Jump to content

zappozeppo

Members
  • Posts

    16
  • Joined

  • Last visited

Posts posted by zappozeppo

  1. 17 minutes ago, Porthos said:

    You have to do each one separately.

    Add a website or IP address to your Allow List. When you add a website address, type the website with the world wide web (www.) prefix.

    1. Click Allow a website.
    2. Click on the text field under Add a URL or Add an IP Address.
    3. Enter the URL or IP Address in the text field.
    4. Click Done to confirm your changes.
    5. Then do the next one.

    Number 5 I added.

    You are right, I misanderstud suggested syntax inserting URLs, showingmore URLs separated by comma.
    ZZ

  2. 21 hours ago, exile360 said:

    Greetings,

    If you can query the IP addresses of the servers hosting the domains, that would likely be the simplest way to create the exclusions to avoid the sites being blocked.  Otherwise you might try adding the leading www. to each URL/domain exclusion (rather than just domain.ext) and that might resolve the issue.

    The only other option would be to exclude the process that connects to the websites by selecting the Allow an application that connects to the internet option and selecting the appropriate process (though if it is a web browser, I'd strongly caution against it unless the user is running a separate browser specifically for those sites/documents, for example if the user runs Firefox to view the documents but uses Chrome or some other browser for their everyday web browsing).

    Please let us know how it goes.

    Thanks

    IP addresses aren't a good solution to manage website exclusions, they are hosting provider managed, often covering a pletora of sites not connected eachother. If you want to work correctly you have to depend from DNSs, using pure URLs.
    The only case I can think about is when you are hosting a site by yourself and your server has a static public IP.

    The www subdomain is normaly dedicated to a single http site.
    People there are apparently using subdomains instead of trees of subfolders.
    The only way I know to indicate them is by jolly characters as you set into firewalls rules (*.domain)

    The access to portals I spoked about is simply by browser, no dedicated software to allow by rule.
    Excluding any internet browser from antimalware control is not a very good idea, even if you dedicate a specific one to a specific use.
    You cannot be sure that users will never use it for other connections and this is very dangerous.

    Anyway, my question was very simple, and essentially I needed a simple answer: did developers include into Malwarebytes the possibility to insert as web exclusion objects as  classes of subdomains, and if yes, by which syntax?
    Beacuse, if this is possible, any other consideration could be bypassed by a simple, clear statement.
    Tank you in advance

    ZZ

  3. 21 hours ago, exile360 said:

    By the way, this support article documents how to create the various types of exclusions if you need any details on any specific type.

    The article you refer (I saw it before writinh here) doesn't contain any useful detail to solve my problem.
    It simply says you can add a WebSite (URL or IP) as exclusion.
    It doesn't even dedicate words to the possibility of adding more that one URL in the same exclusion line (permitted, if separated by comma)

    ZZ

  4. Hi,

    I have a customer using a private educational platform containing hundreds of documents.
    Documents are often located on different servers (and domains).
    Malwarebytes is blocking these domain changes making him unable to see the documents he needs.

    I tried to add secondary URLs to Malwarebytes Web Exclusions but the complete URL is often different, mantaining main domain but changing sub-domains:

    name1.domain.ext 
    name2.domain.ext
    name3.name1.domain.ext

    I tried to insert in the Web Exclusion list something as "*.domain.ext" (refused) or simply "domain.ext" (accepted but not avoiding blocks).

    Is there a way to simply insert main domain and all possible sub-domains as a single Web Exclusion?

    Thanks

    ZZ

  5. Hi,

    I tried to password protect unmanaged AntiMalware clients.

    As from product manual page 21, this password protection "restricts access to the Protection, Ignore List and Settings tabs of the user interface" , but:

    What is the meaning of this protection if the user can simply right-click the tray icon and unckeck main functionalities FILE SYSTEM PROTECTION, WEBSITE BLOCKING, START WITH WINDOWS?

    Thank you in advance

    ZZ

     

  6. It is not acceptable to be tied to a single, not standard browser: this is a major software developement rule for everybody.

    Malwarebytes cloud has to be compatible FIRST with standard browsers included with operating systems (IE and Edge for Windows clients & servers, Safari for Apple world).

    Then, if you have time more, you can develop compatibility for optional browsers as Chrome, Firefox, Opera and so on.

     

  7. Hi,

    I'm finding problems using pdf modules.

    I have a PDF module used to send data to a branch of our government (and produced by them).

    I compile the module (opened in Acrobat Reader) filling requested fields, then I have to push a button inside the module. An XML file is created and the default mail program is asked to generate a new mail, already filled with destination address, subject, text and the XML file as attachement.

    But Malwarebytes anti-exploit section blocks it (it blocks Acrobat Reader).

    I can of course disable Acrobat Reader anti-exploit protection in Malwarebytes settings, but this vanishes every other exploit protection related to Acrobat Reader too.

    I can see exploit blocked in the logs but if I try to add an exploit exception the list showed is empty.

    I attached here MB log, pdf module and screenshots

    Thank you in advance

    ZZ

    20170617 - Malwarebytes and Acrobat modules.zip

  8. 2 hours ago, Porthos said:

    To get things working normally again simply open Malwarebytes and click on "Current" next to where it says Updates in the Dashboard and it should download and install working databases.  If it is able to successfully update but protection still is not working, then please try right-clicking the Malwarebytes tray icon next to your system clock and select Quit Malwarebytes and then open Malwarebytes once again from your START>Programs menu or from the shortcut located on your Desktop.

    If the issue persists, then please try restarting your PC.

    If you have any further issues, please create a new topic and one of our team members will assist you.

    Thank you again for all your patience, we really appreciate it and thank you for using Malwarebytes.

    Malwarebytes OK, now:

    Updated MWB to

    version 3.1.2.1733
    components 1.0.122
    package 1.0.1976

    Restarted the PC

    No more protections disabled.

    Solved, thanks.

    ZZ

  9.  

    On ‎08‎/‎05‎/‎2017 at 4:03 PM, dcollins said:

    Do you still have the Adobe problem on Malwarebytes 3.1?

    Hi, Devin.

    I replicated customer's situation on a machine with MBAM 3.1.1.1722 with same PDF file, and Acrobat module button "Send by mail" correctly opened a new mail with default mail application (Outlook 2016).

    I will update MBAM on customer machine while today MBAM version 3.1.1 seems passed from beta to release status.

    My main PC is actually using 3.1.1.1722 and I've not found any new problems.

    Crossing fingers ...

    ZZ

  10. Hi,

    a new problem with Anti-Exploit protection in MBAM3.

    With MB 3.0.6, Acrobat documents conteining module fields to be filled ad mail sent by automation are not able to complete the process.

    MB blocks Acrobat when it tries to generate a mail message with the default mail application.

    Disabling anti-exploit protection for Acrobat and Acrobat Reader solves.

    But the question is: what's the sense of Anti-exploit protection? Protecting users from malware or stopping them from use Word, Excel, PowerPoint an now Acrobat?

    Thank youin advance,

    P.S. v3.1.x beta eliminates Microsoft Office file saving problems.

    ZZ

  11. 15 hours ago, Davidhs said:

    Also on Win 10 Creator update and Office 365 and Word and Excel now work correctly as they did before Creator update.

    Problem IS NOT SOLVED

    I'm actually running Malwarebytes:

    • MB version 3.0.6.1468
    • Component pkg 1.0.103
    • Update pkg 1.0.1802

    If I re-enable Exploit protection on Microsoft Office Excel, PowerPoint, Publisher and Word, saving a file from these applications hangs them and you need to force close them.

    Disabling Exploit protection again, solves as before.

    • Windows 10 Pro v1703 b15063.138
    • Office 2016 v1701 b7766.2076

    Regards

    ZZ

  12. On ‎19‎/‎04‎/‎2017 at 0:54 PM, SaveTheTiger said:

    Thanks for the update dcollins. Do you know if there is a timeline on a permanent fix for this problem?

    What we need, Devin, is to be somehow advised when you'll solve this problem, to re-enable exploit protection on Office applications or, of course, automatically re-enable these settings when updating MBAM.

    Thank you in advance.

    ZZ

  13. Ten days ago I updated several PCs to Creators Windows 10 (1703) edition, and all users began unable to save within Office 2016 Word, Excel, PowerPoint.
    It was a big problem, I spent a lot of time investigating on it, searching Internet, trying to repair, uninstalling, reinstalling Office with no results: all Office users were unable to operate (to save ...) their files.
    Here is the solution: a bug in Malwarebytes Anti-Exploit protection.
    I suggest MalwareBytes to quick disable by design MBAM 3.0.6 Office anti-exploit protection until update.

    I would like to know, as SaveTheTiger asked before,

    "What protection am I losing by turning off Word in MB3 -> Settings -> Protections -> Manage Protected Applications?"

    Best regards

    ZZ

  14. Running this on a Production systems is not yet advised. PeAcE

    This is typical tip without sense.

    If programmers and beta tester work on insulated machines only, they will never be able to release a product.

    We are beta testing software on production machines, on our own risk, exactly while this kind of problem is only present on production machines.

    And this is positive for programmers.

     

    Dear 1PW, the reason I didn't send a "false positive report" for Office Clicktorun is very simple: Each PC sold in the last year has Office Clicktorun executable preinstalled.

    And there are not particular situations to put in evidence: Anti-Ransomware is interfering with it.

    You can reproduce the problem, simply creating a virtual machine, installing OEM Clicktorun or an Office 365 and ... "voila"

    Best regards

    ZZ

  15. Same problem.

    Today Anti-Ransomware detected my OfficeClickToRun.exe as malware and quarantined it (Tray banner).

    Office 2016 products stopped running.

    It was not possible to restore the file while quarantine list was empty.

    Uninstalling Anti-ransomware and restarting the PC solved the problem.

    It should be useful to make a public list of fale positive solved, to be sure not to jump into this bug again.

     

    ZZ

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.