robains
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by robains
-
-
For some reason Browser Guard is now blocking legit Google/Chrome Search results when I click on the result to load:
If I disable Browser Guard extension in Chrome, I no longer get this block. I realize this is Google and to quote:
QuoteDoubleClick is Google’s advertising company. They use this referral scheme in order to track your browsing habits (to learn what words you searched for that led you to click on their ad), and for Google to collect a referral bonus for displaying such a good advertisement that you clicked on it. You are just seeing an error because your browser can’t get to their servers.
I'd like to use Browser Guard, is there any way I can make an exception for Google?
Rob.
-
-
No. Only AFTER I got this warning did I make changes to protected applications ... which I then undid (removed) once I discovered the Allow List in detection history was the correct place.
-
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 8/23/2024
Protection Event Time: 11:21 AM
Log File: 80a8ecde-617c-11ef-bec6-98b7851fa660.json-Software Information-
Version: 5.1.8.123
Components Version: 1.0.5007
Update Package Version: 1.0.88248
License: Premium-System Information-
OS: Windows 11 (Build 22631.4037)
CPU: x64
File System: NTFS
User: System-Exploit Details-
File: 0
(No malicious items detected)Exploit: 1
Exploit.ROPGadgetAttack, , Blocked, 508, 392684, 0.0.0, ,-Exploit Data-
Affected Application: TeraCopy
Protection Layer: Protection Against OS Security Bypass
Protection Technique: Exploit ROP gadget attack blocked
File Name:
URL:(end)
-
Thanks Porthos, looks like they moved it ... not sure "Detection History" is a good place for it since the purpose of adding exceptions is to NOT have a history.
Rob.
-
TeraCopy replaces the Win11 copy process via file explorer and it most likely does use try to gain control of the call stack to in order to present the option to use TeraCopy to copy files/folders or use standard Win11 file explorer. However, I've been assured by the developer at TeraCopy that it's not malicous in any way shape or form.
Rob.
-
In V5.1.8.123 I seem unable to add folder and program exceptions? Did this feature get removed? There is a "Configure Protected Applications" but that isn't the same as allow exceptions?
Rob.
-
Excellent! Thank you.
-
It's 6 months later from this original post and I'm still getting this error:
File System Filter 'MBAMFarflt' (Version 10.0, 2023-02-10T01:32:54.000000000Z) does not support bypass IO.
Is fixing this bug on the table? I've used MalwareBytes for many years and I'm surprised to see you folks slow to respond to this?
Rob.
-
5 hours ago, AdvancedSetup said:
List of Participants - Microsoft Trusted Root Program | Microsoft Docs
Excellent list, thank you. Comodo is still actually on that list and active.
Cheers, Rob.
-
1
-
-
I wasn't able to find any "Code Signing Certificate" information from Verisign nor Keybase.io?
I have used Verisign before but that was for Web Application Development with TLS/SSL data encryption. I'm looking for "Code Signing Certificates" which go thru a similar process as SSL certs with of verification of who I am and my company. BUT, Code Signing Certs are generated differently and incorporated into MS Visual Studio IDE via a file that I specify for my application (usually a key file once CA approves and provides) which is stand alone desktop app not a web app.
What I'm trying to avoid are AV products (like Norton, MalwareBytes, etc.) that will prevent my .EXE file from downloading because they can't find a legit CA certificate (digital signature attached as part of my EXE) ... this is more a support issue but also provides end users with more confidence my software is legit.
Cheers, Rob.
-
I'm an honest software engineer (they do exist believe it or not) working my own small business so funds are tight. I produce and create software (stand alone desktop software). I'm researching Certificate Authorities and trying to decide which one is best in terms of NOT trigger AV software. Three I've looked at so far are:
DigiCert $500-$700/yr
Comodo $80-300/yr
Code Signing Store $83/yr
As you can see the cost range is somewhat "odd" and does indeed raise my "trust" level. I know EV code signing certificates are less likely to trigger AV/Malware ... but I'm not coding a website, these is for standalone exe/dll distributed via download links.
I figured this might be a good place to ask this questions since I've been a long term MalwareBytes customer.
Cheers, Rob.
-
I rebooted my PC and now it seems to be working:
Odd, perhaps there is a delay is registering my license?
I've read that performance of this service is pretty bad (and that seems to bare out with my quick test), wondering if there are any plans to improve that over time?
Cheers, Rob.
-
Yes, that's the version I have see below:
-
I just purchased Malwarebytes Privacy, if I turn it ON (Server location set to Seattle, WA) then I try to browse to any website and nothing happens, just eventually get an unable to connect message. Turn Malwarebytes Privacy OFF and no problem connecting to websites. I tried selecting different server locations and got the same results. My Browser is Chrome, the MalwareBytes Browser Guard is enabled. I'm running Windows 10 (10.0.19041).
My ISP is Xfinity/Comcast.
Not sure what to do, ask for a refund?
NOTE: I'm an existing MalwareBytes premium customer.
Rob.
-
3 minutes ago, Porthos said:
Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.
It also does not target media files; MP3, WMV, JPG, GIF, etc.
Yes I understand, that's why I'm using Windows 10 Defender per my reference above ... not really sure where you are going with this? Perhaps you misunderstood my comment?
I have looked into and tested those you've listed, but Kaspersky seems to be more virus than anti-virus ... it was telling me to remove core Win10 components or reporting them as possible security threats when in fact they were part of Windows 10 Pro (like IIS).
Cheers, Rob.
-
I've been a software engineer and project lead (over 34 years now) and have started my company recently. I'll respectfully disagree with you. As outlined in the article I linked above, it is possible with Windows Defender (simple group policy change or registry change) and other vendors are able to perform network scans (at a price and without hacks or security compromises). Please don't take my comment as a negative, it was NOT intended as such ... being a software engineer I fully respect licensing models.
Windows Defender is not a speedy process, I'm going on 15 million files scanned and still over 8 hrs to go.
I think MalwareBytes is a great product and have been using it for years along with Windows Defenders.
Cheers, Rob.
-
It's unfortunate that MalwareBytes aren't adjusting their design to scan Network drives ... I understand the issue (not really a technical one), if you allowed such activity then users would be able to circumvent licensing by buying just one license and mapping/sharing all the other PCs they may have on their LAN.
Anyway here is a link to how you enable Windows 10 to scan network/mapped drives: https://www.tenforums.com/tutorials/70530-enable-windows-defender-scan-mapped-network-drives-windows-10-a.html
Be aware that you must first exit/disable MalwareBytes, once you do that, then Windows 10 Defender will be available when you right click on a mapped network drive, however, the group policy change is aimed at using the "Full Scan" option and ONLY the "Full Scan" option ... don't do custom or quick scans as they will not work for network drives.
It would be nice if MalwareBytes looked at one's purchased license and then "registered" computers based on their drive mapping by user request ... so in my case I have MalwareBytes Premium with 3 licenses (running on 3 PCs) ... perhaps provide an option to buy a single network device license (i.e. a NAS) which could be assigned/registered to my NAS device. So if I tried to map other PC's drives they wouldn't work because MalwareBytes has already registered a mapped/network device ... something along those lines. I'm pretty sure every shared/mapped drive has a GUID associated with it at the time of creation which can be used to establish a unique link/license.
Add that as my feature request please
Cheers, Rob.
-
Excellent, thanks!
Cheers, Rob.
-
I scan this tool with several other AV products and it was not flagged.
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 2/21/20
Protection Event Time: 11:16 AM
Log File: a3e3ef32-54de-11ea-a839-40167ea4d9c2.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.19566
License: Premium-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: System-Blocked Malware Details-
File: 1
Generic.Malware/Suspicious, C:\Users\Rob\Downloads\Process Hacker\processhacker-2.39-setup.exe, Quarantined, 0, 392686, 1.0.19566, , shuriken,
(end)You can download the software here as it's free if you need to look into this as a false positive: https://processhacker.sourceforge.io/downloads.php
The software is a low level product that is similar to TaskMgr only provides much more detail about a process, it's port usage, file I/O, and registry usage ... it's a VERY powerful tool that can be used to diagnose issues with executable and do allow direct memory access to applications (which is probably why it's being flagged).
MalwareBytes team input is important, so please let me know if you have the time to look into this.
Cheers, Rob.
-
1 hour ago, Porthos said:
The above version does not support CMD line.
And yet, if I right click on a file in Explorer, select "Scan with MalwareBytes" it will scan that file and only that file. So the ability/facility is obviously available in MalwareBytes Premium 4.0.4 but for some strange reason isn't being made available via command line?
I'm not interested in Network drive scans, that wasn't my question, I know what it can do hence my paying customer status for several years.
Rob
-
1 hour ago, Porthos said:
Are you using the standard stand alone version of Malwarebytes Premium ot the endpoint protection?
I'm using stand alone MalwareBytes Premium 4.0.4.
-
After searching and reading thru this:
https://support.malwarebytes.com/docs/DOC-1725
The mbamapi /scan ... doesn't support file path??
This seems VERY strange and is preventing me from incorporating MalwareBytes into my Internet Download Manager ... which does support other vendors. I'd rather NOT change anti-virus/malware vendors to those that work with my Internet Download Manager ... but it seems I have no choice?
Searching history of MalwareBytes and it does seem this is a VERY common request among your customers, so I'm puzzled at why such a feature is missing? Is it a concern over being able to scan a file on a network drive ... surely that could be detected and blocked internally? So why the reason for not supporting command line individual file scans?
Cheers, Rob.
-
Browser Guard blocking ad.doubleclick.net?
in Chrome
Posted
Ok, but that’s going to be for just about every site that returns from a Google Search … not really viable?