Jump to content

exile360

Experts
  • Content Count

    26,706
  • Joined

  • Last visited

Everything posted by exile360

  1. It's likely mostly due to the fact that the scan engine in Malwarebytes really isn't a flat file scanner. Many of the technologies it uses to detect threats, especially the nastier ones that you'd likely desire an offline scanner for in the first place, rely on technologies that require threats to be active as well as the current Windows installation (things like rootkit scanning, linking, heuristics etc.) and they've had great success so far relying strictly on more conventional means of getting the software to run even in hostile environments. That said, they did previously offer Malwarebytes Chameleon to get Malwarebytes running on systems where it was being blocked from installing/running by infections and while that technology has not yet been adapted to version 3.x, I do expect that if the need arises that they will do so to counter the infections targeting Malwarebytes. As for the possibility of an offline/bootable scanner, I don't know. It's been discussed in the past many times, but since it's much easier to work from WinPE rather than Linux as it would be much easier to read/load offline registry hives and natively read the offline system's file structure, that would be the ideal solution, however Microsoft's recent restrictions regarding the use and distribution of WinPE make that much more difficult (they did look into it, however Microsoft made changes to their licensing preventing vendors like Malwarebytes from offering WinPE based solutions. You never know though, maybe they will be able to offer some kind of bootable solution in the future, but only time will tell. I haven't heard anything recently about it but that doesn't mean that it's completely off the table as they could be working on it or at least considering it behind the scenes.
  2. OK, but then there's the issue of privacy. We get enough heat already from just collecting basic telemetry like anonymous detection stats and application usage; if they started collecting full details of all system activities/threads/processes etc. in real-time via cloud servers controlled by Malwarebytes, I'm pretty sure any users concerned about privacy would lose it, and they'd be right to. This level of monitoring, especially when the details are regularly/constantly transferred offsite is just asking for trouble in my opinion. It's something I could see being just fine in a work environment, at least if the servers are owned/controlled by the company's own sysadmins, not Malwarebytes. Businesses wouldn't take too kindly to Malwarebytes collecting that much info either, I'm sure, especially since it could put corporate data, customer info and trade secrets at risk as Malwarebytes would essentially be acting as a full-on Trojan, collecting all activity/data from every endpoint and transmitting it all out over the net.
  3. Greetings, Please follow the instructions in this topic and then clicking here to create a new topic in the malware removal area and include your logs and one of our malware removal specialists will assist you with FRST as well as checking the system for any other threats/PUPs and aiding you in cleaning them up if found as soon as one becomes available. If there's anything else we might assist you with please don't hesitate to ask. Thanks
  4. Greetings, Please sign in to My.Malwarebytes.com (if you haven't signed up already, you'll find instructions on how to do so in this support article). Be sure to use the same email address you used when you purchased your license key. It should show the status of your license, and if it is still active on another device or previous Windows installation from your current device then you may use the Deactivate all function described in this support article. If that still fails to resolve the issue then please contact Malwarebytes Support directly via the form on the bottom of this page and they will assist you in getting your license key validated and working properly again. Please let us know how it goes and if there is anything else we might assist you with. Thanks
  5. I see, so if enabled it allows you to, for example, have two files in the same folder with one named "file.exe" and another one named "FILE.exe" without any conflicts? Interesting, I wonder how they're accomplishing that, whether it's through a new native function/API or some kind of hack like Cyrillic where the same character (visually) is treated as/read as a different character (actually an old trick used by malware to imitate legitimate system files without replacing them, rendering their processes visually identical in tools such as Task Manager, though detection by malware scanners is quite trivial as programmatically they look totally different, though the engine needs to know how to process those characters without getting tripped up or stuck; something Malwarebytes had to address long ago back when I was still working on it).
  6. I'm no expert on Server and I'm definitely no one's teacher, but if it were me I'd probably start with trying to find a good forum or similar resource where individuals specializing in Server propagate as that would be the most likely place to find such information, at least in my opinion. Other than that, I'm sure there are online courses that can be taken to learn basic (and probably even advanced) Server stuff.
  7. Malwarebytes basically already has these capabilities, at least for some of its business products in its Flight Recorder and Ransomware Rollback components. More info is available here and you can check the documentation on the support site for more details.
  8. Regarding 3 and at least part of 4, these are things that the Malwarebytes team actually already does very well (most of the Malwarebytes engine/signatures are based on heuristics and more advanced pattern analysis and threat morphological prediction meaning each def=potentially lots of detections for many threats across a single variant/family of threats and many more 'fuzzy'/generic signatures extend to covering multiple families of different threats and sometimes entire threat classifications depending on the code and predictability of the patterns being targeted) and as for 4, that's at least partially accounted for in the behavior based components like Exploit Protection and Ransomware Protection which look at the source(s) of malicious/suspicious activity to trace and terminate/quarantine the source of an attack to stop the attack event in its tracks as early as possible (especially Exploit Protection which is pre-payload and tends to stop attacks much earlier in the kill chain than other more conventional detection/protection methods, perhaps with the exception of Web Protection which has the ability to block malware/attacks at their source, assuming the server/site hosting the threat/attack is known to the Researchers). While Malwarebytes doesn't contain a HIPS (and therefore doesn't really have much in the way of predicting consequences for letting a sample go), it does have the advanced anomaly detection engine/heuristics that looks at threat behavior and more advanced/fuzzy sample analysis to generically detect threats with a % of probability of certainty with identification, though anything matching its signatures beyond a specific threshold is detected/quarantined automatically when enabled (I'm not sure if they have it configured to only detect/quarantine threats with a higher than n% of certainty or not or if it's just anything with a higher rate of probability than 0%, but I suspect the former since most of the reported FPs coming from this component tend to show an 80% or higher positive identification indicator in the logs being submitted, at least based on what I've observed here on the forums). Going as far as trying to predict the potential risk/fallout of allowing a possible attack goes way beyond what any protection mechanism does in my experience and can become quite complex and computationally expensive very quickly in my opinion and would be better served to simply provide a protected rollback mechanism comparable to System Restore etc. rather than trying to generate real-time risk models while the system is actively in use as I could easily see some serious performance issues coming from trying to perform such calculations all the time when the user is trying to use their system, especially if they're doing anything more complex than simple web browsing like content creation, gaming, or any kind of heavy multi-tasking. It's also just way simpler to have a rollback mechanism that creates regular backups or just keeps a rolling iterative backup in real-time similar to the Flight Recorder and Ransomware Rollback components in Malwarebytes Endpoint Protection & Response (more info here).
  9. It's no problem at all. I went ahead and replied to your other thread. If you have any further questions or issues please don't hesitate to let us know.
  10. By the way, I noticed based on the image you posted that you're still on build 3.6.1 of Malwarebytes. Just in case you weren't aware, a new build has been released, version 3.7.1. You can install it by opening Malwarebytes and navigating to Settings>Application and clicking on the Install Application Updates button or by downloading it directly from here.
  11. Greetings, Most ad blockers should work just fine with Malwarebytes. I myself am currently using a large HOSTS file consisting of entries from multiple sources to block ads, trackers as well as malware (currently it has over 900,000 entries) as well as Adblock Plus in all my browsers (including IE) along with several for SRWare Iron (a Chromium based browser similar to Google Chrome but without any of Google's tracking and advertising built in) including Disconnect, Ghostery, DuckDuckGo Privacy Essentials, Windows Defender Browser Protection (the equivalent of Smartscreen, but for Chromium based browsers like SRWare Iron which I use) as well as Malwarebytes' own Malwarebytes browser extension beta (this one is particularly useful as it actually speeds up blocking by the Malwarebytes Web Protection component to make loading pages even faster when any content is blocked by it). That last one is probably the best fit for what you're looking for, but that said, you should be able to use pretty much any ad blocking browser add-on/extension alongside Malwarebytes without any problems. You can learn more and download the Malwarebytes browser extension beta at the following links if you're interested: Chrome Firefox The Chrome version should work with most Chromium based browsers including SRWare Iron and Vivaldi among others.
  12. Have you tried disabling Web Protection yet? If not, give that a try and see if that eliminates the blocks. If not, then it seems likely that Malwarebytes isn't the issue (or at least not directly as it could be some kind of conflict with something else on the system).
  13. Cool, yep, that's what I figured. Also notice what they said about "your firewall rules" because that's the key wording. They didn't say "our firewall rules" or "its firewall rules", they specified "your" which tells me that they are indeed using the underlying Windows Firewall with Advanced Security rules to control access for applications just like most other WFP based firewalls, meaning they all pretty much do the same thing and simply add their own functionality into the built in firewall functionality. That's both a good and a bad thing. It's good because it establishes a standard and makes working with and troubleshooting these firewalls universal and simple, but it's bad because if ever a serious vulnerability is discovered in the WFP framework that the bad guys learn to exploit we're going to be in real trouble because most firewalls and web filters (including the Web Protection in Malwarebytes 3 as well as the former Binisoft WFC of course) are using it. That said, I think it's pretty solid and has proven itself at this point. It's been around since Vista which goes all the way back to 2006/2007 and has yet to show any real weakness that I'm aware of so I think we're in pretty good shape.
  14. As long as you're using the free version of GlassWire there shouldn't be, but if using the paid version with the full firewall capabilities baked in then you may end up getting double alerts/notifications and such (but I believe both still honor the built in WFC with Advanced Security rules so if one is set to alert and the other is set to be silent it should be OK).
  15. Yep, I use Simple DNSCrypt (which uses both DNSSEC along with the DNSCrypt protocol) for this very reason. I also have it configured so that it randomly rotates between multiple DNS servers to disperse my traffic across multiple providers/routes thus further randomizing my traffic.
  16. I don't know, to me, closed is closed, so as long as the firewall (be it the built in Windows Firewall, a WFP based front-end/replacement for the Windows Firewall using the same APIs, or a third party firewall) is keeping all the ports closed/stealthed as they should be and Windows has all the appropriate sharing/remote etc. protocols locked down/disabled (the Public profile configuration) then I don't see a real difference. The big advantage, to me, of a third party/more granular firewall is for inside-out communications, i.e. greater control over the programs that communicate with the web. The local network stuff that you have to be concerned with on a public Wi-Fi connection/network don't really translate to suddenly requiring a more granular firewall, at least based on what I've learned of such things. The main thing is just keeping things closed/locked down to prevent other devices on the network from gaining access which should be fairly straightforward for any firewall and even Windows itself. That said, if you're dealing with the class of hacker that can and does bypass those kinds of protections on public networks, no beefed up third party firewall is going to stop them any better than the more standard WFP stuff would, and anyway, since Microsoft themselves recommend that all firewall devs use WFP they are all going to be subject to the same kinds of potential vulnerabilities that might exist in the protocol regardless of how robust their implementation might be; at least that's my take on it. Reference Windows Filtering Platform for more info. The other threat is a man-in-the-middle attack where the attacker might try to alter traffic through DNS manipulation/packet manipulation and the like, but since that takes place outside your system, no firewall is going to aid you in dealing with those kinds of threats as it all comes down to the security of the internet connection itself and so tools like VPNs and DNS encryption protocols become much more important (i.e. TOR, VPN tunneling tools, proxies, encryption protocols like DNSSEC, HTTPS, and DNSCrypt etc.).
  17. Yep, that's what most WFP based firewalls are these days, especially the free ones. They're either front-ends for the existing firewall or they use the same framework, APIs and functions, usually while adding other features such as prompts for outbound connections (as is the case with the former Binisoft firewall).
  18. Yes, if they do decide to integrate the firewall (which seems likely), it shouldn't interfere with Windows Defender/MSE at all so I expect them to continue to support keeping it active by default whenever Malwarebytes Premium is installed/activated.
  19. Greetings, If you just want the free version that only works as an on-demand scanner then please open Malwarebytes and follow the instructions in this support article and that should deactivate all of the active protection components and return you to the normal free version. If you have any trouble or if there are any other issues please let us know. Thanks
  20. OK, good. I guess it just needed to refresh once the scheduler was up and running and processed the scan. I'll still be reporting the GUI bug where it showed 'None' after you created the scheduled scan in case QA can replicate the problem so that the Devs can hopefully fix it so that the UI stays in sync with the scheduler.
  21. OK, good. It may be that the browser plugin doesn't like the site hosting it for some reason (it has a lot of heuristics that look at things like page behavior, layout and scripting to try and determine when an unknown site might be malicious). You can report the FP in the Chrome browser extension beta forum and they should be able to whitelist it.
  22. Excellent, I'm glad that it's working properly now. If there is anything else we might assist you with please don't hesitate to ask.
  23. Greetings, You should be able to fix this by opening Malwarebytes and navigating to Settings>Application and toggling the Show Malwarebytes options in Windows Explorer setting Off and then On again; if that fails, please try restarting you system to see if that resolves the issue or not. If it still isn't showing up then please do the following to perform a clean installation of the latest build, which should correct the problem if all the other options failed: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here If the problem still persists then please do the following so that we may take a look at what's going on with your Malwarebytes installation and hopefully find a resolution for the issue: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Please let us know how it goes, and if necessary, provide the requested ZIP folder and we will continue troubleshooting the issue with you. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.