Jump to content

pbust

Staff
  • Content Count

    3,372
  • Joined

  • Last visited

Posts posted by pbust


  1. In this latest build we've added WinRAR and some others (WinZip, 7z, etc.) to the "internal shields". Internal shields are basically apps we hook into to help determine certain logic when applying the Layer3 application behavior detection techniques. So for ex if winword.exe launches cmd.exe which in turn launches wscript.exe, that's a clear giveaway of exploit-like behavior. We added Winrar and others as an internal shield as we've detected some ransomware exploiting application behaviors (i.e. social engineering, not real exploits) which we were not blocking before.


  2. Thanks for the logs. Unfortunately they are incorrect. You've ZIP'ed C:\Program Files (x86)\Malwarebytes Anti-Exploit\ and the logs directory is C:\ProgramData\Malwarebytes Anti-Exploit\.

    Try checking for logs from your other security software to see if anything is blocking Malwarebytes Anti-Exploit from running.

     

     


  3. Even after closing Chrome (using the "x" on the upper right) the process chrome.exe stays running in the background. This is why the next time you "open" Chrome (you're not really opening it since it is already running) there is no new notification (since it is already running).

     


  4. here

    Thanks!

    Try doing a fresh re-install following the exact steps mentioned here. This will delete all your custom shields.

    After the re-install, verify if the problem persists. If the problem does not persist, then add your custom shields one by one, checking for the problem after adding each one and running the new custom shielded application.

     

     


  5. The first problem might be due to the installer being blocked by something else due to the low prevalence of this new installer. Try deleting the registry Run entry and re-installing to see if it gets created now.

    As for the Palemoon/Winrar issue, can you please post or PM me your MBAE logs?

     

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.