Jump to content

djacobson

Staff
  • Content Count

    1,298
  • Joined

  • Last visited

Posts posted by djacobson


  1. @straffin, yes we do have such tools. You can use the one attached* for interacting with, and triggering the real time, or leave it somewhere for a scanner to find.

    *Linked on Box in new thread.

    Another good resource to test that the scanner is looking in certain areas during scheduled scans, is using Spycar. They make a test detection suite for scanner engines - http://www.testmypcsecurity.com/securitytests/all_tests.html#AllTests*

     *Spycar is dead, RIP. ☠️


  2. Set anti-rootkit scans to be on a schedule on their own rather than engaging the setting to make them run with every scan you perform. Recognizing when to use that will come with experience in dealing with rootkits and knowing the signs of one being there. These scans are highly intensive and ideally should not be ran with other scanning functions, they can also at times crash your system, not just the application, due to the sensitive areas this function scans. This becomes even more sensitive if disk encryption is used. 

    I think however, your true culprit may have been the SP early start. This is the old Chameleon function in an updated form. It sets MB stuff to be read only. Early start pushes that into the Windows loading process. Sometimes files need to change, even ours, we do update after all! This setting restricts this need and can have unintended consequences. I recommend this to only be used if you are dealing with malware that targets MB and nothing else - this was more common in the early 2010's, not so much anymore, but it could see a resurgence. Regular SP mode is fine to engage to prevent your users from deleting items.


  3. I know for sure 2008 R2 64 bit is supported so far to our latest 3.7.1 - I have this setup in my test environment, unfortunately I do not have a 2008 non-R2 example to try. I'll need to ask about that 2008 64.

    The KB listed is for TLS 1.1/1.2 communication. Failing on a scan can be a variety of things. If you right click on the M icon in the system tray, you can generate logs for us to review the situation.

    A workaround for the short term would be to use the "MALWAREBYTES BREACH REMEDIATION (VERSION 2.X)" found under Endpoints \ Add Endpoints \ Dissolvable Unmanaged Remediation Tool, to scan the machine.


  4. If you are on MBMC 1.9, definitely utilize the new service startup type and failure restart options on the general page in policy, this is exactly what those are meant to fix, especially with Win 10.

    The startup delay option under the Protection tab is for conflict/performance issues against Anti-Malware's web blocker and malicious file blocker with other security program during logon.


  5. Good find, that's our comm service, though when it is off, they usually just show as offline, not unregistered. Another thing you may see is laptops may have double entries, one for the ethernet and one for the wifi. Which ever NIC was in use during deployment will have that MAC saved to the machine, when it is on the other NIC, it may show an unregistered entry along with its checked-in entry.


  6. Hi @KHALIL, I apologize that this has gone unanswered for so long! We have a new build out right now that is metered. Please perform an uninstall, restart, new install, that way it will put the latest build on the machine without you needing to wait for the metering update. Let me know if this freeze continues while you are using Malwarebytes 3.7.1. You can find that number in the add/remove programs area.


  7. Hi @Devora, I understand the frustration, plus you and I just worked together not too long ago for the reports! I do not see any backend service or availability issues at the moment. As a test, please invoke a web detection hit manually by going to - iptest.malwarebytes.org - on a machine to test that the results are making it to your dashboard, if they happen. Let me know how that turns out, thanks Devora!

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.