Jump to content

AndyPP

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by AndyPP

  1. Anti-ransomware is built-in to Malwarebytes 3, it is redundant to run a second stand-alone copy.
  2. Overwrite mbae-setup.exe in .\PackageTemplate on server, to have the console deploy the latest version, and/or include it in export. To use PDQ Deploy, exporting an MSI ensures they are preconfigured with address of server i.e. Anti-Malware managed can be deployed by PDQ.
  3. You should also seek to be formally engaged. Search for and join Partnerbytea program as a reseller ri ge assistance.
  4. For business product use http://support.malwarebytes.com even if trial. SQLExpress is what is used locally. Mix mode authenticarion and named pipes needed for external SQL.
  5. Malwarebytes 3 - home and up to 10 seats for micro businesses (see user license) has this component built in. Redundant to run second copy. Bigger businesses should buy Endpoint Security, it has non-beta component. Full protection from Malwarebytes has multiple layers. This single layer needs to be used with the others for maximum protection, not alone.
  6. Redundant to run two copies of anti-ransomware it is builtin to Malwarebytes 3. Installing second copy by beta breaks MB3 component. Uninstall and reinstall. https://forums.malwarebytes.com/topic/200634-malwarebytes-31-now-available/ https://support.malwarebytes.com/customer/en/portal/articles/2802905-malwarebytes-3-1-2-what-s-new-improved
  7. Install Anti-ransomware module ,ifyou haven't already. Also latest Microsoft security updates.
  8. Escalate to CEO, Marcin to talk to Eugene Kaspersky This is too important for 'standard" support channel.
  9. There is a nasty market trend emerging. Microsoft are locking down Windows 10 to allow one-only AV registration. Kaspersky are raising an anti-trust case on this. https://eugene.kaspersky.com/2016/11/10/thats-it-ive-had-enough/ Looks like Symantec are doing similar.
  10. I was advised that MSI is at link & have successfully downloaded: (I haven't yet requested NFR keys, but will go down that path soon).
  11. If an exclusion add is performed by line command and the exclusion is already existing, the utility doesn't return error and continues trying. C:\Program Files\Malwarebytes\Anti-Ransomware>assistant --x add "c:\temp" "MBARW Exclusion added: c:\\temp" C:\Program Files\Malwarebytes\Anti-Ransomware>assistant --x add "c:\temp" "Error: Timeout waiting for operation to complete" "Error: Timeout waiting for operation to complete"
  12. The [Add Folder] & [Add File] functions bring up a browse function and do an existence check, prior to applying the exclusion. I would probably apply an exclusion before installing software to avoid it being quarantined. Is this a sequencing issue? How does one work around it?
  13. Note, assistant.exe command is documented in Anti-Ransomware Administration Guide, and EXE is in beta & release versions. Is it relevant/appropriate to ask these questions in this forum?
  14. It appears that the MSI installation immediately starts, upon 1st installation. If exclusions are required, it appears that the assistant.exe -x -add "path" is done after program is running. 1. Is it a problem that Anti-Ransomware might quarantine files before exclusions can be applied? 2. Is it possible to preconfigure exclusions, so they are available as Anti-Exploit starts? - This seems desirable for a larger rollout - This seems desirable so Anti-Ransomware doesn't quarantine files, before exclusions can be applied? 3. Is it possible to install Anti-Ransomware in a stopped state, run the adds of exclusions, then start it?
  15. FYI - I downloaded from an "Not-For-Resale" license key & MSI wasn't there (I am reseller). I subsequently downloaded from a "Resale" key and MSI was in package. I'll send case to support re NFR key.
  16. Manual for Anti-Ransomware is at: https://www.malwarebytes.com/pdf/guides/AntiRansomwareAdminGuide.pdf It's got 6 urls.
  17. Logging is not mentioned. Whilst I understand it is not 'managed' until version 3.0 release, I am interested in *any* local logging available. Logfiles? Windows events? ==== I have seen this file under - C:\ProgramData\MalwarebytesARW\MBAMService\ArwDetections\b7912936-71c1-11e6-92e9-0800275225d0.json Are such files useful, if we polled this directory for content, for existence of files? Note, this entry is from 3 Sept. ==== DD5C438A820AC6BBE4FDCE298F2C2F13319815C9F4ADBEAB22D67E88B385315A { "clientID" : "", "clientType" : "other", "id" : "b7912936-71c1-11e6-92e9-0800275225d0", "sourceDetails" : { "detectionTime" : "09\/3\/2016:20:32:30.374", "type" : "arw" }, "threats" : [ { "linkedTraces" : [ ], "mainTrace" : { "cleanAction" : "quarantine", "cleanResult" : "notStarted", "cleanResultErrorCode" : 0, "cleanTime" : "", "objectPath" : "C:\\WINDOWS\\system32\\taskhostw.exe", "objectType" : "file", "suggestedAction" : { "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "useDDA" : false } }, "ruleID" : 0, "threatID" : 0, "threatName" : "Malware.Ransom.Agent.Generic" }
  18. Can you please advise what logging is available to support business deployment? XML? Syslog/CEF?
  19. Can you please advise when the MSI will be available for trial, as per announcement?
  20. Thanks for the rapid response. Yes I understand paid version is required to gain protection of Office files. Outlook isn't listed in 1st link. Upon a search, the article to do additional protection for "Outlook.exe" is listed. I find it a bit unusual that a mainstream Microsoft application is not protected by default/listed on the data sheet. Link is https://support.malwarebytes.com/customer/en/portal/articles/1833585-how-can-i-configure-malwarebytes-anti-exploit-to-protect-additional-applications-?b_id=6440 With that answered, to clarify my second question - is about when Outlook views/launches an attached Office document, will Anti-Exploit provide protection? For example, Outlook may use some underlying services to invoke work/or it might just be same as user launching. I assume Malwarebytes techies will know which
  21. I saw a post* suggesting that Outlook is not protected by Anti-Exploit. However, Outlook can launch Word as it's viewer/editor. Will the Office macro protection work in this scenario? https://forums.malwarebytes.org/topic/186853-malwarebytes-antiexploit-questions/#comment-1055538
  22. Is there any update on this from Malwarebytes? Will the mobile application detect/fix this problem?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.