leobando

Hi Blender, Thank you. Let me know what logs you need and where to upload them. Thank you

Hello, I am pretty sure this a false positive but it is always worth to check, can you please let me know if I am right? Malware threat detected, see details below: 2/20/2021 3:03:41 AM COMPUTERNAME XXX.XXX.XXX.XXX RiskWare.BitCoinMiner < No action taken > C:\Program Files\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\pl\Microsoft.VisualStudio.ContextManagement.Package.resources.dll 2/20/2021 3:03:41 AM COMPUTERNAME XXX.XXX.XXX.XXX RiskWare.BitCoinMiner < No action taken > C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\Extensions\ixeq4xnu.1yf\pl\Microsoft.VisualStudio.ContextManagement.Package.resources.dll Let me know if you need the logs and where to upload them. Thank you

Hi, I uploaded the logs.

Hi, Thank you for replying, this is a notification I received from Malwarebytes Management Server Notification, how can I provide the full log to you? Thank you

I got these alerts that I believe are false positive Malware threat detected, see details below: 11/28/2020 3:00:28 AM computer name xx.xx.xx.xx Spyware.PasswordStealer < No action taken > C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1.nupkg 11/28/2020 3:00:28 AM computer name xx.xx.xx.xx Spyware.PasswordStealer < No action taken > C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1\tools\csc.exe Total count: 2. 11/30/2020 3:03:50 PM computer name xx.xx.xx.xx Trojan.SmokeLoader < No action taken > C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 12.0.0.1039\AppleMobileDeviceSupport64.msi Can you confirm it. Thank you

Hi Arthi, I've just changed the settings as you described Do you have an idea what it was triggering the blocking? How bad is it to have that setting turned off? I also see my Protection for MessageBox payload is turned off by default, should I turn it on? Thank you

Here. Thank you Malwarebytes Anti-Exploit.zip

Hi Arthi, I still have the on premises version of Malwarebytes Management Console, the client version is 1.8.03443, I do not see MBAMService folder in that location. I have this C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs Thank you

Hi, I had a user having Anti-Exploit blocking Excel files pulled from our network shared drive. Exploit attempt blocked BLOCK......................Microsoft Office Excel C:\Program Files\Microsoft Office\Office16\EXCEL.EXE Attacked application: C:\Program Files\Microsoft Office\Office16\EXCEL.EXE; Parent process name: explorer.exe; Layer: Application Behavior Protection; API ID: 301; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: This behavior start happening yesterday and the user was not able to work, is there a reason why suddenly Anti-Exploit blocked all these files? Thank you

Thank you for your reply.

Hello, On the 8/16/20 I received different alerts from Malwarebytes console, one was the one below from a machine Trojan.Dropper < No action taken > C:\Users\XXXXXXXXXX\Downloads\ChromeSetup (1).exe Trojan.Dropper < No action taken > C:\Users\XXXXXXXXXX\Downloads\ChromeSetup.exe And this was coming from other 4 computers: Trojan.Dropper Quarantined C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe Trojan.Dropper Quarantined C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.35.452\GoogleUpdateSetup.exe Was Malwarebytes detecting a false positive that afternoon and a database update fixed the issue? Thank you

I got this warning, is this the update for the Antiexploit?

Thank you for the quick respond. At the moment I restored this object on all clients and exclude it otherwise I was getting flooded with calls from users. Would you please let me know when it is fixed? Thank you

I have several machine at work getting this message Is this a false positive that I need to exclude from the central console? Thank you

knguyen1 Thank you very much

knguyen1, I followed your instructions and it seems to be fixed. Thank you for your help. Just for curiosity, is there a way I can enable the automatic update from the Malwarebytes Management Console for all the clients with the anti-exploit installed? Thank you

Sorry for the late reply. I did not turn on the Notify me of replies. I don't receive this alert anymore. What type of logs do you want? Thank you

I have installed in my computer Malwarebytes version 1.8.03443 and the Anti-exploit for business 1.09.2.1291. The problem I am having is happening just to me. In Word or Excel when I try to open a document through the File tab, click browse the application close itself. This is not happening if I stop Malwarebytes Anti-Exploit or unlock the shield protection in Word. I repaired Office and uninstalled and reinstalled Malwarebytes. I tried to restore the machine too but it did not work. In the Ati-exploit I don't see any logs. What can it be creating this problem? Help please. LB

Hello, I got this email warning from Malwarebytes yesterday and today: Malware threat detected, see details below: 7/21/2019 2:03:04 PM Trojan.TrickBot < No action taken > C:\ProgramData\Symantec\DefWatch.DWH\DWH939D.exe I checked Malwarebytes Management Console and the Security logs are showing the detection. When I am going to the client there is no warnings at all. Is this a conflict with Symantec Antivirus when it is trying to update its definitions? Thank you

What is the latest version update, I have v2018.12.13.09.

I just logged in because I had the same question. Thank you.

djacobson, Thank you for your information, I contacted the person in charge and we upgraded to the latest version of Malwarebytes, I also made changes for the update policy for those machine out of the internal network. My issue is being solved, Have a nice day

Hello, I have several machine out of the internal network with Malwarebytes Enterprise 1.75 installed. When I turn the machine on I have Malwarebytes warning me the database is outdated, when I try to update it I receive a message telling me I already have the latest database but it is not. The only way I have to update it is to connect the client to the internal network and contact the my malwarebytes server. Does the client need to contact the server after a while to keep working? I apologize for my English. Thank you

Make sense although I thought Skype ditched the peer-to-peer system. Thank you

Hi, I am not sure if this is the right place to ask this question and apologize in advance if I am wrong. I got this notification from a laptop out our site and it has Malwarebytes 1.75.0.1300 installed, the maessage is the following: Malwarebytes Management Server Notification -------------------------------------------- Alert Time: 8/22/2017 8:13:15 AM Server Hostname: ServerName Server Domain/Workgroup: DomainName Server IP: 172.16.x.xxx Notification Catalog: Client Description: Malware threat detected, see details below: 8/13/2017 12:14:21 PM ComputerName 192.168.1.12 Blocked web site Type: outgoing, Port: 52034, Process: skype.exe 217.23.187.42 8/13/2017 12:14:21 PM ComputerName 192.168.1.12 Blocked web site Type: outgoing, Port: 29329, Process: skype.exe 217.23.187.42 Total count: 2. -------------------------------------------- Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message. How concern should I be about this message? Is it a regular Skype communication or something else? The IP address is pointing to Russia. Thank you for your help