Jump to content

exile360

Experts
  • Content Count

    22,309
  • Joined

  • Last visited

Everything posted by exile360

  1. Actually Malwarebytes doesn't use AI/Machine Learning for the Web Protection component in Malwarebytes. It is a database maintained by a team of Researchers with years of experience maintaining the hpHosts block database/HOSTS file prior to becoming a part of Malwarebytes. Steven Burn (AKA MysteryFCM) is the lead Researcher and originator of the web blocking technology/database in Malwarebytes going all the way back to the Malwarebytes 1.x days when Web Protection was first integrated into Malwarebytes Premium (or Pro as it was known back then). But yes, it is true that Malwarebytes has no political motivations in their detections. They simply target malware, scams and PUPs (Potentially Unwanted Programs) and only criminal malicious content is targeted for blocking by the Web Protection component. I'm fairly certain that the shared server I discovered is the cause of this block as it is not uncommon for hosting providers to use the same IP address/server to host multiple websites from different owners and Malwarebytes simply needs to add an exception in the database to prevent the innocent site from being blocked while continuing to block the malicious content being hosted on the other website that shares the same server.
  2. Greetings, It is likely being caused by some kind of issue with Malwarebytes configuration files. Sometimes they become corrupted during upgrade/install so lets see if a quick over the top install of the latest build corrects the issue and go from there. Please download and install the latest version over the top of your existing installation from here and then reboot if prompted to complete the upgrade process. Once that's done, go ahead and restart your machine and let it fully load to the desktop (including Malwarebytes, assuming it loads) a couple of times just to make sure it is now working properly. If it still fails to startup without the START menu shortcut being present please let us know. Thanks
  3. By the way, I believe I just found out why the site was blocked, and no, it didn't have anything to do with politics (in fact, it didn't have anything to do with the website you mentioned; it was due to another malicious site that happens to share the same IP address/server as the site you mentioned meaning they should be able to filter out the site you referenced as an exclusion and keep the block on the malicious site if it gets reported). I looked up the site you mentioned on the HPHosts database which is a site maintained by Malwarebytes' Web Research team that will often reveal why many sites are blocked by Malwarebytes (though it isn't a 1 to 1 match as they are separate tools/databases, but they do often overlap) and you can see that info here. As you can see, it shows that the site in question is not in their database meaning they aren't targeting it, however when I clicked on the IP used by the site (104.27.12.102) I found this reference which as you can see, references a DIFFERENT site using the same IP address, meaning they share the same server and I would bet that the second site is the reason for the block.
  4. Believe what you want; I don't know why the site was blocked, only that there are no political blocking categories for the Web Protection feature and if you don't report it as a false positive it can't get corrected, and if you do report it then you'll likely get an explanation as to why it was blocked in the first place. Either way if you want something done about it the best way to accomplish that is to report it to Research for review.
  5. There still appears to be some kind of issue with this. This very part of the forums shows as having some unread content though I've previously marked the entire forum as read and have viewed every new thread/post since. I don't see any moved topics so my guess is it's due to one of the deleted topics (which I can also see due to my access level, though none of those show as unread either). I've cleared the cache and rebooted many times since the update so whatever this is, it's either new or just the same issue as before showing up again. Either way it still isn't working as expected.
  6. Greetings, The Web Protection feature in Malwarebytes uses databases of known malicious websites (domains/URLs) and servers (IP addresses) to block malicious content. There's nothing political in their motivations I assure you. If you believe a site being blocked is a false positive then please review the information posted here as well as here and then create a new topic in the Website Blocking false positives area by clicking here and one of the Malwarebytes Research team members will review the block and have it removed if it turns out to be a false positive or if the malicious content that was on the site/server has been removed. If there is anything else we might assist you with please let us know. Thanks
  7. Greetings, If you open Malwarebytes and navigate to Settings>Scan Schedule you can edit or even delete the default scheduled scan, which is likely what's causing all the disk activity on system boot since the scan is scheduled by default to recover/re-run if the scheduled time was missed within the last 24 hours as soon as the system comes online/boots up. You can either edit the scheduled scan to suit your preferences or simply delete it if you don't want any scheduled scans, and even create your own if you have a completely different schedule in mind and still want the program to perform scheduled scans from time to time. You should find the information in this support article as well as the online documentation here to be helpful. If there is anything else we might assist you with please don't hesitate to let us know. Thanks
  8. Yeah, say what you will for powerful CPUs, fast RAM, and powerful graphics cards, but an SSD is the single most significant upgrade one can make to a system if they want to improve the boot time of a machine exponentially; especially modern NVMe (PCIe) SSDs; but even SATA SSDs still far outclass any mechanical HDD (even the fastest 15K RPM drives). It's the most noticeable change a person can make to their system to really see and 'feel' the difference in a system's boot times (though it doesn't impact program loading times/seek times to quite the same degree even though it is obviously still quite a bit faster than any standard mechanical HDD).
  9. Yes, it's been an issue for many releases now going way back many months if not a year or more to a problem, I believe, with MS Office 2016 where if enabled it causes it to crash so they opted to disable the option at least until the conflict can be resolved, though considering how long it's been it might be best to just remove the checkbox as an option at this point because the behavior in the GUI is kind of funky (you can check the box and hit 'Apply' and it will appear to be enabled, but the next time you restart the system or exit/re-launch Malwarebytes the box will be unchecked as the option is never actually enabled since they rolled out this workaround for that issue so it's not the best UX but at least it prevents the crash).
  10. No, I haven't seen any issues related to those settings being enabled; that said, there probably is a good reason for the out of the box defaults so I'm not necessarily advising anyone to configure their copy this way. I just wanted you to see all of the functions/options available in the product as I figured that might be useful for comparing with Windows Defender. Yeah, I've heard others mention various issues with CFA. It seems to be an interesting feature but perhaps a bit too aggressive at times.
  11. Hehe, true; there's a bit difference between the goofy patent language used to describe 'an X that does Y' vs the real nitty-gritty of how any device/software etc. actually works. It's even more vague and obscure than most marketing materials describing such things to potential users/customers.
  12. Malwarebytes isn't a VPN (that's what would be used to 'encrypt your IP', which is much more of a privacy issue than a security one unless you are on public Wi-Fi), nor is it a firewall, though they do offer a free firewall here since Malwarebytes acquired Binisoft, the makers of Windows Firewall Control. Different layers of security and privacy protection serve different purposes, and Malwarebytes' main purpose is to protect from malware, exploits, Trojans, rootkits, malicious websites/servers (including command and control servers used by malicious botnets and malicious hackers along with phishing sites, malvertisements, and sites known to host malicious content/scams), as well as ransomware. In addition to that, it also protects against PUPs (Potentially Unwanted Programs) which includes bundled software, toolbars, adware, spyware, junk/undesirable software such as registry cleaners, driver updaters, so-called 'system performance optimizers' etc. To that extent Malwarebytes does protect your privacy, however as I mentioned, a VPN it is not, nor is it a firewall, both of which would be more suited for 'hiding your IP address'; in fact, one of the best things to have in that regard isn't actually found in any software at all; it's a hardware firewall, which virtually every modern router includes by default, so things like 'port stealthing' and blocking of unauthorized/unsolicited inbound traffic (such as any that might originate from a malicious hacker's PC or botnet portsniffing to try and find vulnerable/open ports/targets on the web) are of little concern as long as your router's firewall is properly configured (many ISP's also include routing functionality in their hardware modems, so if this is the type of device you use to connect to the net then you may contact your ISP or dialin directly to the device to view its firewall configuration software and settings through your web browser on your home network). There's a great thread/discussion on this very subject here and you can learn more about VPN's, what they are and how they work by reading this article. Another area that might interest you is DNS security/privacy. You can learn more about that here. One more thing with regards to online privacy/security along the lines of a VPN etc. that might interest you is the TOR browser. It's a special build of Mozilla Firefox designed to hide users online while browsing the web and help anonymize their browsing habits to prevent them being tracked/monitored online. You can also take measures within your normal web browser to further protect yourself and your privacy including changing security settings, modifying how cookies are handled and changing how plugins/add-ons/extension run so that they must ask for permission first. You can also install a good ad blocker, privacy protection extension or similar tool, and in fact Malwarebytes currently has one in beta testing which is available for both Chrome (and other Chromium based browsers such as SRWare Iron and Vivaldi) as well as Mozilla Firefox. You can learn more and download it at the following links: Chrome Firefox It was designed to work well alongside the Web Protection in Malwarebytes 3 and takes things a step further by blocking many ads, tracking servers (to protect privacy), clickbait links/sites, as well as new behavior based blocking for unknown tech support scam sites and other common types of malicious sites that might not yet be in the domain/IP/URL block lists used by Malwarebytes Web Protection.
  13. Absolutely Just search for any threat by name (as identified by Malwarebytes in your scan/protection log or the UI from the detection) here and there are tons more useful resources accessible from the Malwarebytes homepage (malwarebytes.com) under the Resources menu (that's where that little gem I linked to was located along with the blog that I pulled those articles from). If you ever want to kill about a good solid week or two just reading about security, threats, scams, privacy and all sorts of other techie goodness it's a great place to dive into to learn. They also update the blog regularly with the latest security news about scams, data breaches, threats/infections as well as many of the various goings-on at Malwarebytes.
  14. I dug up some additional information from Malwarebytes official support portal that you should find enlightening: What is Exploit Protection Vulnerability exploits Malwarebytes Anti-Exploit protects against Applications Malwarebytes Anti-Exploit Shields Malwarebytes Anti-Exploit new user FAQ Malwarebytes Anti-Exploit vulnerability prevention details Much of that information is pretty basic, but you should be able to hopefully glean at least some useful/new info from all of it, at least that's my hope. Also, here are screenshots of all of the Exploit Protection settings tabs in Malwarebytes 3 (note that these are NOT configured to the installation defaults as I have deliberately enabled all of them save for one setting which was actually disabled a while back to correct a known issue with MS Office which prevents it from being enabled, even manually in current Malwarebytes builds):
  15. Sorry for not responding sooner. Unfortunately since I am a Windows 7 user myself I can't dive too deeply into the differences/enhancements etc., but I do know that at the very least Malwarebytes does shield many non-Microsoft/non-OS programs including third party web browsers, office applications and media players; something I don't believe the functions in Windows 10 do, at least not to nearly the same extent. Malwarebytes also contains specific OS hardening techniques, at least some of which I'm fairly certain are not included in Windows Defender just based on the fact that there are a LOT of them. If you haven't done so already, take a look at the various options in the interface of Malwarebytes 3 for its Exploit Protection component assuming you have a license (or if you have it available, the 14 day trial). I'm not certain what the UI looks like for the standalone Anti-Exploit Beta these days so it may not expose as many of the functions/settings that Malwarebytes 3 does but I believe there is parity between them, at least for the most part at the moment. You can also take a look at the information in this Malwarebytes documentation as it reveals at least some of the functions included with it (there are 3 more tabs that it doesn't reveal as well as additional shielded applications which are not shown due to them not fitting in a single page so one would need to scroll through that dialog in Malwarebytes 3 to see them all). I'm certain that there is at least some overlap between the two, however I have seen and know many knowledgeable users running the two of them together quite happily and I recall hearing some of them express that the exploit shielding provided by the two applications was diverse enough to keep both running/active, though of course that was a while ago and Microsoft may have made further additions/changes since then, though I have not heard any claims from anyone that it rendered Malwarebytes' Exploit Protection obsolete/redundant in any way. I realize that wasn't exactly the level of detail you were hoping for, but I hope that it helps nonetheless.
  16. I'm sorry that you've had a bad experience with the software. I can definitely relate being a Windows 7 user myself and having to deal with the various issues that have arisen throughout various Malwarebytes 3 releases in the past (including the recurring system shutdown/startup delay/occasional hang/freeze issue which was there, then fixed, then back again, then fixed, then back yet again on several occasions throughout the past year+). I haven't experienced too many problems with the most recent release save for a compatibility issue with one of my system manufacturer's hardware control/overclocking applications which I was thankfully able to resolve by configuring Malwarebytes to delay the startup of its protection for 30 seconds (my system is pretty fast as you can see from the specs listed in my signature, so a longer delay may be required for others, but 30 seconds works for me because that gives all my other apps plenty of time to start/become resident and settle down before Malwarebytes starts): I realize you've opted to uninstall the software, but just in case you decide to give it a shot on your own system (and of course for any other users who might be affected by a similar problem) I wanted to post the setting just in case it is of any use to you. One more thing worth mentioning is that if you have a lifetime license and don't want it to completely go to waste you can simply disable protection from running at startup and just use the scanner and scheduler as an automatic second opinion scanner, and of course you may test with disabling the various individual protection components to see if any one or combination of settings resolves the issue for you since some protection is still better than none (as long as it is stable, obviously).
  17. Ugh, yes, I hate it when companies do things like that, especially when you've actually paid for the software. It's like paying for the privilege to have PUPs installed/be advertised to. It's at least somewhat understandable (though not excusable or really acceptable in my opinion) when 'free' software bundles in such additional 'gifts' as a means of generating revenue from their free products, but when they do so with their paid offerings that's just messed up. You paid for the thing once, why should you have to pay again by (potentially) harming your system's performance, risking your security/privacy etc. (depending on what they're bundling, of course), and even have to deal with any of this additional junk taking up space on your drive when you already handed them money? I guess that explains why Malwarebytes detected it, and I suppose Revo is the variable in the mix that caused things with Malwarebytes to go awry (not that there's anything wrong with Revo; it's quite a handy tool, though obviously some caution is required when using it just in case it wants to remove anything not directly related to the software you're attempting to uninstall which does happen, though not too terribly often in my experience thankfully). Anyway, if there is anything else that we can help with just let us know, and good luck with seeking your refund. Hopefully they won't give you a hard time about it or make you jump through too many hoops to get it done, but if they do, as long as you paid via PayPal, credit card or ATM/debit you should be able to contact your bank/card issuer/PayPal to have the transaction charged back/refunded to you, particularly if you explain the situation as I'm sure they'd agree that this is not acceptable behavior considering you paid for the thing and all and didn't ask for this bundled registry cleaner to 'enhance' your experience. By the way, in case you're curious as to why Malwarebytes may have detected it (aside from it being a bundled app, obviously, which is typical PUP behavior), they also aren't great fans of registry cleaners as expressed in this Malwarebytes blog article. That particular article is actually the first part of a 3 part series on PUPs. The second, which deals with driver updaters can be found here and part 3 which is more focused on PUPs in general and the practice of 'bundling' (very much like the situation you yourself encountered) here. Those articles give great insight into the mindset of Malwarebytes' Researchers, and the company as a whole with regards to their aggressive policies against PUPs and why they are so zealous about it. In my opinion it really is just another shady way for companies (as well as actual malware authors in some cases, as they'll use malware to install PUPs to generate revenue as affiliates/resellers) to turn a profit at the expense of users' systems.
  18. I have no idea, but you can try Windows Update and check Intel's website, but unfortunately Intel has become pretty bad of late about abandoning hardware and older operating systems much sooner than they used to ever since their agreement with Microsoft to cease support for pre-10 Windows versions for their latest chips/hardware.
  19. Greetings, I found the information located here regarding the detection of Systweak, however that may be a different application from the one you mentioned so it may indeed be a false positive. If you do believe this detection to be a false positive then please review the information in this pinned topic as well as this pinned topic and create a new post in the false positives area by clicking here and including the requested information in your post so that the Research team may investigate, respond and take any necessary action to correct the issue if it is a false positive. If the item is no longer located under the Quarantine tab and you are attempting to reinstall it, then you may do any of the following to do so: OPTION 1: Temporarily disable protection and install the program, then create exclusions: First, right-click on the Malwarebytes tray icon and click on Malware Protection: On and click Yes if prompted by User Account Control to temporarily disable Malware Protection to prevent the program's installer from being detected Install the program Open Malwarebytes and click the Scan Now button located on the Dashboard tab to perform a Threat scan and allow it to complete Once the scan completes, if any of the program in question's files, folders and/or registry entries have been detected, click the checkbox at the top of the list of detections to clear all of them and click Next When prompted, select the option to always ignore the remaining items from the scan and they will be added to your Exclusions (you can verify this by visiting the Exclusions tab under Settings) OPTION 2: Manually exclude the program's installer and then create exclusions: Download the program in question again, but do not attempt to launch its installer yet Open Malwarebytes and navigate to Settings>Exclusions and click Add Exclusion Leave the Exclude a File or Folder option selected and click Next Click on the Select Files... button and navigate to the location where you saved the program's installer (most likely your Downloads folder by default for most web browsers) and double-click the file to select it then click OK Install the application and then exclude its folders/files by using the Threat scan mentioned above in OPTION 1 or you may do so manually (though be aware that some items may not be excluded and may still be detected by a future scan, especially registry items and program shortcuts so the scan method is recommended) You may also change how Malwarebytes handles detections in the future. If you would prefer that Malwarebytes not detect PUPs or prompt you on how to handle them when they are detected then you may open Malwarebytes and navigate to Settings>Protection and under the Potential Threat Protection section, use the first drop-down menu to change how Malwarebytes handles Potentially Unwanted Programs. Warn User will have the program prompt you with an alert and options to quarantine, ignore once, or ignore always (exclude) any PUPs that are detected by real-time protection and they will be unchecked/not quarantined by default for scans (including both manual and scheduled scans), and Ignore Detections will have Malwarebytes refrain from detecting anything classified as PUP in the future by both scans and real-time protection. You may also change how Malwarebytes handles all detections by its real-time protection, including both PUPs as well as items detected as actual threats so that it prompts you on how to handle them. To accomplish this, open Malwarebytes and navigate to Settings>Protection and under Automatic Quarantine toggle the option to Off and from now on you will receive an alert notifying you when a threat (or PUP) has been detected by real-time protection and you will have the option to quarantine the detected item as normal, allow the item to execute once, or to ignore the item always which will add it to your exclusions (similar to the option mentioned above for PUPs). If there is anything else we might assist you with please let us know. Thanks
  20. An advisory from Intel warns users that they should immediately remove and discontinue use of their longtime offered Intel Matrix Storage Manager software solution provided with many Intel chipset based products, including many Intel platform based motherboards. The company is discontinuing this software and advises that users remove it from their systems immediately. The vulnerability in question allows a privilege of escalation attack by a local authenticated user (i.e. someone with local device access with malicious intent who knows how to exploit the vulnerability). This update comes at the same time as a series of other major advisories including a vulnerability in their integrated graphics drivers as well as one in their USB 3.0 Creator Utility. Updates for their graphics drivers which patch that vulnerability are available either through Windows Update or directly from Intel's website for supported devices/chipsets and operating systems. Thankfully, none of these vulnerabilities seems to have any impact unless the attacker has direct, physical access to your device, but it's still a good idea to take action and patch as soon as possible.
  21. Yeah, trying to hack compatibility for an in-memory protection program like the Exploit Protection in Malwarebytes is a recipe for disaster and unlikely to do much to increase the security of the device in question.
  22. By the way, this is a prime example of the direction that Microsoft is taking. Obviously that applies to businesses, not consumers, but I assure you that consumers won't be far behind (they tend to test things out on the business side before the consumer side for most major initiatives). The smart phone market is pretty much already there, with many phone service providers offering leases for their overpriced devices which gives the consumer the option to never own their phone, just to lease it and have it replaced every year or two when the new one comes out. It's silly if you ask me, but I guess I can understand wanting to have the latest and greatest tech being a PC hardware enthusiast; I just don't like the idea of perpetually paying for hardware that I never actually own and paying for so-called 'upgrades' that don't really offer new, exciting, innovative features any longer (the mobile market has stagnated of late, especially for the company that starts with the letter 'A' in my opinion; though they are about to have these new folding phones which is ironic considering that modern smart phones replaced phones that flipped open/closed with dual screens in the past, one of which I still own and use in lieu of a touch based smart phone ).
  23. Yes, as I mentioned, Linux is definitely on my very short list of considerations for the long term future. That said, I have no plans to migrate away from 7 any time soon. Given the extensive measures I take on my devices to secure them and either disable, turn off/deactivate, remove or outright break any components and aspects that present a potential exploit risk or security hole, combined with all of the measures I take using third party security tools as well as near constant software and performance monitoring to look for any suspicious, out of place or malicious behavior, I am certain I can keep 7 secure for a long time to come, even after Microsoft ends support for the Operating System early next year. A great deal of the major exploits for Microsoft Windows, Internet Explorer and other common components and programs that I use have been useless against my system from day-0 and prior due to that fact. To cite a well known example, EternalBlue, the now infamous SMB v1 exploit utilized in the WannaCry/WannaCrypt0r ransomware attacks. I was immune to this attack vector (and any other SMB related exploit for that matter) since long before the Shadow Brokers group ever exposed it to the public, and likely before the NSA ever even developed this exploit/attack measure simply because I had already removed/disabled SMB capabilities from all of my network connections and I'd already disabled or deleted any of the Windows Firewall rules allowing such connectivity to my system (or from it for that matter, so even if I were infected, I could not infect others on my network with any worm attempting to exploit SMB as a connection mechanism). In fact, I don't even have IPV6 enabled yet just because it has not yet become necessary and hasn't been adopted as the primary standard/protocol yet, though obviously I will once the world finally gets off of IPV4 (at which point I'll likely disable IPV4 so that only the primary/most secure protocol remains active). Anything related to remote control/remote access is either disabled, removed or broken (including patching and disabling Intel's own Orwellian IME hardware remote access/control functionality embedded in virtually every chip they've manufactured for the past decade or so; that one was tough without my system manufacturer's willingness to provide a patched BIOS, but I accomplished it nonetheless). I don't mess around when it comes to security, and while I definitely do NOT recommend others do so since I'm certain most likely aren't nearly as thorough or paranoid as I am, I will most likely be sticking with an 'unsecured' OS, at least for the foreseeable future. Honestly, as long as the software is compatible that I use (which shouldn't be a major obstacle until Microsoft makes some massive, sweeping changes to hardware/driver compatibility in a later version of Windows 10, which will necessitate breaking compatibility with current versions of Windows 8/8.1 and 10 as well as 7 since they all currently use the same underlying core driver/hardware APIs save for those new ones which only apply to Windows 10 such as ELAM), I have no reason to fear that my system will suddenly become so vulnerable to attack that it cannot be mitigated, either through my own pre-emptive countermeasures or those in play from third party software tools such as Malwarebytes. Those generic, behavior based/signature-less protection mechanisms go a long way to securing a system against many potential existing and as yet to be discovered vulnerabilities. At the time that XP support ended this really was not the case, as technologies such as anti-exploit, active keylogger monitoring/detection and other strictly behavior based protection mechanisms in that area were either very much in their infancy, or hadn't reached nearly the level of availability and reliability that they have now. It's also a different world out there from the bad guys' perspective. Microsoft Windows is no longer their primary target of choice; in fact, I've seen several reports in recent years that the largest botnets are now composed of IoT devices, not PCs which is something that has never happened until now. Mobile devices are now much more prominent, as are 'smart', always online IoT devices that almost all run some flavor of Linux, not Windows, and these are the main targets for those who seek to infect as many targets as quickly as possible, especially with their lackluster security offerings compared to desktop operating systems which have a plethora of security tools, suites and offerings available for free and paid to help keep them secure. A time will soon come that Malwarebytes and other AM vendors will see for the first time ever the number of threats discovered throughout the year to be primarily for devices that are NOT running Microsoft Windows. It's only a matter of time, and that time is fast approaching.
  24. And in 7, I don't have to turn any of it off because there's nothing to turn off, and I also don't have to trust that they are not only honoring the settings that they do expose to the user to control, but that they aren't likely hiding other areas of concern for which there are no settings to control. I've seen reports in articles, videos and from users about ads embedded in the live tiles in the START menu and how apps will reinstall themselves after being removed, and that privacy settings will revert following updates to the OS. It just seems more trouble than it's worth, especially knowing what I know of Microsoft's initiatives to follow the business models of the likes of Google and Facebook who essentially make their entire living off of gathering user data and selling advertising.
  25. Yes, it's a world full of adware and spyware. What was once called spyware is now referred to as 'telemetry', and what was once called 'adware' is now referred to as 'targeted advertising' but it's all the same stuff that brought companies like Safer Networking, Lafasoft, Webroot, and eventually, Malwarebytes, into being.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.