Rsullinger

Staff
  • Content count

    374
  • Joined

  • Last visited

About Rsullinger

  • Rank
    Staff

Recent Profile Visitors

4,153 profile views
  1. Hello Ajwh, Sorry for the delay in this. I want to first make sure you have the link to our admin guide. This goes into a bit of where to find the exclusions in the policy and how to configure them: https://www.malwarebytes.com/pdf/guides/MBMCGuide.pdf?d=2017-03-23-14-00-30--0700 For the maximum entries, are you receiving an error when putting in exclusions? If possible, can you send me a screenshot of what you are seeing? For recommendation of Kaspersky exclusions, it is usually best to reach out to them for the most up to date list of exclusions for their product. For reccomendations, excluding their program files directory and any related driver they have is usually the best option. I don't have a list of those, so simply ignoring the program files directory of kaspersky is a good step until you can confirm with them on exclusions.
  2. Hey Kieferschild, For mbae's ignore list, we only accept md5's for the exclusion and they only need to be inserted if a block occurs to prevent it from occurring once more. We don't scan the file system directory with mbae like with MBAM so you wouldn't need to add those anywhere. We just monitor what tries to hook or interact with our protected processes.
  3. Hey Kieferschild, Thank you for the logs. Just to confirm, can you make sure these are in Symantec, don't want this to be because of our normal files: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe For x64 installations: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe Since it is crashing, do you know if these are creating memory dump files? If possible, can you use the instructions here to get one to generate on the on one of the processes that is crashing: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx?f=255&MSPPError=-2147217396
  4. Hey Malcom, Thank you for the logs. I am going to have you collect me some debug logging for this type of alert. I will be sending you a PM with the instructions.
  5. Hey Kieferschild, I am assuming they are not causing an alert when this occurs, correct? If possible, can you collect the logs from this link: https://forums.malwarebytes.com/topic/191468-readme-first-posts-here-need-to-include-mbae-logs/ If you are not comfortable posting the FRST logs in the post, feel free to PM me them.
  6. Hey Maxamillion, I want to have you collect a couple of logs from our program that will give me a bit more information on that alert. To do this, collect these two files from these locations: C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it. There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files Go ahead and attach them here and I will take a look at them further!
  7. Hey Castleton, Anti-exploit will protect your computer from being hit by a exploit and then infecting those drives. Anti-exploit is more about protecting the shielded applications that the computer uses on a daily basis. So as long as the computer you are on is protected, your drives won't be hit by exploits we prevent. However, as not all infections are done with exploit based attacks, it is recommenced you use the anti-malware and anti-ransomware products as well so you are fully covered.
  8. New build 1341: https://malwarebytes.box.com/s/evedqs5ub23fd0u5p8wd2iadj971017j
  9. Hello Winter, Go ahead and collect these before you do a re-install: C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log
  10. Hello Chris, Just to clarify, have you tried rebooting the computer after the update was applied and see if you had this issue after reboot? If you do, please collect the log mentioned earlier in the thread and please take a screenshot of the Programfiles (or programfiles (x86)) directory of anti-exploit so I can confirm if the update happened correctly.
  11. Hey Kieferschild, Its no problem! It is only in certain cases that a reboot is needed when a upgrade of the anti-exploit client is done. So there may have just been something loaded in which anti-exploit couldn't unhook during that time. Please let me know if you have any other questions!
  12. Hello Everyone, Just to clarify, have you tried rebooting the computer after the update was applied and see if you had this issue after reboot? If you do, please collect the log mentioned earlier in the thread and please take a screenshot of the Programfiles (or programfiles (x86)) directory of anti-exploit so I can confirm if the update happened correctly.
  13. Hello Kieferschild, Thank you for the screenshot and the log. If you notice in the screenshot, there is ._'s on some of the files. Those are actually the update files for the new 1334 version. Something prevented them from being swapped out when the upgrade was done so those files are created and will be swapped out on the next reboot. At that time, our program will remove the old ones, rename the new ones and the service should start. Have you rebooted this particular computer since the initial incident?
  14. Hello Kieferschild, Do you mind taking a screenshot of the anti-exploit program files (or programfiles(x86) directory. I want to see if the files are being swapped correctly for the upgrade. Also, there was an additional log I needed from that forum post. I want to see what is installed on the machine that may be preventing our service from starting. To get these logs: 1: Please download FRST from the link below and save it to your desktop: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ 2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears. 3: Click the Scan button 4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
  15. Hello Kieferschild, I want to have you collect me some logs from one of the machines experiencing this issue. To do this, follow the instructions from this post: