KevinGu

Hello: We are testing MBMR and keep finding this: <Detection><Info><Name>Windows.Tool.Disabled</Name> <Path>HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig</Path> <Hash>1100944e71197bbb1d2d5cd27c89c13f</Hash> <Class>8</Class> I am pretty sure its a false positive and just reading the registery entery that controls system restore. We disable system restore and believe its flagging MalwareBytes because maybe some threats do this. I would like to confirm our theory is correct. Also, when it finds and "removes" what does it do to the registry key, if anything? Thanks....

Hello - I am testing the MBMR product. One of the selling features was the ability to scan a system remotely. Looks like that ability is somewhat crude at this time unless we are not understanding. Looks like you can have the executable on a network drive or local and direct the logs to a network drive. You still have to use an additional tool to get to the machine and initiate the scan. I was hoping it would have a switch to direct the scan to a remote machine like MBMR scan -full target -\\remotemachine name. I'd be interested to know how folks are using this remotely. Thanks, Kevin.