Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by exile360

  1. The exclusion should only apply to that specific item so if the 'real' PUP were ever installed on your system Malwarebytes would detect it, though if it creates the same shortcut on the desktop (which it would likely need to delete/replace your existing shortcut), Malwarebytes would not detect the 'true' PUP shortcut but the rest should still be detected just fine.

    I hope this helps.

  2. It sounds as though the business version doesn't register with the Security Center by default, though you can check the settings in Malwarebytes to see.  In the consumer version there is an option to control whether Malwarebytes registers with the Windows Security Center located under the General tab in settings and if the business version has the ability to register with the Windows Security Center there is likely an option for it somewhere in the UI and/or policy (if using the managed version).

  3. 4 hours ago, Porthos said:

    Do not take any actions on the items it finds just in case.

    Agreed; it would be a good idea to post any detections for review by the Researchers/staff, though I think I'll ask if there is anywhere specific they'd like it reported since we don't want to bog down Research either (and in fact, they likely have it off for now to avoid a large number of FP reports while they continue to tune it).

  4. AI needs training, so if anyone is interested in helping to make the feature better, please enable the setting and perform a scan and if you find any detections from it, please report them to the Reseearch team by posting in the File False Positives area which you may do by clicking here.  Provide a copy of the scan log showing the detections which may be done using the information found in this support article along with a copy of the file attached to your post which should be zipped by copying the file to a common location where you have write access such as your desktop, downloads folder or documents, then right-click the file and hover over Send to and select Compressed (zipped) folder then attach the resulting ZIP file.

    If a staff member has any instructions on how to test and how to report FPs, I concede to their knowledge.


  5. Sure, I just saw it mentioned that there had been issues with the license in the past where Support was needed and using My.Malwarebytes.com is a good idea since it allows the user to deactivate/reset their own license for cases where it can't activate due to still showing up as active on a previous install/system etc.

    4 hours ago, kola1 said:

    Maybe there is an issue with my license. I've had problems in the past where my licenses stopped working because I haven't used them in a while, but the support team was great at straightening that out for me.


  6. If you haven't done so already, I'd highly recommend signing up for an account at My.Malwarebytes.com where you'll be able to log in and check the status of your licenses as well as deactivate your licenses/devices as well as look up your license info if you ever lost it.  Details on doing so may be found in this support article.  Be sure to use the same email you used when you purchased your license for Malwarebytes if possible, otherwise refer to the information in this support article as well as this support article on manually adding your license key to your account as well as changing the email address associated with your account.

    I hope this helps.

  7. Greetings,

    Yes, I believe this is quite normal as I have seen it discussed in past Malwarebytes releases.  That said, I do not know for certain whether or not Malwarebytes 4.x modifies the last access date/time so a staff member may correct me if this is not currently the case.

    In the meantime, just to make sure it is not the result of some issue with the software, please do the following:

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

    Please let us know if the issue continues after the clean install or not.


  8. It sounds like an IRQ or throughput issue, not too dissimilar from the old I/O port/IRQ conflicts that were once common before MS implemented tech to make installing devices/drivers easier such as plug-and-play.  My suspicion is that the issue is hardware specific, only impacting specific systems/configurations, and even then it might boil down to how Windows and the hardware itself (the motherboard/BIOS/firmware etc.) have assigned and configured the various components' IRQ addresses and the sound hardware and network hardware both consume PCI/PCI-e bandwidth which may result in the issue occurring whenever the Web Protection driver (which itself uses a lot of bandwidth/throughput via the WFP APIs in the network stack) is active at the same time as other applications and system components which use a large amount of bandwidth/throughput as well (which includes the audio chipset when playing back audio, the torrent program which uses a large amount of bandwidth both ways (since P2P apps generally upload/share at the same time things are being downloaded, not to mention the large numbers of connections typical to P2P applications which further adds to it), and of course the web browser itself which, particularly since it is Chrome, likely uses a lot of bandwidth as well (especially if many add-ons/extensions are installed which might also put further load on the network/bandwidth) since Chrome is a Google app, meaning its packed with tons of telemetry monitoring tech and advertising components.

    Have you tried a Chrome alternative such as MS Edge Chromium or SRWare Iron?  They use the same add-ons and have basically all the same features, though Iron has the bonus of having all telemetry and advertising content either stripped from the code of the browser or simply disabled.  It is possible that one of those might work without causing the issue, however it's also possible that it will occur with any browser.

    It might be worth monitoring with a tool such as DPC Latency Checker or LatencyMon, then test by disabling various components and trying different combinations of applications to see if there is some non-essential component or application which you may disable or use an alternative in order to work around the issue until it is addressed by the Developers in a future release.

  9. Just FYI, disabling, crippling, or even flat out removing (or simply never installing) the Intel IME driver does nothing to mitigate any risks to security and potential vulnerabilities.  IME is built into the CPU itself, residing on its own silicon and if enabled in the firmware, can enable direct remote access and full control over the system's hardware, even if it is not booted into an operating system (and even if no hard drive or SSD is installed as it runs directly from the chip itself and houses its own proprietary OS).

    I know all of this because much like yourself, I am concerned about privacy and security.  There is a method to actually disable IME, however it is risky, requires special equipment, isn't possible on all systems and can only be trusted as far as Intel's own functions/APIs allow, because the method used is the same one they provided to the NSA when they were concerned about the feature in their own systems.  This also means that if there is any security flaw/vulnerability or unaccounted for functionality when in this mode which would enable remote access, the system remains vulnerable.  There is no way to truly turn the IME 'off', and in fact the CPU will not post/function unless it is present and active because it handles part of the earliest phase of starting the system and Intel made it this way deliberately so that there is no way to use the CPU without it.

    You can learn more at the following links:

    Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA
    How to remote hijack computers using Intel's insecure chips: Just use an empty login string
    Sakaki's EFI Install Guide/Disabling the Intel Management Engine
    What is MINIX? The most popular OS in the world, thanks to Intel
    4 exploitable bugs plague Intel Management Engine: Patch now
    Computer vendors start disabling Intel Management Engine

  10. Microsoft designs the 'hooks' and APIs used by AV and anti-malware vendors, so they act as the gatekeepers.  This includes only allowing authorized drivers and services to register as AV protection to do things like load early on boot and to hook into certain aspects of the system.  The reason they aren't typically abused by bad guys is because of security features like digital signature enforcement where only authorized vendors, using validated/signed drivers may load on the system.  The heatmap I linked to indicates items detected by Malwarebytes after the resident AV already had its chance to try and stop them, so every time there is such a detection it was a threat that was missed by the AV (including Defender, which is listed as 'Microsoft Consumer') and was detected by Malwarebytes.  The heatmap only counts detections from scans, so the results come either from free users of Malwarebytes, or users who have their Malwarebytes protection disabled and they've run a manual or scheduled scan.  This is how I know the AV already had the chance to look at any potential threats before Malwarebytes made its detections.

    If Malwarebytes is configured to register with the Security Center then Defender will disable itself, however you may use both by disabling the option.  Please refer to this support article for further details.  We have many users running both in real-time and they work quite well together.

  11. By the way, while MS may improve how they lockdown their own OS, that does not make them the most proficient at detecting the newest threats.  The heuristics capabilities in products like Malwarebytes have proven most effective at stopping threats before they get into a system to do damage.  Malwarebytes relies on a layered approach to protection which you can learn more about from this page and I also recommend reading this article as well as this threat analysis for further info.

  12. Please refer to this page; it's a heatmap showing live data where Malwarebytes has detected actual threats (PUPs and blocked websites are not counted; only threats detected by scans, meaning each time a threat is detected, it's one more threat missed by the resident AV).  The data is pulled live, in real-time so you can see for yourself where Malwarebytes has detected a threat missed by each AV.

    Windows Defender has been improving, however we still see countless threats stopped in their tracks by Malwarebytes, even on systems where Defender is active and up to date, and preventing a threat is far safer and more effective than trying to remove it after the fact, after the threat has had a chance to take control over the system.

    I hope this helps.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.