treed

Those two screenshots show that you're trying to install Malwarebytes version 4.6 and 4.16, neither of which is correct. The 4.16 beta is NOT the current one. You need the 4.17 beta that Al gave you a link to.

Looking at your tickets, I'm not seeing that anyone asked for a file. We do not need that for this issue. Since you've uninstalled the software, the only way to reinstall on macOS Ventura is to download and install the beta according to the instructions here: https://forums.malwarebytes.com/topic/291402-malwarebytes-for-mac-417-beta/ Please make sure you're running the correct installer. One of the screenshots in one of your support tickets showed that you were trying to run a Malwarebytes 4.6 installer, which is very outdated and absolutely will not work on macOS Ventura. You also need to be aware of the macOS Ventura bug that is affecting ALL security software - not just Malwarebytes - and causes the real-time protection not to be enabled. See the description of the bug and the workaround in the link that alvarnell posted above.

There absolutely is spyware for Macs, though Malwarebytes for Mac should detect it. The most likely scenario with people who would have had access to your Mac would be installation of some kind of "legitimate" spyware, marketed for monitoring children. Such software would be detected as a "potentially unwanted program" (PUP) by Malwarebytes. Detecting malware or spyware is absolutely outside the capabilities of our iOS app, due to Apple restrictions, as I mentioned previously. Based on what you've said, I'm confident that there's no chance your iOS devices are infected... but you would absolutely need to lock down all your online accounts, including your Apple ID, to ensure nobody other than you has access. Don't pay attention to what your Malwarebytes account says. It will not show any devices with the UK app active. Just make sure all the features of the iOS app are active within the app. However, again, don't expect this to prevent someone from spying on you through your online accounts.

Most likely, your iPhone was not hacked or infected. There are many methods people can use to stalk you, but malware or some other phone hack is the most difficult to pull off. It's usually only done by nation-states or other extremely powerful organizations against high-value targets. For example, journalists documenting human rights abuses by authoritarian regimes are at high risk of such attack. The average person, though, has almost no chance of experiencing this kind of thing. Without more details about what you saw, I can't say for sure what happened, but I'd guess it probably involved some kind of account compromise. If someone managed to gain access to your Apple ID, they would be able to use that to see your location, intercept your messages, etc. Similarly, if someone gains access to other online accounts, they can see a lot of information about you. Worst of all is if someone gains access to your e-mail. If they do, they can probably access many of your other accounts, either by guessing weak passwords or doing password resets and intercepting the password reset e-mail. If someone may have accessed one or more of your online accounts, there is no app you can download to fix that. You would need to go change the password on all your accounts. Be sure to use a long, random password on each account, and make sure the password is a different one on each account. Store them in a password manager, such as 1Password or LastPass. Also, set up two-factor authentication on every account that will let you. This will require you to enter a code that is texted to you, or generated by an authenticator app or even your password manager, in order to log in, making it more difficult for someone to gain unauthorized access.

It is found in the settings within the Malwarebytes Privacy app. If you're not using that feature, then there's no need to worry about the system extension not being active. The rest of the features of the Privacy app should work just fine without it.

I have brought this to the attention of customer support. They'll be looking into your ticket soon, if not already. A few things to mention here: The app is indeed available in the UK, but it is a slightly different app. If you're clicking a link somewhere, don't do that. Go to the App Store and search for "Malwarebytes" and you should find it. You will need to log in to a Malwarebytes account within the app to get it working. You should have an account on the e-mail address you used to make your purchase, but if you haven't set up a password yet, you'll need to do that. You can access your account here: https://my.malwarebytes.com You mentioned that you have been hacked. Please be aware that that is not something our iOS app can do anything about. Due to Apple restrictions, iOS apps are not able to scan for malware. If you can post details about why you believe you have been hacked, we can work with you to figure out what's going on.

This would have nothing to do with iCloud. It's not possible for something like this to persist after erasing the hard drive unless it is somehow copied back to the machine from some form of backup, or unless it was reinstalled. I use other Adobe software, but not AfterEffects, so I'm unfamiliar with that. Is it possible that the Maxon Cinema 4D Full Installer.app in that location is installed automatically as part of AfterEffects? If not, what else did you install after wiping the hard drive? Did you copy any data manually from backups?

The extension is only used if you turn on the Connection Rules feature. If you use that, go try to turn Connection Rules back on, and it should walk you through the process of re-enabling it (and ensuring it gets added to the Full Disk Access list again).

The process that is triggering these RansomWhere alerts is: /Library/Application Support/Adobe/Keyfiles/AfterEffects/22/CustomHooks/Maxon Cinema 4D Full Installer.app Is Maxon Cinema 4D the program you downloaded from the piracy site? If so, I'm guessing it was never completely removed, and the installer is still there - migrated from backups after factory resets - with Adobe trying to run it periodically. I'm guessing something about the installation process is triggering RansomWhere... probably the writing of files with a high level of entropy (randomness). What I'd recommend doing is to fully remove your Adobe software, ensuring that the /Library/Application Support/Adobe/ folder is removed in the process. Then reinstall Adobe from scratch.

Glad we could help! 🙂

I'm not entirely sure, but I suspect Monterey 12.6.1 is not affected. The particular issue that Apple was trying to fix, and in the process caused this bug to occur, is not mentioned in the 12.6.1 security change notes. So I suspect it is not going to be affected. However, I can't say I've tested it, so I don't have personal experience yet to say for sure.

La solución para ESET debería ser similar. No sé el proceso exacto, pero tendrás que eliminar cualquier elemento de ESET de la lista de acceso completo al disco de la misma manera que lo hiciste con Malwarebytes. Entonces, recomendaría intentar activar cualquier función de protección en tiempo real en ESET. Luego vuelva y vea si el elemento ESET está de vuelta en la lista de acceso completo al disco. The solution for ESET should be similar. I don't know the exact process, but you'll need to remove any ESET items from the Full Disk Access list the same way you did for Malwarebytes. Then, I'd recommend trying to turn on any real-time protection features in ESET. Then go back and see if the ESET item is back in the Full Disk Access list.

This is definitely an Apple problem, and unfortunately it's not something that we can fix with another beta release, or anything else. The good news is that Apple says that they have fixed the problem in macOS Ventura 13.1, which is in beta right now.

Desafortunadamente, no tenemos ninguna instrucción escrita en español. Sin embargo, la siguiente página contiene instrucciones en inglés que deberían ayudarte a resolver tu problema, si puedes leerlas o traducirlas. (Puede traducir texto en macOS seleccionando el texto, haciendo clic con la tecla Control pulsada o haciendo clic con el botón derecho en el texto seleccionado y, a continuación, elija la opción Traducir). Unfortunately, we do not have any instructions written in Spanish. However, the following page contains English language instructions that should help you solve your problem, if you're able to read them or translate them. (You can translate text on macOS by selecting the text, control-clicking or right-clicking the selected text, then choose the Translate option.) https://forums.malwarebytes.com/topic/291428-ventura-causes-real-time-protection-to-turn-off/

Please see the following:

The Malwarebytes app is just the user interface that you use to interact with. It does not need, and does not use, Full Disk Access. It's not going to hurt anything to give it Full Disk Access, but since there's no reason for it to have it, I'd recommend turning that off. Malwarebytes Protection is what needs Full Disk Access. If you don't see it on the list, but the real-time protection features are definitely turned on in Malwarebytes, then it must have Full Disk Access, regardless of what System Settings shows. In this case, I can only imagine that this is yet another macOS Ventura bug.

Update: This bug appears to have been fixed in macOS Ventura 13.1, so please consider updating Ventura, for this reason and others. There is a bug in the release version of macOS Ventura that causes Full Disk Access for any security software (not just Malwarebytes) to fail to work properly after the Ventura upgrade. This results in real-time protection being turned off, even though within System Settings it appears that Malwarebytes Protection actually has Full Disk Access. The bug only appears to affect Malwarebytes if it was installed prior to upgrading to Ventura. New Malwarebytes installation on Ventura, on a machine where Malwarebytes has not been installed in the past, are not affected. For those affected, you can fix the issue by following these steps: open System Settings, click on Privacy & Security, then Full Disk Access. Open the System Settings app Click on Privacy & Security, then Full Disk Access (you should see something like the image below) Click once on the Malwarebytes Protection item to select it Click the minus (-) button at the bottom of the list to remove the item Open Malwarebytes and attempt to turn on real-time protection You will see a window guiding you through the process of giving Full Disk Access to Malwarebytes Go back to System Settings and turn on Full Disk Access for Malwarebytes Protection, which will have been added back to the list After you have done this, real-time protection should automatically turn back on, if it had been on before this happened. If it does not turn back on, in can be re-enabled within the Malwarebytes app.

Yeah, this is starting to look like entirely a Ventura issue. ESET has published a support article on their site addressing the same problem, with the same solution. I'll be confirming this with some other software, but if there are two entirely separate pieces of software having the same problem on Ventura, Occam's Razor says the simplest answer is probably correct: that the bug is in Ventura, not an identical bug in two other pieces of software.

It probably will, so try the first set of instructions first. Only use the tccutil reset instructions as a last resort. (I say "probably" because tccutil reset All is not supposed to work anymore, due to the potential for abuse... but, for some reason, it works with this issue. There are definitely some weird Ventura bugs happening here.)

I'd advise it at this point, so you can get the next beta. Long term, it's up to you. Having that turned on does incur some risk, as seen here, but it also lets you get early access. An alternative, if you want betas but don't want them installed automatically, would be to follow the beta forum, and then you can choose whether to manually install the beta or not.

Interesting... so, you were seeing the same problem on the older, non-beta version of MB4 on Ventura? That's definitely new behavior not observed with the Ventura betas. RTP worked just fine, as did FDA, on the betas I tested with. Thanks for the information! That may help track it down.

If you're seeing this, you've gotten a beta release, likely because you have turned on the Beta Application Updates option. This release was a beta, and it appears it has a problem, though the problem appears to be at least in part a Ventura bug. There's more information and a couple possible solutions here:

There is a bug in the release version of macOS Ventura that causes Full Disk Access for any security software to fail to work properly after the Ventura upgrade. This results in real-time protection being turned off, even though within System Settings it appears that Malwarebytes Protection actually has Full Disk Access. For those affected, you can fix the issue by following these steps: open System Settings, click on Privacy & Security, then Full Disk Access. Open the System Settings app Click on Privacy & Security, then Full Disk Access (you should see something like the image below) Click once on the Malwarebytes Protection item to select it Click the minus (-) button at the bottom of the list to remove the item Open Malwarebytes and attempt to turn on real-time protection You will see a window guiding you through the process of giving Full Disk Access to Malwarebytes Go back to System Settings and turn on Full Disk Access for Malwarebytes Protection, which will have been added back to the list After you have done this, real-time protection should automatically turn back on, if it had been on before this happened. If it does not turn back on, in can be re-enabled within the Malwarebytes app.

The beta has ended, and 4.17 is now released. Please note, though, that this does not - and cannot - fix the macOS Ventura bug that is mentioned in the important note below. Thanks to everyone who provided feedback! IMPORTANT NOTE: If you have trouble with real-time protection on Ventura, this is not a bug in the beta. It is due to a bug in Ventura that is affecting ALL security products (not just Malwarebytes). More info and a fix can be found here: https://forums.malwarebytes.com/topic/291428-ventura-causes-real-time-protection-to-turn-off/ Hi, all! We've just released Malwarebytes for Mac version 4.17 in beta. The primary change is the ability to install on macOS Ventura. If you have updated to Ventura, please try running this installer to make sure that it functions properly. (Note that we are aware of issues with the screenshots for granting Full Disk Access not matching the new System Settings on Ventura. This will be fixed in a future release... for now, we just needed to get this out ASAP.) You can update to the beta within the app, with the Beta Application Updates feature turned on, or you can download the installer directly from here: https://cdn.mwbsys.com/packages/mmac.installer.consumer/1/1/2/c/112cd1e5c53453535b1dcc163b15baaf/08ee079b-8bad-4cd9-b305-f3ee809086dd.pkg Please reply here with any comments, questions, and problem reports! BTW, I know it's been a while with few betas, but not to worry... we do have some cool stuff in the works! 🙂

Please don't provide more logs unless requested. Logs can contain personal information, and unless they've been requested, they are not likely to be helpful in any way. I'm going to edit your posts to remove the logs just to be sure there's nothing in there that you wouldn't want to be posted openly on a website. I still don't understand exactly what it is that you believe has happened. What specific things have you seen that lead you to believe your devices are compromised?