Durew

Hi all, The excubits website remained blocked. Is the decision still pending, did the site get caught in an automatic process, or was is found a case of riskware? I don't think that the security software there falls under the "(...) legitimate software programs that contain loopholes or vulnerabilities that can be exploited by hackers for malicious purposes". If it was found to be riskware, why is it classified as such? I am currently using memprotect (and considering FIDES) so I'd really like to know. https://www.wilderssecurity.com/threads/memprotect-support-discussion.388011/ Kind regards, Durew excubits detection2.txt

Hi all, The website of excubits (a german company that sells security software) got blocked for hosting 'riskware'. I don't think the software from excubits fits this description and as such I'd like to report it as a false positive. Kind regards, Durew excubits detection.txt

Hi, It's been a while. I attached the only log I could get out of MBAM 4.1 and the triggering file. (The demo of memprotect by excubits) Please let me know if further logs are desired. Kind regards, Durew memprotect.txt memprotect_demo(1).zip

I second that. For both PC and mobile.

Hi Exile360, mods, Thanks for your reply. The systray-icon is fixed now. It was indeed a software conflict, part of mbam was missing on a whitelist of the anti-executable (I'm playing with). This prevented part of MBAM from running, as the anti-executable was disabled during the setup of the new mbam version the problem did not occur earlier. As the systemtray part of mbam is back I did not follow Exile360's troubleshooting advice for fixing it. The anti-exploit still refuses to see heapspraying. This was already replicated by @nikhils during the private beta and some exploits are caught so I do not think that is related to a faulty installation. I've attached the software I used for testing the anti-exploit, I could be wrong and perhaps it does work on a different computer. Do make sure to add the executables to the list of software protected by the anti-exploit part of MBAM, otherwise it would be a somewhat pointless test. Regards, Durew hpma-test.zip

Hi all, I turned on logging, rebooted the computer and the systemtray icon was gone. As this also meant that the messages that an exploit was blocked were gone as well this was somewhat inconvenient. After the reboot I launched an exploit it would detect at 9:41, launched all heapsprays the tool offered (wich it could not detect) at 9:42 and the first exploit again at 9:43. As the systemtray Icon disappeared I also added the autoruns-file for the standard-user account I always use. Regards, Durew mbst-grab-results.zip autorunsStandardUser.zip

Hi all, @Porthos @exile360 thanks for your suggestions and swift replies. The self-protection and real-time malware protection are up and running again. No false positives showed up during the scan. The issues with the exploit protection however remains. Just like with the previous version. As I couldn't find it in the known problems list I was somewhat disappointed. @LiquidTension Could you add this to the known problems list? Regards, Durew

Hi exile360, LiquidTension, I've removed the old version and installed the new. The good news is that the FP no longer occurs. The bad news is that the anti-exploit is having the same issues as the previous version. The worse news is that I cannot enable the self-protection. Clicking the switch makes no difference. (rebooted several times, didn't work) The worst news is that the same applies to the real-time malware protection. Does the beta-version have a clean-removal tool that could help? PC specs attached Regards, Dures P.S. Even without MBAM my PC is sufficiently protected against malware, so I'm not worried about getting infected. specs.txt

Hi @LiquidTension, Then one last request. I notice MBAM still having version number 4.0.0. Is this correct or did the program update fail? Edit: the update failed. Need to try again. Regards, Durew

Hi all, The zip-folder was done manually so I hope nothing is missing. In short MBAM picked up the streaming_client of steam. Regards, Durew FP submission.zip

http://physionet.cps.unizar.es/challenge/2013/sources/maurizio.varanini@ifc.cnr.it/B/FecgQRSmDet.m Should contain a matalb-script a fellow student advised me to try. (ECG analysis related). Seems to be a university website. Thus I think that this is a false positive.

"Behave as such" or "being able to prevent live infections in equal measure" is the key difference here. At MBAM they don't seem to believe in fighting stuff that doesn't do anything so I don't expect them to add on-acces scans. In the FAQ (linked below), post 5, this is explained in more detail. Personally I dislike this 'can replace'-claim so on my computer it functions as a companion AV/AM. My main AV does the on-acces scans.

Was the infection active? MBAM is known for not caring much about dormant infection as they don't do anything. Out of personal interest: you wrote "detected by threats when performing a personalized analysis", what is "threats" for a program/service? Could you tell more about it? Regards, Durew

Hi Amaroq, You may want to read the following article: https://www.zdnet.com/article/malwarebytes-acquires-windows-firewall-control-firm-binisoft/ So the firewall seems to be on the to do list. Could you tell what features of glasswire you like that you would like to see implemented? Regards, Durew (home user)

At the malwarebytes employees: I like the dark theme idea.

Hi Amaroq, It is currently possible to protect your important settings with a password, would that be sufficient in your opinion? If not you might want to explain why you feel this is insufficient to strengthen your case and increase the change they see the value of you proposition. Regards, Durew

So far I've had MWB running with Symantec EndpointProtect and Emsisoft AntiMalware without problems (do set exceptions). So I politely disagree with your statement. That said, many here consider MBAM+Windows Defender to be sufficient.

Hi Oaklandr, Malwarebytes is blocking acces to a site it deems dangerous. That's all. But if you think you are infected, please visit this topic explains how to get that checked out. Regards, Durew

Hi wsvdyk, I'm glad to hear it all worked out for you. Regards, Durew

@IvanIvanovich thanks for your reply. That sucks. I had a bit brighter outlook on your situation: lots of clients who were grateful that you helped them, not constant yelling. I hope that you will be able to enjoy the fun parts of your work again soon. I'd rather stay in engineering than move to politics. I can only say that I did see the promise more narrow than you did and expected that something would slip through regardless of procedures. (Since I don't have the literal source and stuff I can't say who is right and it sounds way to much like finding out would include acting like politicians and lawyers.) Especially when you push updates as often as MB. But I do now better understand your point of view. When you take the promise broader than I did they did break their promise as it was an update that wrecked stuff on a big scale. A bad definition update in the time that version 1.75 was the most recent, I intended to say. But that detail aside, I don't recall at the moment what control 1.75 offered that 3.3.1 doesn't. Could you mention some examples of control the 1.75 version offered that the 3.3.1 version does not? Or is this more a 'relative to other AV software' perspective, where, compared to other AV-software at their respective times, Malwarebytes offers less control? That surprises me as I never ran into this problem. I guess I was lucky or my situations were just differed in some crucial detail. Maybe @celee can help improve this. Three weeks of mailing back and forth for something that sounds as a quite trivial task sounds like a real pain whilst it shouldn't be. Celee might ask for times, dates, ticket number etc. to allow her to find the problem in her systems. Though I personally believe that 1.75 is inferior to 3.3.1 in an absolute sense I do worry about how they match up with other these days and suspect they used to be further ahead of the curve in the old days. Sadly, I've been unable to find a lot 'recent-ish' reliable tests of MB 3.3. I didn't expect a description that is so detailed that it would be reasonable to ask a salary for it, but maybe they will pay you to help out https://jobs.malwarebytes.com/ they are looking for some people in quality assessment and it would seem they could use some help there. It seems the export function is a bit more important to people than I thought (found the feature request topic) and as I know at least some AV's offer it I agree it should be added, perhaps should have been. I still have trouble understanding what control you have lost and what control you are looking for. I fully agree that having good control over AV-software is important but, at the moment I don't really see what control would be more required. At the moment I'm stuck at a 'warn me when this specific protection layer is turned off', setting that could be added. Could you elaborate on what control you are missing? (When I compare with Emsisoft I found it had a bit more options but only because it had different features.) Regards, Durew

Sounds like you made some great income that day. I do hope they find a way to prevent it from happening again, its nature seems to be different from last time. Don't give the staff nightmares again. ;-P Truth be told, malwarebytes hasn't tried to remove genuine windows files form my PC. So it seems that promise was kept. The occasional false positive does occur but at a similar rate as other AV-software and I like the reporting system of MB. Even the latest big issue didn't remove anything from my PC and the problem was mitigated with exiting malwarebytes. Making the 'big issue' nothing more than 'inconvenient' to me but startling to those less well versed in computers. The new version does look less intimidating and I agree that that is a bummer. But luckily I got a lot more settings to mess around with now. BTW wasn't it version 1.75 that bricked all those computers? (Not sure, was before my time) True. I personally don't really need those features but there is a feature request forum... They actually look there and quite some suggestions have been implemented. Are we still talking about the home version? (I assumed this as this is the sub-forum for home users) I never had to contact support for license issue after a reinstall. I'd advise to vent with a long list of feature request in the appropriate sub-forum. The looks that should prevent those less well versed in computers from running away screaming in fear, can be somewhat dissuading. But beneath the layers of pretty their is more control than ever before (IMHO). The 'back to basics' is a bit vague to me. My first instinct would be to translate it to "go back to when you just did file-dectection", a method that we know is insufficient these days thus this is unlikely what you mean. (But you can still use just the file detection if you want to.) Could you elaborate in what path Malwarebytes should follow in your opinion?

Hi wsvdyk, https://forums.malwarebytes.com/topic/219996-important-web-blocking-ram-usage-issue/ is the link CristianCP tried to give you. No need to google. Please let us know if you run into any further problems. Regards, Durew

Though my interest in the motivation behind the actions of other is genuine, I feel like closing this thread may be for the best before it gets too ugly. No mods are currently online so I can only ask everyone to keep their emotions in check. @AdvancedSetup@daledoc1 This topic may need some modding

Yes, a bit. I have enough stuff in house (flashlights, candles, camping cooking gear) to mitigate the damage to a day without power would be very annoying than anything else. This is why hospitals have emergency generators.

But don't company owner also know that every piece of software they run on their PC may contain faults and that if machines are that critical they need to take measures to mitigate the effect. I'm thinking of delayed updates, backup-systems, being able to revert any system-changes quickly (via disk-imaging for example). I understand that MB messed up in making the mistake (these are bound to happen whomever you buy software from) but I when I read of these 'I lost tons of money' stories all I read I never hear about how their fall-back plan failed. In addition must topics in the malwarebytes for business section are quite calm, to the point where it seems that they did have policies to cover this foreseeable eventuality. Now I do not own a business and as such I hope you (@ParaoiaBoy) could explain to me why such critical machines did not have proper emergency protocols to mitigate the damage? tl;dr: IMHO knowing av-software of any company may screw over your computer one day is reasonable as no flawless software exists. Thus not taking mitigating policies when it comes to such critical machines is negligence. Why do business owners take the risk? Regards, Durew