mgard

Good afternoon, We have recently moved to Malwarebytes End Point Cloud. Maybe this information is there somewhere but it would be really nice to know why a custom scheduled scan fails. Like is the endpoint offline/powered down. Our users are supposed to leave their PC's powered up and it would be nice to know if that is why the scan fail. All it tells me is "Scheduled Custom Scan failed". Thank you mgard

Hey Arthi, Any update on how close you are getting to rolling out the update to Anti-Exploit? Thank you, Mike

Most of our alerts have been from Outlook and Adobe Reader. This morning I received notices like others have been seeing. Its triggered with iexplore.exe and AcroRd32.exe. I will be glad when we switch to the Malwarebytes Cloud version. That way I can call Malwarebytes support. Mike 5/30/2018 8:19:46 AM Exploit code executing from stack blocked BLOCK Adobe Reader C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Attacked application: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe; Parent process name: iexplore.exe; Layer: Protection Against OS Security Bypass; API ID: 450; Address: 0x00BAE000; Module: ; AddressType: ; StackTop: 0x00BB0000; StackBottom: 0x00BAB000; StackPointer: ; Extra: Total count: 1.

Good afternoon, I am starting to see this "Exploit code executing from stack blocked" popping up more and with AcroBd32.exe. I am guessing this is a false/positive? Thank you for help in understanding this security notification. We are running Malwarebytes Enterprise 1.80.2.1012, Anti-Exploit 1.12.2.81. Mike Exploit code executing from stack blocked BLOCK mmead Adobe Reader C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Attacked application: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe; Parent process name: OUTLOOK.EXE; Layer: Protection Against OS Security Bypass; API ID: 450; Address: 0x0029D010; Module: ; AddressType: ; StackTop: 0x002A0000; StackBottom: 0x0029C000; StackPointer: ; Extra:

Good afternoon, I would like to know how long before another update is available for the Management console? The home users were upgraded to version 3.0 but I am still at 1.8 with the Management console. I heard there were some cool things will be added to the next upgrade. Thank you, mgard

Thank you Dyllon. That is very helpful. I can't wait for the new Malwarebytes 3.0 Business console. Sound excellent! Mgard

I don't have my ducks lined up on this but I would like to ask the question anyway concerning the Malwarebytes agent .9.1.7.689. Twice now I have seen false positives on program files. My concern is I could not get the file to release from the quarantine so I could restore in and then add it to the Exclusions list. The user was in a hurry so I uninstalled Malwarebytes Ransomware agent and restored the file from another PC. One of the 2 times listed above, Malwarebytes ask the user to reboot but I still couldn't get the quarantine to release the file so I could exclude it. I wondered if anyone else has experienced this? I was able to manually add and remove a file in the Exclusions list but this was not during a quarantined file condition. Thank you,

Last night I was able to run the TFC.exe on two PC that had PUP's that showed no action. After cleaning up the temp files and rebooting the PC, I ran a full scan of Malwarebytes and both PC's were clean with nothing flagged.

Thank you, I will run it after hours tonight.

Attached is the Security log from the Management Console for the PC. Thank you, Mike Logfile.txt

Attached is the file path of where this PUP is located. PUP.docx

I have been getting email notifications of PUP.Optional.ASK <No action taken> My question is, why are these not being put in the Quarantine? I have both PUP and PUM set for "Show in results list and check fo removal". There are other PUP's that are moved to the Quarantine but this one isn't. I was running Mangement Console 1.6 and just upgraded to 1.7 today. Thank you, Mike

I pushed from the Management console version 1.6.1.2897, installs to 4 PC's all Windows 7 Pro. These were first time installs which were showing unregistered in the Client window. The first two gave the following message "Installed successfully, but registration failed, Signature version is invalid: Anti-Malware Version 1.80.1.10.11 Anti-Exploit Version 1.07.2.10.15. I was told that Anti-Exploit is not pushed out from the console anymore but 1.07.2.10.15 is the version that is associated with the console. I did turn the automatic update for Anti-Exploit which has update my previous installs. So when doing a first time push how do I get the correct Anti-Exploit version pushed out. The other two PC's installed OK with the correct version of Antimalware version 1.80.1.1011, AntiExploit version 1.08.2.1045. The problem is the Management console is show AntiExploit shields off for those two PC's. Thank you for any direction/help you can give, Mike

BINGO!!, My other PC/laptops were upgraded from Windows 7 to 10 and they had .Netframe 3.5 installed. Thank you for responding so fast and resolving that one Ron. Mike

Thank you Ron, I'll give that a try right now.

Hello everyone, I am looking for some help figuring out why my new clean Window 10 Pro install will not let me push out from the management console version 1.6.1.2897 a client install of Malwarebytes Endpoint Protection. The error message I get in the management console is "Install failed. Invalid procedure call or argument". I don't see anything in the Windows 10 event log. Thank you for any suggests, Mike

Hi Jeffrey, I was a little so getting back to read your post. I have submitted a ticket this morning with samples. Thank you, Mike G.

We have a GPO set that when our users log into Windows their Internet Explorer browser is directed to our intranet company home page. This is detected as a PUM by Malwarebytes as shown below. I can add this to the Ignore List but each time a different user logs in on a PC the registry location changes just enough due to their unique sid to flag another alert. Would there be a way to stop this from happening? PUM.Hijack.HomepageControl Quarantined HKU\S-1-5-21-25782353-988745373-623647154-1029\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage Thank you

Good morning, One of the guys I work with in IT is having an issue with MBAE shutting down Excel when he tries to open it (Code executing from Heap memory BLOCK). I am at Anti Exploit version 1.05.2.1017 Where do I need to go to get the latest version of MBAE? My MBAM for Business is 1.75.0.1300 so I guess I am good there. Thank you, Mike

I have laptops and PC's that were were on our domain and scanned when Malwarebytes Anti-Malware for Business was first installed. These PC's and laptops have not had the Malwarebytes client software installed on them. Some of them have been removed from our domain. How do I remove these devices that are not on our domain but still showing in the Malwarebytes console as unregistered? If I right click on them all options are grayed out. I checked Active Directory and those devices are not listed. I did read on the forum here, that in 30 days they should drop out of the Malwarebytes console view. Is that my only option, to wait it out? Thank you, Mike

I upgraded to the latest version 1.5.0.2701 of the Malwarebyte Management Console. I changed the setting for Action for potentially unwanted programs to "Show results List and check for removal". A number of PC clients are showing malware threats detected. I have not figured out how I can use the Management Console to remove them. I do see that if I run another "Quick Scan" it gives me an option for "Automatically remove threats". Is that the only way to remove them aside from logging into the client and removing them from the quarantine? I am trying to clean the "Last Scan result" of Threat detected. The new feature added for email notification is really sweet! Thank you, Mike

I have Malwarebytes Enterprise version 1.75.0.1300 and the database version is V2015.01.26.06. My Windows 8.1 PC Malware client was at V2015.01.25.10. I clicked on the Check for updates” button within the client and it said “You have the latest database version”. I was able to push the latest database update out using the Management console. Do I have something configured wrong or is this an issue that needs to be resolved? Thank you, MGard

This is a program that our business uses for scanning members drivers licenses. The program is call ScanShell. The locations of the .exe are as follows. C:\Program Files\Card Scanning Solutions\ScanShell\Elevate64bit.exe C:\Program Files\Card Scanning Solutions\ScanShell\Elevate.exe Please note I changed the .exe to .txt so I could upload them. Thank you, mgard Elevate.txt Elevate64bit.txt