Jump to content

Rsullinger

Staff
 View Profile  See their activity

  • Posts

    533

  • Joined

  • Last visited

 Content Type 

Everything posted by Rsullinger

  1. Rsullinger
    Hello fadein2madness, We want to have you collect some logs to look into this issue further. Can you please gathered the logs from this post here: Make sure you grab the logs from step 5. as we will want to get machine information as well.
  2. Rsullinger
    Hello REGITDept, Thank you for reporting this! I will send this to to the appropriate team members so we can look into this further.
  3. Rsullinger
    Hello HDR3, It does not look like a exploit just based on the information you provided. It may be a false positive from the game as it is not something we would have tested on. I would recommend removing the custom shield that was created for it so you can continue playing. If you would like, I can look into the logs as well. You can grab them from this location: C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it. There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files
  4. Rsullinger
    Hello Tmorse, Good to hear! We are planning on pushing out an updated version of anti-exploit soon that includes that fix. So all of your clients should get the new version when that happens. In the mean time, you can use that build on machines that need this fix while we get the GA build finalized.
  5. Rsullinger
    Hello Siro, I will be assisting with this issue to see about getting it fixed. I am going to send you a PM to test the offending docx on our side along with instructions to capture more data on the PC itself (other installed programs). Expect that PM in the next couple of minutes!
  6. Rsullinger
    Hello Slyphnier, We have had a report of a similar issue. I want to have you collect me some logs so I can verify if it is due to this or not. 1: Please download FRST from the link below and save it to your desktop: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ 2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears. 3: Click the Scan button 4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
  7. Rsullinger
    Hello Tmorse, This is only for the client. It is an update to the anti-exploit client itself so you want to install that on a computer that is having the issue.
  8. Rsullinger
    Hello Tmorse, I am going to send you a PM with some information. I have a build I want to have you try.
  9. Rsullinger
    Hey Richard, No problem. Your tone was fine, I just wanted to clarify why we wanted it since I didn't really go into it that much. So no need to apologize :D. Go ahead and get those logs when you can!
  10. Rsullinger
    Hello Tmorse, That is correct. Thank you. Let me get this information to our team!
  11. Rsullinger
    Hello Tmorse, Alright, in the mean time then. Can you go back to that alert in the console. On the area where it says 'object scanned' can you extend that column so I can see the entire path and take a screenshot of that? That is mainly one of the information I want to see and I can send that to our team.
  12. Rsullinger
    Hello Richard, I understand, they just want to make sure it is not causing anything as well. Better to be safe and make sure we are troubleshooting the issue completely and not another conflict at the same time. Do you mind collecting those verbose logs I sent you in the PM 1 more time with hitman removed? The development team wants to see them as a comparison to the last logs you gathered.
  13. Rsullinger
    Hello Tmorse, That is odd. I am not seeing that block at all in the logs. Our team is looking into an issue like this with UNC exclusions, but I would like to see the alert file so I can send it to them. Can you try to collect the logs from that computer again? Or, if possible, have them reproduce it right before you collect it to make sure it creates the alert on the client side.
  14. Rsullinger
    Hello Preyash, Well that is interesting that it worked on 1 but not the others. I will let the team know that is investigating this. Do you mind collecting another log from these machines? We want to see what is installed and see the resources of the machine to compare it to the other clients we are looking into. To grab the log we need: 1: Please download FRST from the link below and save it to your desktop: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ 2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears. 3: Click the Scan button 4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
  15. Rsullinger
    Hello Tmorse, Is the user actually seeing an alert about a block? I am looking in the logs and I am not seeing an alert at all. I just want to confirm if we are showing a block or we are just blocking it without causing an alert.
  16. Rsullinger
    Hello Tmorse, This may be due to a new version of the program that was updated with the timeline you gave. I want to have you collect me some logs from the computer so I can look into this further for you. All you would need to do is go to the computer and collect this directory: C:\ProgramData\Malwarebytes Anti-Exploit Just zip up that directory and attach it here for me.
  17. Rsullinger
    Hello James2017, For anti-exploit, the exclusions are done through the md5 hash of the file and not off of the file path. If you notice in the example, the md5 is the only important part and the file name(path) is optional there.
  18. Rsullinger
    Hello Preyash, We are currently looking into this and why this is occurring. If you have one currently doing this, can you try: "Set the failure options for the sccomm service(MeeClientService) under Properties-> Recovery to 'Restart the Service' for all 3 fail options". After you do that, can you reboot the computer and see if it connects to the server?
  19. Rsullinger
    Hello Richard, Just to confirm something, can you try either disabling or un-installing hitmanpro.alert as test of this confilct? They have some ransomware/anti-exploit technologies and we just want to make sure it is not causing this conflict you are seeing. We are currently looking at the logs and testing this as well, but want to confirm on your side as well.
  20. Rsullinger
    Hello Priyanka, Unfortunately the version of anti-exploit in the console/server software only gets updated when a new version of MBMC is released. However, we do have an option in the policy for your clients to get updated automatically to that version via the policy. If you go to the policy pane and open up the policy the clients are on, go to the anti-exploit tab. You should see the top checkbox on the right side that says "Automatically upgrade anti-exploit on clients" Thank you,
  21. Rsullinger
    Perfect! I am getting this over to our team right now.
  22. Rsullinger
    Hey Richard, I am going to send you a PM getting some new logs from the 3.0 version. Please look out for it.
  23. Rsullinger
    Hello Priyanka, The 1.08 build is not the current latest version of the anti-exploit product. So you may be experiencing a bug or conflict that we have already fixed. Can you take this install package and test it on the users machine and see if it fixes the issue? https://malwarebytes.box.com/s/7gbe30azrsfof7v2poithvvda2huu1w9 If it does not fix it, I want to have you collect me a zip of C:\ProgramData\Malwarebytes Anti-Exploit and send it to us. That will give us information on the block and how to fix it from there!
  24. Rsullinger
    Hey Meathead, That is correct. We will release versions of the product that has fixes to our hooking or adds new features, but usually around that time is when we create the new build of the product and deploy it globally. But currently the builds released so far has only been bug fixes for other reported issues. Such as a powerpoint conflict that was occurring with a newer version of the Powerpoint.
  25. Rsullinger
    Hello Charles77, We want to have you collect some logs so we can look into this issue further. I want to have you collect two logs from these directories: C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it. There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files Once you get those, go ahead and send it over to me and we should be able to give you a better answer for this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.