Rsullinger

Hey DanJordan, We have a new build we would like you to test to see if it fixes this issue for good. Can you try installing this build over the top and see if the issue persists: https://malwarebytes.box.com/s/d0vin0ofmbkwfx4jr7ucn87vvhphmrj7

Welcome to the forums! Can you please collect these logs for us so we can look into the issue further: Thank you,

Hey Scoutt, Can you please collect the logs further for this. We want to see what is happening since those two have been disabled for you:

Hey Spritesprint, The google chrome shield was the only one we touched due to this issue. So any other browser we currently protect will not be affected unless the other chromium browsers get the same treatment. I can see if we can see about Vivaldi. Ill send that feedback to the team to consider going forward.

Hello Spritesprint, Unfortunately it is not a mistake. We removed protection for Chrome due to Google’s new policy against code injection into Chrome. Because of this policy, we would not be able to protect chrome in that same way going forward. This blog from them explains as to why they are doing this: https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html

Hey REGITDept, The team thinks it may be a FP but we want to collect some additional logging on this. I am going to send you a PM to collect these logs so look for that soon.

Hey Oscars, I am going to reach out to you in a PM to get some information. Let me know if you have any questions. Thank you,

Hey Everyone, We have a test build we would like you to try. Can you please try this version and let us know if it fixes the adobe issue you are running into: https://malwarebytes.box.com/s/b3gu0vewughayu63sus1y8dbainqiqzp If you run into any issues, let me know asap!

Hey Nukecad, I am going to send you a PM to try and get some debug logs for our team. Thank you,

Hey JeffreyB, Can you collect these logs for me so I can confirm if it is the same issue as above:

Hey Jaws98, What is causing it is hard to say, but our program is blocking it because java is attempting to run a cmd/script of some sort. We don't care what it is running, just that it is trying to make that type of call. Just from that piece of code it doesn't look malicious. Just to be safe, you may want to try re-installing the java software and get it on the latest to see if it still occurs.

I am going to send you a PM to collect some debug information for the team so we can get this fixed.

Hey everyone, I am going to reach out to you to collect some debug logs on this issue. The development team wants to see how this is triggering. You should see a PM from me with some instructions on how to do this. Thank you, Ron

Hello Everyone, Can you please try the version that is posted here: Want to make sure the newest version is tried to ensure this is not due to a fix we made currently.

Hey Sandy, It will not affect them. The log we write to will overwrite itself after a certain amount of data (this prevents it from being a huge file). It will not affect the user and they will never see it. Just need to make sure that when the alert happens, we collect the logs as it will overwrite if to much time has passed.

Hey Sandy, I want to send you some instructions in a PM to collect me some debug logs. The block looks strange in that it shouldn't be blocking it in that way. We want to see exactly why that is occurring.

Hey MarkTM, I want to have you try a debug build to get me more information. I am going to send you a PM to send it to get that data. Along with this, do you mind getting me a screenshot of the addon's in word or possibly try launching word in safe mode? I want to eliminate the possibility this is caused by an addon.

Hey Slitzinger, I moved this to a new thread as the other one is a bit old and may be outdated for anything right now. I want to confirm what is going on, do you mind collecting the logs from this link: Go ahead and attach it here and I can see why that is happening.

The program will install in the x86 directory that is correct. If it is doing it on numerous machines, then I would like to take a look further into it. I want to see if something in particular is causing this during the upgrade. Can you please collecting the logs from this post and attachthem here: https://forums.malwarebytes.com/topic/191468-readme-first-posts-here-need-to-include-mbae-logs/ Thank you, -Ron

Hey StroTech, That looks like it may have just left behind the un-install entry from the upgrade. If you open up the program and it is showing the correct version there, then it is just something that got left behind for some reason. If you want to clean it up, you can do it manually or run our clean tool to remove everything and install the latest version. If you want to do that, here is the clean tool: https://forums.malwarebytes.org/applications/core/interface/file/attachment.php?id=199258 This is where you can find the latest version of mbae that you have upgraded to: https://malwarebytes.box.com/s/ll8vdfmuc46dkqbk9iuaqp6iik0t0nq4 Let me know if you have any issues!

Hey SBulla, I am going to send you a PM with the link to get it. Normally you can find the latest updated packages (of all the mbes products) from the purchase link that is sent. This one should activate automatically after installed!

Hello Texgal, Can you please collect the logs found here and attach them to this thread: https://forums.malwarebytes.com/topic/191468-readme-first-posts-here-need-to-include-mbae-logs/ I should be able to use those to see what is happening. Thank you!

Hey, sorry for the delay. Here is the link for the latest mbmc: https://support.malwarebytes.com/docs/DOC-1043 In the mean time, see if you can change the setting on the user side (as long as you are an admin you should be able to change it) and see if it works. I would hate to have you go through all of that work for it to not ultimately fix it.

Thank you for the logs! So I reviewed it and it may be due to a setting we have that causes cmd to not be ran if Java calls it. Sometimes infections use this vector so we have that setting to block it on by default. However, you can disable this setting if you know for sure this script is good. To do this, open up the mbae UI on the users machines (or go into the mbae tab in the policy if you are using mbmc) and go to the settings tab. Click on the advanced settings button and go to the java protection tab. Disable that first option for 'prevent web-based java command line' and test to see if it works. If you are pushing it from the console, it may take a bit to be pushed down to the client.

Hey MLAP, Exclusions are usually only done if there is an md5 of the file that can be excluded. I am not 100% sure why that block is occurring so I will need to see the full logs for the product. Do you mind collecting the logs from the instruction here: https://forums.malwarebytes.com/topic/191468-readme-first-posts-here-need-to-include-mbae-logs/ You can send me the data in a PM if you do not wish to post it in the forum.