for Office VBA7 to see if that makes a difference. WARNING: You will be unchecking core protections which are actively abused by malware gangs.
  23. This is a block due to Malwarebytes system-hardening technique. The block should only happen when a page is visited that tries to load the vbscript.dll component. VBScript has been deprecated by Microsoft years ago. It is a gaping security hole and actively abused by web-based exploits and drive-by downloads. If you would like to take the risk (not recommended!) you can disable this hardening technique under the Advanced settings of Anti-Exploit, Application Hardening, "Prevent loading of VBScript Library".
  24. FWIW, .XYZ and .CLUB are fixed. We are still finetuning other gTLDs, so you might still see some aggressive gTLD blocks outside .XYZ and .CLUB. Over the next few days and weeks we'll tackle the rest of the gTLDs.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.