scoutt
-
Posts
124 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by scoutt
-
-
I have another one. This one was quarantined.
-
Thanks, we did a remediate and nothing was found. Thanks again
-
I have another one that needs white listed.
-
Thank you
-
Thank you sir.
Also noticed that this DLL will be different depending on what HP driver is installed "x64\3\hpmsn130.DLL"
Also we have noticed a very big slow down on some excel spreadsheets. Very slow loading and saving. Upgrade to the Nebula client and slowness goes away. Spreadsheets range in size from 100K to 1mb, all are real slow.
-
Does this white list go to business owners as well? Specifically Nebula clients?
-
sure thing, sorry forgot
-
We have the following file that is trusted but came up as anomalous, please white list it
C:\PROGRAM FILES (X86)\HELION SOFTWARE\ORCATS\PERSONAL\PERSONAL VOUCHERS\PERSONAL PROPERTY RETURN.EXE
-
Also, there is also the Breech Remediation tool you can download form the Nebula. But it also has to be licensed. This will allow you to do a silent scan as well.
-
An engineer told me. It is not documented. Or at least any of the documents I can see lol
-
There is a command scanner, this switch is not part of the help /? switch in EACmd.exe
create a file called scan.txt (scan.txt is just an example) inside scan.txt add the path to scan i.e. c:\ or c:\temp etc...
\ProgramFiles\Malwarebytes Endpoint Agent\UserAgent\ .\eacmd.exe -ContextScan="C:\temp\scan.txt"
-
I see from the update page that we have a new version being pushed.
QuoteMalwarebytes Anti-Exploit 1.13.2.257
Protection:
• Protection against new exploit attack vectors
Stability/issues fixed:
• Fixed a bug in Chrome and Edge browser shields
• Fixed customer issues with MS Office applications
• Fixed customer issues with Bank plugins
• Improved Logging capabilities
• Internal Product ImprovementsBut apparently the "Fixed customer issues with MS Office applications" is now causing lots of HP driver issues when printing from word.
QuoteExploit payload process blocked BLOCK C:\Windows\System32\rundll32.exe C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpmsn130.DLL,MonitorPrintJobStatus \pjob=19 \pnameNW Corner HP LaserJet color M551 User Microsoft Office Word C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE Attacked application: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE; Parent process name: explorer.exe; Layer: Application Behavior Protection; API ID: 207; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra:
Anybody else seeing these? Just started yesterday when users started updating. Changing the driver to a Universal driver fixes some of them.
-
Thanks Exile, I tried the above commands but there isn't a file called mbamapi.exe in the install of the Nebula client or Anti-Malware. I also tried all the exe's in both locations and nothing gives a list of switches. So I don't think its there (yet) either. I have a call with an engineer so I will ask the same question.
Appreciate the help though
-
Thank you, but I was asking for the Nebula install of Endpoint Security. Is it the same?
-
I think it would be good to give us a way to control what severity we should get notifications on. Right now it is High Severity for Suspicious alerts, I would find it very useful if we can lower that to any number of severity levels. If a user gets a mass load of low severity it could be a precursor to something bad.
- 1
-
Looking for command line scanning switches and what files is used to run those commands?
-
Thanks Exile, research has already found that it was the windows 2004 update causing grief. We may have a fix, still testing, but so far so good
-
Ticket has been created.
Thanks Exile
-
Oh, I just noticed you moved it, this is not a home product, we have the business install. Should I create a ticket instead?
-
Hi Exile,
Any news on this? It usually doesn't take this long.
-
Thanks exile, here it is.
-
I have sent you a PM
Thank you
-
Hi exile, kindly remind where where that is?
-
Well that didn't stop it. Still getting false positives.
False positive needs white listed.
in File Detections
Posted
Thank you very much