Jump to content

exile360

Experts
  • Content Count

    23,559
  • Joined

  • Last visited

Everything posted by exile360

  1. You might also check to see if disabling self-protection has any effect on the issue as it's also been known to cause compatibility issues and performance problems under some circumstances.
  2. TCPView by Microsoft Sysinternals might also be useful as might Wireshark. They should both be capable of showing what sites/IPs each process is connecting to on your system.
  3. Greetings, They'll probably leave the automatic USB scanning to the AVs as not to create conflicts and the same goes for emails. That said, if any malware tries to execute from a USB drive or an email, including not only email attachments, but also embedded links and documents, the various layers in Malwarebytes Premium will detect them and stop them before they are able to infect the system. As for Windows Defender, it's left on by default deliberately for the sake of compatibility as not all users wish to use Malwarebytes alone, but you can usually rectify this easily if you do want Malwarebytes running on its own and Windows Defender disabled by changing the setting in Malwarebytes under Settings>Application below Windows Action Center to Always register Malwarebytes in the Windows Action Center. That will register Malwarebytes as your chosen active AV protection and Windows Defender should automatically be turned off by Windows.
  4. If you still see it being detected as "MachineLearning" after updating Malwarebytes please do the following: Right-click on the Malwarebytes tray icon and select Quit Malwarebytes and click Yes if prompted by User Account Control Navigate to C:\ProgramData\Malwarebytes\MBAMService and delete the HubbleCache file Launch Malwarebytes again and it should no longer detect the file
  5. Yes, I'd suggest still saving the license key and deactivating/reactivating the software after the transfer just in case the software sees it as a new installation/system (which is quite possible whenever a major piece of hardware is changed such as your hard drive).
  6. Ah, I'm glad I caught it then. I definitely wouldn't recommend leaving that option enabled all the time as it takes up some serious resources.
  7. Greetings, To transfer your license you will need to first open Malwarebytes on your existing system/drive and click on the My Account button located at the top right of the Malwarebytes program window and if you don't have the license key saved anywhere, go ahead and write it down so you will have it for when you reinstall Malwarebytes on your new drive, then you may deactivate your license either using the Deactivate License button located in the My Account tab or by using the online My Account Web Portal. Further information and instructions on how to use both methods of deactivation can be found in this support article. Once you have your new drive up and running all you'll need to do is download and install the latest version of Malwarebytes from here and then click on the Activate License button located on the top right of the Malwarebytes program window then enter your license key to activate the software. You can find detailed instructions, including images of what it should look like here. If there is anything else we might assist you with please don't hesitate to let us know. Thanks
  8. Did you activate the Collect enhanced event log data for support (not recommended) option under the Event Log Data section in Settings>Application in the Malwarebytes UI by any chance? The reason I ask is because I see a lot of debug entries in your log which I don't believe is normal. If you turned it on for diagnostic purposes that's fine, just be sure you disable it again otherwise your logs will likely get really large really fast as it's not a setting that's meant to be enabled all the time.
  9. You're welcome, I'm glad to be of service Yes, they are always on the lookout for input and feedback (and yes, even criticism) from their customers and users. It's one of the many things I respect about this company. If there's anything else we might assist you with please don't hesitate to let us know. Thanks
  10. Greetings, The email address you describe (first initial last name@) sounds legitimate as that's the format used by Malwarebytes employees so I do believe that this offer is legitimate. It is likely that they are seeking feedback on the mobile product to attempt to enhance/improve it and find out about your user experience with the software. It's a tactic used by Malwarebytes and other companies to compensate users/customers for their time and opinions/input in order to improve their offerings in the future.
  11. OK, thanks. It could be a similar issue as the one reported here. @dcollins would you mind taking a look? If you would provide the following logs it could help with diagnosing the issue: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  12. You might need to exclude a different EXE as they might be using a different one or more than one to connect to the game servers. Do the Malwarebytes logs show any web blocks occurring when this happens? If so it should show the path and filename of the process being blocked.
  13. Right, but if Web Protection is blocking it I assume it's blocking specific IP addresses, correct? Those might be false positives that the Research team can fix/remove from the database. And in the meantime you can exclude the application itself from Web Protection so that it is allowed to connect without being blocked.
  14. Greetings, First, to report this as a false positive please read the information in this topic as well as this topic then create a new thread in the Web False Positive area by clicking here and one of the Malwarebytes Research team members will check to see if this is a false positive and let you know as well as correct it by whitelisting the site if it is. Next, in the meantime while you're awaiting a response from them you can exclude the game's executable so that it is able to connect to the servers. To do this, please follow the instructions in this support article in the section where it says Exclude an Application that Connects to the Internet and browse to the location of the process that is being blocked when this occurs. This will allow any connections to/from that process to any servers in Malwarebytes' block list however all other processes will still be protected by Web Protection so it's a better option than disabling Web Protection altogether. If this does turn out to be an FP you can delete this exclusion once the Research team gets the issue corrected and the new database is published.
  15. You could also check your Event Viewer logs to see if any events such as program crashes/errors etc. occur at the time of these pop-ups. You could also find the game's log files and see if any issues or errors are being logged there when this happens as that also might give you a clue. If it only happens while gaming it could also be a problem with heat and maybe one of your components such as your graphics card is overheating causing it to crash out of the game, or it could be a bug in one of your drivers that an update might fix (you can check your system manufacturer's support site to see if there are any new drivers for your system and you can also check the individual hardware vendors' sites that made the individual components in your system such as your graphics card, processor, motherboard etc.).
  16. Very nice, it sounds like you have a good setup I do the same with Simple DNSCrypt. It has a checkbox that I can check/clear to enable/disable its custom DNS setting on my network connection which makes it very easy to switch back and forth, and if I need to disable my HOSTS file, HostsMan has a button that lets me do the same so turning it on/off is easy as well.
  17. Just to add, the rootkit scan, much like the Threat scan itself, was specifically engineered to look in all of the places where threats (in this case, particularly rootkits) would install on your system. In fact, specifically with regards to rootkits, since they must use drivers and/or the boot files/boot partition of your Windows system drive to be able to hide themselves (which is what makes them rootkits, technically speaking), it's pretty much a waste of time and energy to perform a rootkit scan across an entire drive. All locations where a rootkit could be active are already checked in the Threat scan automatically when rootkit scanning is enabled, plus, the other elements of the Threat scan such as looking at all loading points on the registry as well as all loaded processes, services, drivers and modules (DLLs etc.) along with its heuristics and other detection tech that looks for malware in all of the places where it likes to install and hide will ensure that if a rootkit is present on the system that Malwarebytes is capable of detecting, that it will be caught by the Threat scan when you have rootkit scanning enabled. Likewise, whenever the Malwarebytes Research team discovers any new locations being used by any infections, they add those locations to Malwarebytes via database updates so that they are checked by the Threat scan automatically along with all of the others so it doesn't even require a new product release to modify where the Threat scan looks for threats. Obviously it is totally up to you if you wish to continue performing custom/full scans, however I've worked for Malwarebytes for nearly 8 years and was a longtime Malwarebytes user before that and I have never seen a case, including when I was a PC repair technician dealing with infected systems that I had to repair and clean, that it was necessary to use any other scan type in Malwarebytes other than the Threat scan (formerly known as the Quick scan in previous Malwarebytes versions when it was known as Malwarebytes Anti-Malware/Malwarebytes' Anti-Malware).
  18. @AdvancedSetup can you take a look at what's going on here please? I notified one of the admins. Hopefully he can get this sorted out for you.
  19. Cool, so you finally found a configuration that works. I'm glad to hear it
  20. Greetings, This is happening due to the spam filter used on the forums that blocks content containing links in order to prevent spam posts. You should be able to zip and attach your logs instead and this should allow you to post the requested information without triggering the spam filter.
  21. Greetings, Thanks for the suggestion, I'll see to it that the Product team receives it for consideration. If you have any additional input please let us know as we're always looking for feedback and ideas. Thanks
  22. Yep, ever since 2.0 Malwarebytes has operated based on a service oriented architecture where it relies on a SYSTEM level service to perform all major operations, including not just the protection components and their drivers, but now also scanning as well (which in the 1.x days was an admin level user mode process executed by mbam.exe, but now is run through MBAMService.exe which itself is obviously a service).
  23. Actually, I think it's because Defender (and probably other AVs) are able to spoof user tokens. The trouble with network shares is, by default at least, they don't actually include local admin access (much like trying to scan another user's documents from a different limited user account) so even the SYSTEM account lacks privileged access to network shares, and this is why Malwarebytes can't scan these locations, and even if it could, it wouldn't be able to remove what it finds there due to lacking write access.
  24. The file I linked to isn't infectious, it's just a PUP (Potentially Unwanted Program) installer so you don't have to worry about any of your systems being compromised by it. You just needed something that Malwarebytes would detect in a scan, and that PUP installer fits the bill.
  25. Well that's frustrating. Hopefully you can figure out a reasonable alternative that works so that you can use your HOSTS/block lists without the performance issues. If I come up with any new ideas I'll definitely let you know.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.