Jump to content

treed

Staff
  • Content Count

    1,449
  • Joined

  • Last visited

Everything posted by treed

  1. Malwarebytes for Mac does NOT actually use a System Extension yet. Work on that is underway, and has been for some time, but it is not ready yet. Also, to clarify some other things... 1) Apple has not, strictly speaking, changed anything regarding deprecation of kexts. Technically, the KAUTH and other APIs used by kexts have been deprecated for some time. Deprecation does not mean they no longer work, just that they are in danger of not working in the future. Because there were no other options, historically, most companies that have software that relied on KAUTH continued to use it anyway. 2) Nothing is changing regarding the availability of these APIs in macOS 10.15.4. 3) We know that things will change in macOS 10.16, but it's still not entirely certain how they will change. We'd really rather not find out, and are planning to have a System Extension before then. 4) As far as I can tell, the only change in 10.15.4 appears to be that the warning message that is displayed when the software tries to activate the kext has changed from this: to this:
  2. It's only important for Catalina (and beyond, for future readers). The only thing a lack of full disk access impedes us from removing on Mojave is adware in the form of old-style Safari extensions, which no longer run in Mojave anyway. That said, it certainly isn't going to hurt to give access on Mojave, either.
  3. What you are describing sounds like it's probably not malware. It is not necessary for malware to install hundreds of apps to get a backdoor into your computer; all it takes is one, and installing hundreds would do nothing but increase the chances of the user discovering the infection. I suspect that you are looking at legitimate parts of the system, but cannot be sure without more information. If you can post some screenshots, as adas requested, that would be helpful.
  4. Please note that this does not mean that apps from the App Store are safe. There have been cases of apps engaging in malware-like activity, such as theft of user data or scamming users out of money, on the App Store. Just because an app is on the App Store does not mean there's any guarantee that it's legitimate.
  5. Please note that if you're still using Malwarebytes Anti-Malware, all versions of that are outdated. We're still delivering rule updates to Malwarebytes Anti-Malware 1.3.1, but it is no longer compatible with the latest versions of macOS. We would recommend uninstalling it and using the latest version of Malwarebytes for Mac instead. https://support.malwarebytes.com/hc/en-us/articles/360038479294-Download-and-install-Malwarebytes-for-Mac-v4
  6. Even if someone were to do that, locking the setting manually is still of dubious utility. It only prevents someone with access to the computer from changing those settings... but if someone malicious has access to your computer, you have way bigger problems to deal with. The possibility of fiddling with full disk access settings is the least of your concerns in such a case, and no security system in the world can protect you against an adversary who has physical access to your logged-in computer.
  7. That's not actually correct. Unlocking a pane in System Preferences is purely temporary. Try it for yourself... unlock a pane, leave it unlocked, and quit System Preferences. Then reopen System Preferences and go back to that pane. You will see that it is locked again.
  8. These error messages appear to be "normal." I see them on a system here that does not have Endpoint Protection installed, and many others have reported them as well: https://stackoverflow.com/questions/58321114/why-i-get-the-console-warning-process-kill-returned-unexpected-error-1-when
  9. It's very unlikely that that page could have caused such a problem, or infected your system in any way. I won't say impossible, especially since you're using an extremely old system and an extremely old version of Chrome, just unlikely. (There's really not much profit for a hacker to target such old systems & software, as there are a vanishingly small number of people running them, but they also will have known vulnerabilities that would make attacking them easier.) Most likely these issues are just the result of using such old software. There have been general issues with Safari on the newer Mavericks (10.9) system accessing web pages, so it's not surprising to see issues on Mountain Lion.
  10. Thanks for reporting that! I'm guessing that's a copy-paste error, but I'll report it so it can get fixed ASAP.
  11. Yup, any 3.x version supports 10.10. Support for 10.10 was dropped in 4.0. I'll check out that document you referred to, as it looks like it needs to be corrected. Note that Malwarebytes will remove whatever adware caused these problems, but can't actually fix all the symptoms that may result from changes to browser (and other) settings. Make sure to review this post: https://forums.malwarebytes.com/topic/236261-how-to-remove-the-after-effects-of-adware/ Finally, note that your feelings about Total AV are correct, and it is something we will detect and remove.
  12. Obviously, the choice is yours, but if I can set your mind at ease a bit, I'd like to do so. First and foremost, I want you to be aware that any data you send to support is between you and us, and is used only for support purposes. It will never be shared with anyone else, and we absolutely do not sell customer data or otherwise share it with third parties. I'm aware that some of the data collected by our MBST tool is potentially sensitive, but none of it should be terribly sensitive. Still, I can't make any guarantees about what data is output to your system logs. However, we really do need that data to help troubleshoot. We probably don't need all of it, but it's impossible to know in advance what data may be needed, and the data that tool collects does a pretty good job of covering most cases, without lengthy back-and-forth requests for additional information in most cases. In this case, we're seeing a very small number of people with this issue, but we don't yet understand why. By providing that data, you can help us to understand why, and that helps us to help you better. If you decide you don't want help, that is, of course, your choice
  13. There's no static list of locations scanned, as that can vary. If I were to build a list and give it to you, it could be outdated tomorrow. As for differences between 1.3.1 and the more recent 3.x and 4.x clients, there are definitely differences in the engine. I would not be at all surprised to see 1.3.1 fail to detect things that 4.x did, as the engine in 4.x is much more capable. I'm also not surprised that 1.3.1 is slower, as it's much older code and there have been many improvements since then. I'd be very surprised, though, to see 1.3.1 detect something that 4.x did not, so I'd love to hear more information about that!
  14. We do not currently support network filtering/blocking on Mac at this point. It's on our to-do list, but has not happened yet.
  15. If you can post a panic report here, we can help identify the likely culprit. It's not always the app that you're actively using at the time. If you have trouble finding the report, you should be able to find it under Diagnostic Reports within the Console app (found in the Utilities folder in the Applications folder).
  16. Most likely, it's not actually necessary to uninstall. Reinstalling should replace any damaged components. Get the latest installer, and the complete installation instructions, here: https://support.malwarebytes.com/docs/DOC-1817 If that doesn't work, let us know.
  17. As Al mentioned, you should find anything that was detected in the quarantine, as long as you haven't manually deleted anything from the quarantine and it hasn't been 90 days since the item was quarantined (or whatever the interval is that you've got set for "Automatically remove old items from Quarantine" in the settings). We're currently working on a scan history that will show everything, even after removing things from quarantine, but it's not there yet. I'm not sure what you're referring to about the log indicating that a restart is required. Are you referring to an entry in the Reports that says "We have quarantined threats. A restart is required"? If so, I'd recommend that you make sure your computer has been restarted since that time, and do a manual scan afterwards just to make sure everything is still gone.
  18. Depending on what version of macOS you're using, you may find some help here: https://support.malwarebytes.com/docs/DOC-2632 Uninstalling and reinstalling Malwarebytes for Mac might help as well, but there is a bug in some versions of macOS that can cause all kernel extension activations to fail. If you've tried uninstalling and reinstalling, and the Allow button still doesn't show up, you probably are affected by that bug, which is mentioned on the above page under the heading "Allow button doesn't appear or Activate Protection button doesn't work". In that case, reinstalling macOS is the easiest solution. If you're adventurous and comfortable in the Terminal, though, you can reboot in recovery mode and run the following command, which should fix this particular problem: chflags restricted /Library/StagedExtensions I don't recommend trying that if you're not sure what I'm talking about though.
  19. It looks like that site was blocked due to presence of malware on that site, but I don't know details. Do you believe that this is a legitimate site? (PS - I moved this topic over to the Browser Guard for Firefox forum)
  20. Looks like you got some help here in the forums within a few hours. There are also a variety of support options easily accessible from the website: 1) Click Support 2) Click For Mac 3) Choose one of the support options Can you clarify where you had difficulty locating this? I'd be very interested to learn more, as I've heard others say they had difficulty contacting support, but I don't really understand why. I'd like to understand so we can improve. Also, Al is correct about holiday staffing. See the notice from the top of our support page:
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.