Jump to content

jodolski

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by jodolski

  1. Fantastic. Will relay that message and test it out. Will update this thread once I get word.
  2. @1PW @AdvancedSetup I appreciate your quick work on this. I'll notify our client and we'll be on the look for the next release of the beta.
  3. Ron, Here are the attached files. Let me know if you need anything else. Best, Jeffrey MBAMSERVICE.zip Malwarebytes Anti-Ransomware.zip dattodrive.zip
  4. Ron, Thanks for the quick response. I'll see if I can grab the details for you and submit it. I'll be sure to update this post. All the best, Jeffrey
  5. Malwarebytes Team, I'm a support engineer from Datto and we've released Datto Drive (https://dattodrive.com/) which is our FSS platform which includes a sync client that runs as an active process in the system tray. I was informed by one of our partners that he had run Datto Drive with Malwarebytes' Anti-Ransomware without issue while being on version 0.9.14.361. As soon as an update was performed to 0.9.15.416, it began targeting dattodrive.exe as per the log indicates: 06/08/16 " 08:45:59.867" 428935843 MbCommonSigVerify 08e0 1684 VerifyFile "FileVerify.cpp" 479 INFO "Opening C:\Program Files (x86)\dattodrive\dattodrive.exe for verification" 06/08/16 " 08:46:00.901" 428936875 MbCommonSigVerify 08e0 1684 GetCertFromImageHeader32 "FileVerify.cpp" 1073 INFO "Cert32 address is zero" 06/08/16 " 08:46:00.901" 428936875 MbCommonSigVerify 08e0 1684 VerifyBuffer "FileVerify.cpp" 883 INFO "The Certificate is not there!" 06/08/16 " 08:46:00.901" 428936875 MbCommonSigVerify 08e0 1684 VerifyFile "FileVerify.cpp" 526 INFO "C:\Program Files (x86)\dattodrive\dattodrive.exe verification status - c000007b - IsMbam = 242" 06/08/16 " 08:46:18.545" 428954531 CleanControllerImpl 08e0 15cc mb::common::whitelisting::WhiteListManager::IsFileOnlineWhiteListed "WhiteListManager.cpp" 211 DEBUG "MEPS WL request: { ""channel"" : ""release"", ""detections"" : [ { ""filepath"" : ""C:\\Program Files (x86)\\dattodrive\\dattodrive.exe"", ""filesize"" : 35917454, ""md5"" : ""0559351FBCC9E54291661EB2566699F6"", ""sha1"" : ""3C0612DA5ECEDD42F582F762DB8BD25264463ABA"", ""sha256"" : ""64B119EF61A877D2C66AFEF02B00C2A177BC9BE8908FFF6198D027BFBE803389"" } ], ""installation_token"" : ""ku4e4doGhi7pRCwVN1sw1459269036"", ""product_build"" : ""consumer"", ""product_code"" : ""MBRW-C"", ""product_version"" : ""0.9.15"" Running an exclusion would allow the executable to be restored but it has left us perplexed why the executable is picked up as ransomware. Any insight and fix would be appreciate! Feel free to e-mail me at All the best, Jeffrey dattodrive.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.