djacobson

Moderators
  • Content count

    258
  • Joined

  • Last visited

About djacobson

  • Rank
    Staff

Recent Profile Visitors

2,166 profile views
  1. Nicely done with the powershell script, much easier than the normal process.
  2. Hi @Agent88, 1.80.2.1012 is still the latest for business subscription holders. There is no release date yet for Malwarebytes 3.x on the business side, the build is still in the QA process .
  3. I double checked the links I posted earlier, they are working.
  4. MBAM agent 1.80.x is indiscriminate when it comes to any registry modifications. It will hit on your legit GPO enforcement's. Add your GPO registry key to the Policy → Ignore list, replacing the account SID‘s with the * wildcard. Note that only console and client communicator 1.6.1.2897 and above with Anti-Malware 1.80.1.1011 and above, supports this wildcard in the middle of a string, and only for registry keys. Here’s a list I made of all the gpo changes I’ve seen get tagged as pum: hku\*\software\microsoft\windows\currentversion\policies\explorer|NoStartMenuMorePrograms hku\*\software\microsoft\windows\currentversion\policies\explorer|NoSetFolders hku\*\software\microsoft\windows\currentversion\policies\explorer|NoFind hku\*\software\microsoft\windows\currentversion\policies\explorer|NoSMHelp hku\*\software\microsoft\windows\currentversion\policies\explorer|NoRun hku\*\software\microsoft\windows\currentversion\policies\explorer|NoViewContextMenu hku\*\software\microsoft\windows\currentversion\policies\explorer|NoToolbarCustomize hku\*\software\microsoft\windows\currentversion\policies\explorer|NoPropertiesMyComputer hku\*\software\microsoft\windows\currentversion\policies\explorer|NoDrives hku\*\software\microsoft\windows\currentversion\policies\explorer|ForceActiveDesktopOn hku\*\software\microsoft\windows\currentversion\policies\system|DisableRegistryTools hku\*\software\microsoft\windows\currentversion\policies\system|NoDispCPL hku\*\software\microsoft\windows\currentversion\policies\system|NoDispBackgroundPage hku\*\software\microsoft\windows\currentversion\policies\system|NoDispAppearancePage hku\*\software\microsoft\windows\currentversion\policies\system|NoDispScrSavPage hku\*\software\policies\microsoft\internet explorer\control panel|ConnectionsTab hku\*\software\policies\microsoft\internet explorer\control panel|HomePage hku\*\software\policies\microsoft\windows\system|DisableCMD
  5. Hi @Wolflord, the console's is not able to do that at this time, although that is a great idea. I'll move your thread to the feature requests area.
  6. Run a new set, it would be interesting to compare to the previous one as well.
  7. @kieferschild @BenCunn can I have you guys run these tools? Step A – Malwarebytes Client Log Set On the client go to C:\Program Files (x86)\Malwarebytes' Managed Client and run the tool CollectClientLog.exe. Attach the folder it generates. Step B – Malwarebytes Check Log Please download and save our diagnostic tool, mbam-check.exe, to your desktop from this link. Malwarebytes Check Tool Double-click mbam-check.exe to launch the tool. A black command prompt window will briefly appear, and then a log file will open. The log which opens will be saved to your desktop as CheckResults.txt. Step C – frst Log In addition to the check logs, I would like to have you run a tool known as frst. frst will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run frst. 1.) Please download frst and frst64 from the link below and save it to your desktop: frst 32 Bit frst 64 Bit Note: You need to download the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your computer; that will be the right version. Some traditional Anti-Viruses may false positive the download or running frst, I can assure you it is safe. If this happens, please temporarily disable the AV. 2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears. 3.) Click the Scan button 4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt. Please attach MBMC Client log, CheckResults.txt, frst.txt and Addition.txt in your reply.
  8. Hi @Rammer47 here's what's going on. There's a Windows Event error pointing to the failure and the cause... Error: (04/10/2017 08:56:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. Also in the logs are the supporting evidence, mbamscheduler is in a running state, Rx, but the mbamservice, which runs the real time engine is in a stopped state, Sx. Mbamservice is unable to run because the driver it depends on, mbamprotector, has been removed. I suspect your other security program has removed this critical file. R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation) S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X] You'll need to reinstall Anti-Malware, I'd also encourage you to add the following to your Norton 360, ignoring them for scans and Norton's real time engine so that these files are not changed or deleted in the future: C:\Windows\System32\drivers\mbam.sys C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes’ Anti-Malware\mbamapi.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.new C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.new.yaml
  9. @BenCunn, do you have any machines that can reliably go through the lockup and recover without a hard reset?
  10. Is the "Malwarebytes Anti-Exploit Service" running in services.msc?
  11. Thanks for checking, I just wanted to make sure you guys weren't getting hit with the MS product conflict. Defender is a difficult program to disable, there's a chance it is running under an svchost.exe entry instead of on its own. One can check services.msc for the Windows Defender service state as well.
  12. @BenCunn you can try adding the mbamservice process to Symantec. I was wondering if you could pause our web blocker to see if that portion of the real time is what is affecting the logon/logoff time.
  13. @preyash 1.8 hotfix has released, download the package here - https://downloads.malwarebytes.org/file/mbes_for_business Upgrade instructions are here - https://support.malwarebytes.com/customer/portal/articles/1835539-?b_id=6520
  14. Hi @jbegley, I'll PM you a link for it, it's not public.