Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, I just visited the first URL (which wasn't blocked as you mentioned), however when I tried to download the file I using the download button on that page I got the following: Please keep in mind that it can be pretty common for the bad guys as well as PUP vendors to create new sites to advertise and host their files, not to mention affiliates trying to make money promoting them. It is also quite possible that the installer/file itself is actually new and simply contains or is a variant of a known threat so the Malwarebytes Research team may not have ever seen this particular file or website before. In fact, this is one of the very reasons that Malwarebytes includes multiple protection components because a layered approach is superior since you are not forced to rely on any one component or area of research focus to discover and block all threats. Since the file was detected/blocked when you tried to execute it, this means it was most likely the Malware Protection component that detected it as this module checks any process that tries to enter memory (Malwarebytes avoids scanning files while they are being downloaded or as they are copied to or created on disk as those are methods common to AVs so Malwarebytes uses different methods to help avoid conflicts with AVs). If you wish, you may report any website that is not blocked by Malwarebytes that you believe should be here; just be sure to follow the instructions provided in this pinned topic.
  2. Understood, yeah if you already created the account and don't know the password then you'll definitely have to wait on Support but they'll be able to do the transfer for you to get you back up and running again so it's just a matter of time, hopefully not too much longer before they respond.
  3. No, it isn't blocked for me any more and hasn't been since I tested on the 10th.
  4. If you are able to log in to your account at all (even if you can't receive notifications), you should be able to change your email address by following the instructions in this support article. If you haven't yet created your account or never created it with your old/original email then you might be able to add your license key to your account by following the instructions in this support article. If neither of those options helps then you'll have to wait on Support to assist. I hope this helps and if there's anything else we might assist you with please let us know. Thanks
  5. You'll do what you will, however I'd also advise you to refer to your original purchase receipt if you still have it as it should state the same. I understand your frustration having lost the ability to keep the software active across multiple installations, I'm simply explaining why this is no longer the case and the reason that it had been implemented the way it was in the past vs now where users are now able to deactivate their licenses/devices without having to contact Support to do so (thanks to the new My Account feature at My.Malwarebytes.com).
  6. Excellent, I'm glad you were able to resolve the issue, thanks for letting us know.
  7. It probably has something to do with driver states and the config files. Mid-scan or even on the scan results screen, they don't want the user to be able to change anything since it could conflict with what is going on with the scan process. For example, if you've detected something during a scan and immediately exclude it manually, there's no way to tell the driver to honor the exclusions since exclusions in Malwarebytes work by having excluded items not be displayed in the list of detections for subsequent scans, which would mean that the detected items would end up getting removed if you left the checkboxes checked for those items at the end of the scan and proceeded with the remediation process even though those items might now be in exclusions from adding them during the scan or while on the scan results screen. It's similar to how Malwarebytes won't let your restore something from quarantine when a reboot is pending for DOR (Delete on Reboot) because the net result would be the item getting permanently deleted without a backup copy existing in quarantine (since the item is deleted from quarantine once it is restored, and DOR deletes the items detected from the previous scan from disk on system restart without any quarantine process since it has to assume that the item has already been quarantined and the driver and DOR script don't actually have access to copy anything to quarantine the way the main EXE and service do). Basically it's a convoluted way of saying that you're right, you can't modify settings during a scan or while the action at the end of a scan is still pending Anyway, I'm glad I could help and if there is anything else we might assist you with please let us know. Thanks
  8. Greetings, Please refer to the information in this pinned topic. The ability to use the lifetime version across multiple (i.e. 3, and prior to that, 5) instances/installations was simply a form of grace built into the licenses to prevent them from being immediately blacklisted or disabled when a user moved their license from one device to another or reinstalled and reactivated the software after reformatting their system/reinstalling their operating system; it was never intended as a license to use the software in multiple instances simultaneously (even on the same device on multiple operating system installations or even within multiple virtual machines running in the same operating system) as the lifetime licenses were always sold as single seat licenses. You may refer to the End User License Agreement included in the installer (just click the link that says End User License Agreement in the installer just above the Agree and Install button) which states the following (bold added for emphasis; note where it says number of copies of the software; it doesn't just specify the number of devices):
  9. I suspect that if someone doesn't know how to exit the application, they probably aren't going to be too bothered about it running in the tray. It consumes very little resources without any protection running, and as far as I know the only telemetry Malwarebytes collects in free mode comes from the scans performed by the user (i.e. for detections etc.). I can't see any legal issues with it as it's a pretty common practice for many freemium applications like Malwarebytes to continue running in the background even when in free mode. In fact, the older versions of Malwarebytes were actually outliers in that area as most of its peers at the time like Spybot, Ad-Aware and SUPERAntiSpyware would actually remain resident in the system tray when not in use, even in free mode so Malwarebytes 3 is now actually more inline with the expected behavior as established by other products in the same category than it was when it didn't remain resident in the tray in free mode.
  10. You shouldn't have to deliberately launch it as admin or change the compatibility settings for it, at least as long as UAC is set to defaults for your system (if it isn't then you may run into problems as ADWCleaner, Malwarebytes 3 and all of Malwarebytes current software, like most modern apps, are fully UAC compatible and compliant, so disabling or modifying UAC from defaults may impact how the tools run). With regards to the detections, I suspect that adding them manually can't work because it's the value data being detected, not the key itself and I don't think there is a way to add value data to exclusions manually so your best bet would be to right-click on the detected entries (it's easiest to right-click on the parent category 'PUP.Optional.Legacy') at the end of a scan and select Add to Exclusions so that they will be excluded going forward. That should prevent them from being detected again in the future. I just tested and was successful in doing so on my own system.
  11. The free version of Malwarebytes 3 has always run in the tray. It's for convenience so that if the user wants to run a scan they can more easily and more quickly. That said, if you don't want it to run in the tray you can disable the option to have it start with Windows and if you've run it, if you don't want it to continue running in the background you can right-click the tray icon and select Quit Malwarebytes.
  12. Yes, confirmed, though once I clicked download anyway and returned to the original page, the download now link on the original page did work so that should work as a workaround for the time being until this is resolved.
  13. I believe what the OP was concerned about is the fact that these users work in a BYOD environment and when they bring their laptops in to work they do need to connect through the proxy in the office, but when at home they obviously don't, so the issue is whether or not the product can be configured to simply honor/use the proxy settings configured in Windows for the current connection rather than having to enable/disable the proxy setting in Malwarebytes manually each time the connection changes (i.e. the user brings the device into the office where there is a proxy, then takes it home where there is no proxy).
  14. Greetings, Please verify that this issue is still occurring. I just tested it twice, and both times clicking the Download this file anyway link worked and the file was successfully downloaded.
  15. You're welcome, I'm glad I could help clarify things. Malwarebytes works very differently from a traditional antivirus scanner and I have a lot of working knowledge about it having been an employee for a long time who had the privilege of working directly with the Developers and Researchers to help design and implement it, and having used and tested tons of third party AV/AM solutions/scanners over the years, both in my work as well as part of my hobby in cybersecurity, I can speak from first hand knowledge that the detection engine in Malwarebytes works very differently from most of the products out there, and while it may share some of the more traditional techniques that they use to analyze objects to determine whether they are malicious or not, the vast majority of what Malwarebytes does to check for threats is quite unique which is also one of the key reasons it pretty much always has been and remains to this day one of the most effective solutions out there with an excellent scan/remediation engine (not to mention all the additional layers/components included in the Premium version that go way beyond normal threat detection/prevention methodologies in use by most of the big AV vendors out there today). Anyway, if you have any more questions please don't hesitate to let us know, we're always glad to help out when we can.
  16. Yes, you can stick with the Threat scan, and if you save stuff in odd locations like on a secondary drive or separate partition you can scan those locations using the right-click Scan with Malwarebytes option to check them. It is strange that the scans are taking so long, but it could just come down to changes in the scan engine or driver resulting in longer scan times on some devices.
  17. Thanks, I'm sure they'll prove useful. I'm no expert on Wireshark myself, but it is often used for tracing connections and checking connectivity issues so the network/Web Protection guys should be able to use them to determine where the block is occurring and why. I'll ping one of them to come take a look at the data you've provided and hopefully we can get this figured out and fixed for you. @Dashke or @Zynthesist could one of you guys please take a look here to try and determine why Web Protection is preventing Unify Controller from connecting when active? Wireshark logs are provided above along with all the Malwarebytes logs and data from the Support Tool. Web Protection doesn't appear to be blocking anything according to the logs, but if Web Protection is active Unify can't connect, and if Web Protection is disabled it can connect and Web Exclusions for all of its associated processes hasn't helped so my guess is that it might be some kind of driver and/or WFP conflict maybe? Unify is a VPN/cloud application and likely uses WFP itself, though the only registered WFP filters showing in the logs are those from MWAC/Malwarebytes and the ones belonging to MS/defaults. I'm hoping there's a simple solution here like an exclusion we're missing or something. Thanks
  18. Yes, that would be a good idea as one of the Java components may be the executable that is actually being blocked trying to connect.
  19. Those two switches above it shouldn't affect that setting as far as I know, but I suppose it's possible if something in the program's configuration files was corrupted and toggling the option that you did may have fixed it. One more item of note is that even when all of the program update options are enabled, you won't necessarily receive the latest program versions as soon as they are available as they are metered out to users over time gradually/semi-randomly so you can go a long time through many database updates without the program picking up the latest program release, however clicking the Install Application Updates button overrides this delay and forces it to immediately check for and download any new program versions that are available, so you can always verify that you have the latest version by clicking on it.
  20. Greetings, Please make certain that the computer clock is set to the correct time as this is what the software will use to determine when to scan. Also, make certain that the Recover if missed by/Recover missed tasks option is not enabled for your scheduled scans to prevent them from launching as soon as the device is available for scanning if the most recent scheduled scan was missed. Other than those items, I'm not certain what else to check to determine why the scans might be kicking off when they are, but that's where I'd start in trying to track it down. I hope this helps, but if not then you should contact Malwarebytes Business Support by filling out the form on the bottom of this page or taking advantage of the CHAT WITH US option if available at the time.
  21. Greetings, I would suggest excluding each of the program's active/running processes when the program is running/in use to see if that helps. Be sure to exclude them by selecting the Exclude an Application that Connects to the Internet option described in the section of the same name in this support article. That should hopefully resolve it, but if it does not then it may prove helpful to grab a WireShark log of the communication from the app when it's being used to determine exactly what IPs/domains it connects to then excluding each of them using the Exclude a Website option described in the same support article and hopefully that will resolve it.
  22. The button does have an appearance that can make it seem to be grayed out. I have requested that they modify its appearance to be more prominent both to make it stand out more as an active control/button and to be clearer that it is active/isn't grayed out. As long as it looks like the button in the below image then it is actually active, it just doesn't stand out much against the background and doesn't resemble most other controls in the UI which are mostly white with a gray border or blue in color; that light gray they chose for this and a few other controls in the UI really makes it easy to overlook them or for the user to get the impression that they are disabled, at least in my opinion:
  23. Greetings, Based on the wording I suspect that what you saw was actually a block by Malwarebytes' Web Protection component and it was blocking some process from connecting to a known malicious website that is known to be used by Trojans. You should be able to verify this by opening Malwarebytes and navigating to Reports and locating the most recent entry showing a web block entry. Double-click on it and you should be able to see the details including the website that was blocked and the process that tried to connect to it (most likely your web browser). If you still aren't sure you may do the following so that we can take a closer look at what's going on: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
  24. That makes sense. I'm guessing it was some installer from the web that had some bundled PUP with it; technically harmless, and of course it would have been detected by real-time protection had you tried to execute the file which would have prevented the PUP from being installed in the first place.
  25. Was it an active threat or just a dormant file (like an installer containing a bundled PUP or something similar)? The reason I ask is because any active threat should be detected by the Threat scan, and any dormant threat on any secondary drive or in any location that the Threat scan doesn't check would first have to be executed to present a threat to the system (which is why I suggested using the context menu scan function if you have a tendency to save files from the web on secondary drives etc.). There is also the possibility that it was a false positive, but the only way to know that would be to check the file on VT and/or maybe submit the file to the Research team in the FP area to have them take a look.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.