Jump to content

leobando

Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Blender, Thank you. Let me know what logs you need and where to upload them. Thank you
  2. Hello, I am pretty sure this a false positive but it is always worth to check, can you please let me know if I am right? Malware threat detected, see details below: 2/20/2021 3:03:41 AM COMPUTERNAME XXX.XXX.XXX.XXX RiskWare.BitCoinMiner < No action taken > C:\Program Files\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\pl\Microsoft.VisualStudio.ContextManagement.Package.resources.dll 2/20/2021 3:03:41 AM COMPUTERNAME XXX.XXX.XXX.XXX RiskWare.BitCoinMiner < No action taken > C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\Extensions\ixeq4xnu.1yf\pl\Microsoft.VisualStudio.ContextManagement.Package.resources.dll Let me know if you need the logs and where to upload them. Thank you
  3. Hi, Thank you for replying, this is a notification I received from Malwarebytes Management Server Notification, how can I provide the full log to you? Thank you
  4. I got these alerts that I believe are false positive Malware threat detected, see details below: 11/28/2020 3:00:28 AM computer name xx.xx.xx.xx Spyware.PasswordStealer < No action taken > C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1.nupkg 11/28/2020 3:00:28 AM computer name xx.xx.xx.xx Spyware.PasswordStealer < No action taken > C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1\tools\csc.exe Total count: 2. 11/30/2020 3:03:50 PM computer name xx.xx.xx.xx Trojan.SmokeLoader < No action taken > C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 12.0.0.1039\AppleMobileDeviceSupport64.msi Can you confirm it. Thank you
  5. Hi Arthi, I've just changed the settings as you described Do you have an idea what it was triggering the blocking? How bad is it to have that setting turned off? I also see my Protection for MessageBox payload is turned off by default, should I turn it on? Thank you
  6. Here. Thank you Malwarebytes Anti-Exploit.zip
  7. Hi Arthi, I still have the on premises version of Malwarebytes Management Console, the client version is 1.8.03443, I do not see MBAMService folder in that location. I have this C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs Thank you
  8. Hi, I had a user having Anti-Exploit blocking Excel files pulled from our network shared drive. Exploit attempt blocked BLOCK......................Microsoft Office Excel C:\Program Files\Microsoft Office\Office16\EXCEL.EXE Attacked application: C:\Program Files\Microsoft Office\Office16\EXCEL.EXE; Parent process name: explorer.exe; Layer: Application Behavior Protection; API ID: 301; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: This behavior start happening yesterday and the user was not able to work, is there a reason why suddenly Anti-Exploit blocked all these files? Thank you
  9. Hello, On the 8/16/20 I received different alerts from Malwarebytes console, one was the one below from a machine Trojan.Dropper < No action taken > C:\Users\XXXXXXXXXX\Downloads\ChromeSetup (1).exe Trojan.Dropper < No action taken > C:\Users\XXXXXXXXXX\Downloads\ChromeSetup.exe And this was coming from other 4 computers: Trojan.Dropper Quarantined C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe Trojan.Dropper Quarantined C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.35.452\GoogleUpdateSetup.exe Was Malwarebytes detecting a false positive that afternoon and a database update fixed the issue? Thank you
  10. I got this warning, is this the update for the Antiexploit?
  11. Thank you for the quick respond. At the moment I restored this object on all clients and exclude it otherwise I was getting flooded with calls from users. Would you please let me know when it is fixed? Thank you
  12. I have several machine at work getting this message Is this a false positive that I need to exclude from the central console? Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.