REGITDept
-
Posts
201 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by REGITDept
-
-
Issue confirmed fixed.
Thanks all.
-
40 minutes ago, gonzo said:
Block is being removed, but it will take as much as 3-4 hours before changes take effect.
Thank you.
Is it a false positive?
Thanks.
-
1 minute ago, Porthos said:
I do see the block in Browser guard.
So what is your verdict on this one? A false positive or what is the reason it was blocked in this case?
Thanks.
-
4 minutes ago, Porthos said:
I am not seeing a block on that site. Could you post the log showing the block.
Please see screenshot.
P.S: We are using Malwarebytes Cloud.
Thanks.
-
Dear Malwarebytes,
Whenever we went to this website "https://ceasattachments.com". Malwarebytes would pop-up with a block "structurecdn.thememove.com(204.48.23.106:65017)".
Please let us know whether this is a false positve or malicious?
Thanks.
-
On 7/17/2020 at 6:10 PM, exile360 said:
Greetings,
Please refer to the Real-Time Protection section of this support article where it says Exploit Protection. Once there within settings, locate the bullet point which says Exploit Protection, then in settings in the UI click the link Manage Protected Applications and use the Add button shown in the image in the Protected Applications list to add calc.exe as a shielded app so that Exploit Protection will monitor it since this is the process used by the test tool. Once it has been added you should be able to run the test and see a detection.
Additionally, you may also test Web Protection by visiting iptest.malwarebytes.com which should result in a block along with a browser redirect to the Malwarebytes block information page indicating why the site was blocked. You may also ping the site or its IP if you want to test non-browser processes; any connection to or from the site should be blocked system wide and this is true for any sites categorized as threats by Malwarebytes.
Testing the core Malware Protection component should be fairly straightforward; pretty much any common Potentially Unwanted Program such as a bundled installer, junk registry cleaner/system optimizer or similar apps (the scammy ones that show tons of "critical" issues but require payment to "fix" them for you) along with driver updaters and other snakeoil type apps.
I hope this helps.
Perfect !
You have answered my question.
Thank you so much for the help.
-
Thanks for the help guys.
I'll keep you guys posted.
Also it would be great if you guys can answer my other topic on here about how to test to see if the protections are working.
-
Dear Malwarebytes,
Scanning always failed. Even initiated at the local machine.
Thanks.
-
Dear Malwarebytes,
We recently upgraded to Malwarebytes Nebula. We wanted to test to see if all the protections are working correctly. How do we test this? I have tried running the Anti-Exploit test program but it doesn't block or report it.
Thanks.
-
I guess no one worked on this bug because the product will end of life on August 4th, 2021.
Thanks.
-
On 7/4/2020 at 2:36 PM, shadowwar said:
Please see here:
https://www.malwarebytes.com/upgrade/mbes-to-ep
or
https://www.malwarebytes.com/upgrade/mbes-to-teams
I am just in research so i dont really have the sales knowledge. The product has a client that runs on the machine but is cloud managed.
Malwarebytes Endpoint Security product will be discontinued/end of life on August 4, 2021
Thank you for the info.
We didn't know Malwarebytes Endpoint Security will be end of life soon.
How come we never receive any email notice?
Thanks.
-
On 7/2/2020 at 5:47 PM, Porthos said:
Are these just standalone workstations, how many, or is there a server involved?
We are using Malwarebytes Endpoint Security which involved a dedicated on premise server.
Thanks.
-
On 7/1/2020 at 10:34 AM, shadowwar said:
You may want to talk to your business rep but i believe you would have to upgrade to the cloud version.
shadowwar,
But isn't this more of a different product than an upgrade? One is cloud-based, and one is on premise based?
We would like to see an update to the on premise.
Thanks.
-
On 6/25/2020 at 5:16 AM, shadowwar said:
Just a tip. May want to see about upgrading to the latest available version. Whitelisting and protection are greatly improved and things like this should not happen with the latest version available.
shadowwar,
There is a newer version under the Malwarebytes Endpoint Security?
Thanks.
-
That was an odd issue.
Case closed for now.
Thanks for all the help guys 😀
-
1 minute ago, cli said:
Can you have that client do another DB update and rescan? Thanks.
After I restored the files, it's not picking up again. Databases is already up to date.
-
3 minutes ago, cli said:
I thought there might be additional logs in there.
Also, it's odd because I scanned the files in Quarrantined.zip and not seeing any of them being detected. For example,
windows_wlan.exe - Backdoor.RevengeRAT.MSIL
https://www.virustotal.com/gui/file/da77035d3363da6f57ae6cce593a6cd77ac630f3aff1c94f35df4ea31e3aea71/detection
Excel.exe - Trojan.Malpack.VB
I'm going to continue digging.
Yes, very weird because it only happened once to only this one client.
Thanks.
-
4 minutes ago, cli said:
I believe it's located at "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs". Thanks.
cli,
I have included that in the initial post.
Thanks.
-
41 minutes ago, cli said:
Hi, can you provide the files detected and mbamservicelogs?
cli,
Where is this mbamservicelogs that you needed?
Thanks.
-
1 hour ago, Porthos said:
I have asked for your post to be moved to the FP section so it will get noticed quicker.
Thank you Porthos 😀
-
35 minutes ago, cli said:
Hi, can you provide the files detected and mbamservicelogs?
Dear cli,
Here are the files that was quarantined.
Thanks.
-
Dear Malwarebytes,
One of our client today suddenly unable to use anything Office 2016.
I take a look and it seems like it is a false positives.
Please help me take a look into it to make sure that it is a false positives and nothing malicious.
Thanks.
-
1 minute ago, tetonbob said:
Yes, our researchers fixed the issue on our side, the same day as your screenshot, 4/13
Thank you.
That was quick. How did they knew about the issue and resolved it so quickly?
-
1 hour ago, tetonbob said:
Hi @REGITDept- thanks for the logs and the file. According to the logs, the executable was detected and quarantined as your screenshot shows, but subsequently whitelisted on our end on the same day. Further detections by the ArwSDK as shown in the logs were no longer quarantined. Reference the MBAMService.log.bk5 on 4/14
Are you still seeing detections on this file?
As for the \ArwDetections folder being empty, if you're using the Manangement Console, the detections jsons are actually handled differently than with the unmanaged ARW standalone. Once the detection jsons are parsed by the Agent on the endpoint and sent to the Console, they are removed from that local directory.
Did Malwarebytes fixed the issue yet?
What I did was I put an exclusion inside the policy.
Let me know so I can remove the exclusion once fixed on Malwarebytes' side.
Thanks.
Malware Database Definitions Location
in Malwarebytes Nebula
Posted
I'm curious of where is the malware database definitions is located at? Is it real time from the cloud or it is downloaded and stored locally on the computer?
Thanks.