LiquidTension

Thank you everyone for the feedback.

Hi @Avatar1971, Thank you for the file. This false-positive has been fixed.

Hi @Papageno, Please run the Malwarebytes Support Tool and gather logs so we can take a closer look at the detection: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline

Hi @Lunar07, Thank you for the feedback. Whilst I cannot provide any recommendations, I can let you know this is a feature request we are actively looking into and may implement in a future update. In regards to your connection drops - could you provide a little more detail on this? How often does this occur? How many times in total? What server(s) were you connected to at the time? If you switch to a different server, does the issue persist? What activities were being performed at the time of the issue? Logs from the Malwarebytes Support Tool may help determine the cause of your issue: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline

Thank you for the update. We appreciate your assistance with this!

Hello, With the latest Malwarebytes version, are you still experiencing an issue with VS Code and Ransomware Protection?

Hello, With the latest Malwarebytes version, are you still experiencing an issue with VS Code and Ransomware Protection?

Hello, With the latest Malwarebytes version, are you still experiencing an issue with VS Code and Ransomware Protection?

Hello, With the latest Malwarebytes version, do you still experience an issue with VS Code and Ransomware Protection if exclusions are removed?

Hello, With the latest Malwarebytes version, are you still experiencing an issue with VS Code and Ransomware Protection?

That's the issue. See my earlier post for what your filters should look like: https://forums.malwarebytes.com/topic/258529-another-crash-dump/?do=findComment&comment=1378859 Those "Architecture" filters will need to be removed in addition to adding the correct ones.

Hello @LucianV, When you say Anti-Rootkit, do you actually mean Anti-Exploit? Are you saying that now you've installed Anti-Exploit, you find mbae.exe does not launch at boot? The issue in the topic you linked has long since been resolved. ----- Would you be able to send us a copy of this document in private to help our efforts with reproducing this issue? Please do the following as well: Right-click the Malwarebytes Anti-Ransomware icon in the notification area and click Quit. Open C:\ProgramData\Malwarebytes\MB3Service. Delete the ARW folder. Relaunch Malwarebytes Anti-Ransomware and try to reproduce the issue. If you encounter another Word detection, click Stop Protection in the Malwarebytes Anti-Ransomware user interface. Zip up and provide: C:\ProgramData\Malwarebytes\MB3Service\logs C:\ProgramData\Malwarebytes\MB3Service\ARW

Thank you for the logs. We are investigating this issue further. We've seen similar issues in the past with this software which we were able to fix. In the meantime, which hash did you add as an exclusion for previously detected exploit? There appears to have been detections for two different hashes: D853801ADC91B14A4445D5207FBC167D and 2BA9985E37335DDC558D290610B35832 Please ensure both are added to the previously detected exploit exclusions.

Hi @Avatar1971, Thanks for the report. We need additional information to assess the detection. Please carry out the following instructions and attach the generated file to a new post: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline

Thanks for confirming. Apologies for overlooking that point. I would suggest keeping the exclusion in place until a fix is released.

Thank you. It looks like the Process Monitor log is empty, however (aside from process profiling events). Was Process Monitor definitely running prior to (and up to) the time of the ig.exe crash?

Before generting the Process Monitor log, could you check if the issue is still exhibited with our latest version of Malwarebytes Anti-Ransomware standalone. This contains a newer version of the Anti-Ransomware component compared with your installed Malwarebytes product. Details can be found here: https://forums.malwarebytes.com/topic/258918-latest-version-of-mbarw-beta-v091956-build-330-released-23-april-2020/ Before installing, you will need to temporarily uninstall your existing Malwarebytes product. Please let us know if you still experience the issue with Malwarebytes Anti-Ransomware standalone.

Hi @frozen, Thanks for the information. This is what we tried: Installed an older version of Firefox. Created a new profile located on a different drive. Set the new profile to default. With Anti-Ransomware enabled, Menu -> Help -> About Firefox -> Restart to update. Unfortunately, no detection was exhibited after multiple attempts. What happens if you use a brand new/default profile located on your different drive? Is the issue still exhibited? Would you be able to provide us with the Process Monitor log mentioned here? https://forums.malwarebytes.com/topic/258157-mbam-41-flagging-firefox-7401/?do=findComment&comment=1371873

We have an early preview version of Malwarebytes Anti-Ransomware business that we'd love to get some additional feedback on. This version should address the issue reported in this topic. If you're interested in trying this, please let me know and I will provide the details to you.

Hi @fscheps, Thanks for the report. We have a defect filed for this issue and are able to reliably reproduce it. We hope to have a fix in an upcoming update.

Hi @EvilPeppard, We've been able to reproduce a BSOD when Malwarebytes is running with AdGuard's WFP driver under heavy network stress. We're currently investigating further. Unfortunately, we can't guarantee anything at this current time.

Hello, Thank you for the report. Please carry out the following instructions and provide the generated file: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline

Thank you for sending over the data. It will be reviewed. In the meantime, a couple of points. Please try adding folder exclusions for the following paths: C:\Users\PaulO\AppData\Roaming\Adobe\Audition C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC C:\Program Files\Adobe\Adobe Audition 2020 C:\Users\PaulO\Desktop\Temp (assuming you're still testing with files located here) Please temporarily turn off your ramdisk and have %temp% point to the default location. Does this have any impact?

We have released a new standalone Anti-Ransomware version, which can be found here. We believe this version will correct the issue at hand. This new version of Anti-Ransomware will be made available to other Malwarebytes products in the future.

Hi @Basil_ZA, Thanks for reporting this. Could you start by trying the following. This will help narrow down the cause. Right-click the Malwarebytes version 4 icon in notification area and click "Quit Malwarebytes". Note: Ensure you click the Malwarebytes icon; not Malwarebytes Privacy. Wait ~20 seconds. Try to connect to a server. Please let us know the results.