bdubrow

Hi BlackHawk-- I would suggest upgrading to the latest Beta, which was just released last week. You're actually running Beta 6, and we're now on Beta 8, so there have been a number of improvements and hopefully you won't see these types of "false alarms" any longer. You shouldn't need to worry if nothing is showing in Quarantine now. Thanks,

This forum is for the BETA version only. Questions on the anti-ransomware technology that is now offered as a part of Malwarebytes Endpoint Security should be addressed directly to our Enterprise Support or Sales teams. There are features and functionality in business version that are supported in the BETA. Please direct your questions to our Support team for better responses to help in to your specific situation.

Eventually when anti-ransomware is fully integrated with the management console we plan to support additional logging and centralized reporting features. This forum is about on-going beta questions, so for questions on the business version it would be best to contact our Enterprise Support team directly. They would be better able to help answer questions for your specific situation.

Thank you for the feedback, Rapporteur! Very happy to hear your files were not encrypted. We do hope to improve our cleanup of the messages and ransom notes that are sometimes left behind. For now, since these in and of themselves aren't malicious they're being addressed as a lower priority. We prefer to focus on fine-tuning the detection technology to stop ever more ransomware attacks.

Hi batsude-- Seems like you might still have an earlier beta version installed. We recently released Beta 8 and you should no longer see the behavior of the main program window displaying every time you boot. As for the other comments, please note that this product is not currently planned to be released as a standalone product. Rather, it will eventually be integrated into our other core products. In the meantime, this beta is focused on fine-tuning the actual detection techniques so we didn't spend a lot of time designing the interface. That said, you really shouldn't need a lot of configuration options as the product is pretty straightforward and all the main functionality required is right there and easily accessible from the main Dashboard: Main Dashboard allows you to Start and Stop protection, which is the equivalent of an On / Off button. That's also where you'll find the About button. Click the Exclusions tab to add items you want Anti-Ransomware protection to ignore (i.e. whitelist). Quarantine lets you view and manage any items that Anti-Ransomware has quarantined. Here's a screenshot for reference: If you're not seeing the above, perhaps there was an issue with your installation?

Hello, dephead2004-- Thank you for reporting this and providing the folder. Our team will take a look and let you know if we need any further information. I understand it's an inconvenience, but I'm glad you're at least able to start it up manually in the meantime.

Hi there-- Please see this Knowledge Base article for more details on anti-ransomware, as now offered as part of Malwarebytes Endpoint Security. Thanks,

Hi AndyPP-- The anti-ransomware technology is now offered as part of our Malwarebytes Endpoint Security product. For more information, please see this Knowledge Base article and feel free to contact Sales for more details on Endpoint Security. Thanks for your interest!

Great news, fredvries! We appreciate your letting us know.

Excellent! Thanks for letting us know!

Hi fishbowl-- Sorry for the confusion! I've updated our pinned topic on how to report false positives. The steps are a bit easier now since we just ask for the one directory. Thanks for figuring out which logs to attach anyway -- that's exactly what we needed. We'll review the logs and see if we can determine what might be happening. Thanks for trying the beta! Hopefully we can get it activated on your system.

Hi ingber-- Thanks for posting the tip for others! I'm sure it'll help. We've been looking into these issues and hope to improve the behavior in a subsequent beta. We're actively working on another version and will get that posted as soon as it's ready. Thanks!

Hello, User2016-- Thanks for your suggestion to support the ability to configure a proxy server. Eventually when this feature is rolled into our other products I'm sure we'll plan to support this. However, it's probably unlikely that this feature will ever make it into the BETA version. The BETA is really about vetting the detection technology itself, rather than supporting a full-featured program. I understand that this means some users won't be able to test the beta, or at least easily test, so I apologize for that. Thanks again for the interest!

Hi pizzahut-- Many thanks for the logs and details about what you're seeing. Just wanted to let you know that our QA and Dev teams are looking into this issue. We're still investigating, but hope that this can be addressed in an update / future beta. Thanks for testing out the beta!

Hello, ingber-- Thank you for reporting your experience with Malwarebytes Anti-Ransomware and bash. We'll take a look and investigate what could be causing this. Thanks,

Hello, IanNichecom and hmf-- Thank you for participating in the beta - we appreciate your taking the time to report the issue. At this point, the clean uninstall / reinstall is the suggested fix which seems to correct the problem in most cases. The Development team is continuing to investigate though so we hope to have this addressed in a future beta update.

Hi mathit-- Thanks for providing the logs, even though you were able to get MBARW restarted. We've been investigating similar reports with the Windows 10 Anniversary Update, but luckily a fresh install and/or a reboot seems to resolve the issue. Appreciate your feedback on the beta!

Hi LeeCNE-- Thanks for providing the logs. We've had a few reports of similar issues with the Windows 10 Anniversary Update. We're still investigating, but typically a fresh install, as 1PW recommended, and/or a reboot resolves the issue. Glad you're up and running again!

Hi JfB-- Thanks for your testing out the Malwarebytes Anti-Ransomware beta. We appreciate your report! If you still have it, it would be very helpful if you could upload the ZIP file to the forum David referenced earlier: Ransomware samples can be uploaded to: Newest Rogue-Ransomware Threats Just mention that you can't perform the first step and it should be fine. The Development team would like to investigate why so many files were encrypted. That's definitely not desired behavior, obviously. Thanks for your help!

Thanks so much for confirming this, @garioch7!

Hello-- Just wanted to post an update that Bitdefender just released an update to their 2016 products that they claim has fixed this issue. The latest version is 20.0.29.1517. See their change log here. If you continue to see the BSOD after upgrading to that version of Bitdefender, please let us know. Thanks!

Hi jimi_edwards (and others )-- To give an update on the situation, we're still investigating this and working with Bitdefender. In the meantime, here's a review of the various work-arounds that have been identified--doing any one of these will stop the crashes: In Bitdefender 2016, disable the Block port scans in network setting in the firewall feature In Malwarebytes, disable the Malicious Website Protection feature Roll back to Bitdefender 2015 which has no conflicts with Malwarebytes 2.2.1.1043 We understand that this is an inconvenience and we'll let you know as soon as there's a solution. Thanks!

No--just means that we have additional layers of protection against ransomware such as MBAM, MBAE and Web Protection in our Endpoint Security products for business that customers may not be aware of.

Hi Phone Man-- Both. We use a combination of techniques to ensure the possibility of a false positive is as low as possible. The first thing we do is look at the file in question to see why our technology triggered on it. In this way we can look for ways to avoid the same thing happening in the future. Certain known and verified Windows system files are essentially whitelisted, but the goal with other EXEs is to minimize the chance of detection by continually updating and tweaking our detection algorithm. We're able to dynamically update this technology without requiring a full new installer release, though new installers also typically include updates to the detection routine to both improve ransomware detections and avoid FPs.

No problem, totally your choice. Thanks for the dump file, too! As I mentioned, we're actively working with Bitdefender now and the dump may come in handy. But unfortunately there's no guarantee on timing for when either they or we might have a fix available.