Jump to content

LiquidTension

Staff
  • Content Count

    4,130
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. Thanks for the report. We'll look into why those folders weren't removed correctly. Regarding the registry leftovers you mentioned - note that there are many keys/values that may contain references to Malwarebytes but are not explicitly created by the product and are not appropriate to remove. This is the case with any software installation. The Support Tool does a very thorough job with removing registry keys/values. If you have any details on exactly what was leftover, we can certainly take a look.
  2. Please note we've released a new beta update that corrects this issue. See here for details: https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/?do=findComment&comment=1392001
  3. Please note we've released a new beta update that corrects this issue. See here for details:
  4. Please note we've released a new beta update that corrects this issue. See here for details: https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/?do=findComment&comment=1392001
  5. Hi all, Thank you for the feedback. Please note we've released a new beta update that corrects this issue. See here for details: https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/?do=findComment&comment=1392001
  6. Please note we've released a new beta update that corrects this issue. See here for details:
  7. Please note we've released a new beta update that corrects this issue. See here for details: https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/?do=findComment&comment=1392001
  8. Thank you for the report. @ball2hi I've sent a private message with follow-up steps.
  9. We have released a new beta update to address this issue (component package version 1.0.976). To obtain this beta update: Enable beta updates if necessary by opening the Malwarebytes settings and turning the "Beta updates" setting on. Click About followed by "Check for updates". Note: If you have just started the computer, you may need to wait a few minutes before the update will be available to download. If you have configured any new exclusions as a result of this issue, we recommend removing them once component package version 1.0.976 or higher is installed. This can be achieved using the Allow List found in Detection History or Settings and should only be done after the new update is installed. For more details, see this post: https://forums.malwarebytes.com/topic/257042-malwarebytes-41-beta/?do=findComment&comment=1391997
  10. @frozen To confirm, is the issue still not exhibited with the latest standalone Malwarebytes Anti-Ransomware? https://forums.malwarebytes.com/topic/258918-latest-version-of-mbarw-beta-v091956-11349-released-11-june-2020/ You mentioned the issue is not exhibited when using a different profile. Can you try a new/default profile located on a different drive so we can rule out if the contents of your profile has any impact? ----- @PhoneNumberZero Is your Firefox profile also located on a different drive than the one Firefox is installed to? Could you also try the Malwarebytes Anti-Ransomware standalone linked above and see if the issue is still exhibited?
  11. Hi all, We are aware of an issue involving Ransomware Protection blocking Microsoft Office programs such as Word and Excel. We are actively investigating this issue and hope to provide a fix for this as soon as possible. For now, if you encounter a Microsoft Office block and are certain this is a false-positive, we recommend the following: Restart Ransomware Protection by opening the Malwarebytes dashboard, toggling Ransomware Protection off and then back on again. If you are still unable to launch the blocked Microsoft Office program, restart the computer. Add a folder exclusion for the affected program (e.g. C:\Program Files (x86)\Microsoft Office\Office12). Refer to Add to the Allow List in Malwarebytes for Windows v4 for details on adding exclusions to Malwarebytes. The path of the affected program can be found in the block notification or the Detection History -> History tab within Malwarebytes. The steps above should prevent further blocks and allow you to resume normal usage of your Microsoft Office program. If you still encounter an issue after carrying out the steps above or would like confirmation on whether the block you encountered is a false-positive: Please create a new topic in the Ransomware false-positive section and attach the log file generated by the Malwarebytes Support Tool. In some circumstances, you may need to perform a repair of your Microsoft Office product if you are still unable to launch it after restarting the computer. See here for details: https://support.microsoft.com/en-us/office/repair-an-office-application-7821d4b6-7c1d-4205-aa0e-a6b40c5bb88b We will provide an update to this topic when available.
  12. Thank you for the additional detail provided on the issue. Based on the logs provided, I can confirm the reboot was triggered by Malwarebytes. Clicking "Later" to the notification should not result in the machine being rebooted. We have a defect filed and will be investigating this further. For reference, this is the notification being referred to:
  13. Hello, Thank you for the logs. This was indeed a false-positive that we intend on releasing a fix for as soon as possible. In the meantime, if the issue does happen again, you may wish to add a folder exclusion for C:\Program Files (x86)\Microsoft Office\Office12 until the fix mentioned above is released.
  14. Hi @Chinook, Thank you for the logs. Could you provide more detail on what you are specifically doing with Chrome when the block occurs? Is it a consistent set of actions that result in the block occurring? If you launch Chrome without extensions or plugins loaded, does the issue still occur? Close all instances of Chrome. Press the Windows Key + R on your keyboard at the same time and enter: Chrome.exe --disable-extensions --disable-plugins Please do the following: Download and run Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Reproduce the Chrome block. Stop the Process Monitor capture (File -> click "Capture Events" to remove the checkmark). Save the output (File -> click "Save..."), zip it up, upload to a file hosting service of your choice (WeTransfer.com, Google Drive, OneDrive, etc) and share the download link. Rerun the Malwarebytes Support Tool, gather logs and attach the new mbst-grab-results.zip.
  15. Hi @nickyr, Have you restarted the computer or used the "Quit Malwarebytes" option and relaunched the program since experiencing the last block on Excel.exe? If not, please perform one of these actions and verify Excel opens correctly.
  16. Hello, Please provide the logs mentioned in the second post: https://forums.malwarebytes.com/topic/261136-outlook-been-block/?do=findComment&comment=1390348 In addition, please zip up and attach the following folder: C:\ProgramData\Malwarebytes\MBAMService\ARW Thank you!
  17. Hi Ryan, We've began to notice a rising trend and are actively investigating. Could you provide us with the logs mentioned in the post above please so we can take a closer look. Thank you!
  18. Hi @nt albert, Instructions can be found here: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline The tool will create a file on your desktop named mbst-grab-results.zip, which can be attached in a new forum post.
  19. Hi @OrangeSour, As mentioned above, rebooting the computer should be sufficient in resolving this. If you are running Windows 10, ensure the "Restart" option is used and not "Shut down". If you encounter the issue again, you will need to add a temporary exclusion for excel.exe until we can fix this issue. See here: https://support.malwarebytes.com/hc/en-us/articles/360038479234-Add-to-the-Allow-List-in-Malwarebytes-for-Windows-v4 Please provide us with the mbst-grab-results.zip file created by the Malwarebytes Support Tool so we can take a closer look at the issue.
  20. Hi @truth51, Thank you for the report. Please restart the computer and try to run Word. If you encounter the issue again, you will need to add a temporary exclusion for Winword.exe until we can fix this issue. See here: https://support.malwarebytes.com/hc/en-us/articles/360038479234-Add-to-the-Allow-List-in-Malwarebytes-for-Windows-v4 Please run the Malwarebytes Support Tool so we can take a closer look at the detection: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline
  21. Hi @tgouws, Thank you for the report. Please run the Malwarebytes Support Tool so we can take a closer look at the detection: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline
  22. Hi @Nerds, Thank you for the file. We're currently reviewing the data. Unfortunately, we've been unable to reproduce this issue in all our attempts. Are you able to actively reproduce it on a consistent basis (e.g. by installing an older version and then upgrading)? If you are, it would be a big help if we could obtain some additional troubleshooting data: Process Monitor log as the issue is reproduced: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon (from start to finish of the upgrade attempt). Zipped up contents of C:\ProgramData\Malwarebytes\MBAMService\Logs and C:\ProgramData\Malwarebytes\MBAMService\ARW. Farbar Recovery Scan Tool logs: https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs
  23. Thank you for the report. We have a defect filed and hope to address this as soon as possible. As mentioned above, closing and reopening the user interface will indeed result in the correct state being reflected.
  24. Hi @miguelgrado, Thanks for the report. We have a defect filed and will be addressing it as soon as possible.
  25. Hi @alexl010, Thank you for your patience with this issue. Yes, progress has been made. A fix for this is available to Malwarebytes Anti-Ransomware standalone, Malwarebytes version 4 and Malwarebytes Endpoint Security users. Unfortunately, we aren't yet able to release this fix to Malwarebytes Endpoint Protection and are currently in the process of working towards this. We intend on making this available as soon as possible.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.