Jump to content

exile360

Experts
  • Content Count

    24,998
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, I don't know of any issues with Malwarebytes that might cause the behaviors you've described, however a new version has been released recently that you don't have installed yet so perhaps it will help to update to the latest. To do so, open Malwarebytes and navigate to Settings>Application and click on the Install Application Updates button and allow it to download and install the new version or, if you would prefer, you may download and install the new version directly from here. Once the new version is installed, go ahead and restart your system and test to see if things have improved. If they have not, then please provide a fresh set of logs so that we may continue to attempt to diagnose the issues you're seeing: Run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  2. Greetings, I'm not certain what happened with your license activations, however the best way to get assistance with licensing would be to contact Malwarebytes Support directly via the options found on this page. Hopefully they can tell you what's going on with your license key and why it isn't showing all of the devices you've activated the software on, or at the very least assist you in getting the system to reflect your activations accurately. Please let us know if there is anything else we might assist you with. Thanks
  3. Yes, I believe so. Basically it fails to shutdown cleanly during reboot/shutdown, causing an error to be logged in Event Viewer but it doesn't actually impact how Malwarebytes functions when the system is running nor does it have any impact on Windows aside from causing the error to be logged in Event Viewer.
  4. No problem at all, I totally understand where you're coming from, though I would still strongly advise testing the other protection mechanisms as well, particularly because given the nature of the modern threat landscape (especially as it has existed and evolved over the past 2~6 years, where individual threats have had shorter and shorter shelf-lives and blended threats/multi-staged attacks have become the norm) as the other layers of protection really do matter far more than the Malware Protection/scan engine components, however I will provide options for all of the ones that I can and you may decide which to use to suit your purposes: Malware Protection/scan engine:Advanced SystemCare (this item should be detected as PUP [Potentially Unwanted Program] by both the scanner and Malware Protection components and you must have PUP detection enabled under the protection settings (it is enabled by default); you can test by scanning the file as well as by attempting to execute it/run it and it should be detected by the appropriate module depending on which you do (the Malware Protection component checks files on execution, prior to entering memory to avoid conflicts with AVs and other AM tools/products) Exploit Protection:HitmanPro Exploit Test Tool (refer to manual available here); you can test by adding the test tool EXE to the list of Protected Applications under Settings>Protection>Manage Protected Applications and I recommend adding it to the default (Browser) profile as I believe that's the most general purpose exploit shield configuration (though if someone from the Malwarebytes staff has a different recommendation then I concede to their first-hand knowledge). There is also the tool developed by Malwarebytes for this same purpose which is available here (instructions on using the tool are detailed in that topic) Web Protection: Try to visit or contact/ping iptest.malwarebytes.com or the IP address 52.21.84.70 and it should be blocked (any browser, any process on the system including a command prompt if you wish to script/automate the check); additional information available here Unfortunately I couldn't locate anything to easily test Ransomware Protection with, however it is quite frankly more of a reactive solution anyway due to the fact that, even though it uses behavior based detection capabilities rather than signatures, it has to see ransomware activity/behavior to detect anything meaning that by the time it detects the threat, the threat is already running in memory and attempting to encrypt your data (this is where the Ransomware Protection component should intervene, saving your data from encryption by stopping the malicious activity and quarantining the threat). With that said, given that almost 1:1 ratio of ransomware being deployed by exploits, I'm quite confident that Malwarebytes would stop such an attack far earlier in the kill chain anyway before it gets to the point of downloading/executing a ransomware payload, at least in the vast majority of cases based on what I know of most ransomware these days. You can also test PUM (Potentially Unwanted Modification) detection which is a component of the scan engine that looks specifically for system setting configuration changes in the registry which are frequently modified by malware and PUPs. A list of several of these may be found here and there are many others. If you have any questions on how to set one or more of them up, how to create a batch or reg file/script to automate their creation etc. just let us know and we'll assist. There are also several other key components to the scan engine and Malware Protection engine such as Linking (an advanced heuristic technique which can use a single detection to connect it to other traces and components of an active/installed infection through the registry and filesystem to more thoroughly detect and remove threats) and the Anti-Rootkit engine which uses DDA (Direct Disk Access) as well as various user-mode and kernel-mode detection techniques to detect and eliminate active rootkit infections along with several advanced remediation capabilities including DOR (Delete On Reboot) which is used to catch infections off-guard and kill them while they sleep early in the boot process as well as special repair and replace capabilities designed to eliminate threats and many of the system components and functions that they often damage (like internet connectivity, security related components such as Windows Defender, Security Center/Action Center, Windows Update, the Windows Firewall and many other components). Finally, I would also suggest taking a look at the diagram and information found on this page as it provides a decent amount of detail as to how Malwarebytes Premium functions and how it leverages its various layers of defense to thwart an attack during various phases of the kill chain/attack chain, including pre-execution and post-execution, to keep systems protected. I hope this proves useful to you and if there is anything else I can assist you with please let me know. I definitely understand the need to validate your protection's functionality and status and I will help in any way that I can to enable you to accomplish your task.
  5. Greetings, Please post the log from the scan if you wouldn't mind, along with a copy of the file if you are able as that should aid them in checking it and correcting it if it is a false positive. Thanks
  6. @fr33tux, @Elisabeth could one of you please jump in here to assist with this detection issue/FP? I just shot him another notification along with Elisabeth who is another member of the team. One of them should respond soon, but please post again if no one from the staff has replied by Monday evening (they may be out for the weekend so they may not be available until Monday morning).
  7. That's great news I hope that it remains fixed. I had a sneaking suspicion it might be the drivers as I've seen similar problems with sleep states in the past ever since the Windows Vista launch (when WDDM video driver model was first launched, which is still in use today in all modern Windows versions and the associated graphics drivers for devices that are compatible with it; don't get me wrong, it has some great advantages like easier driver removal/upgrade, but some of the bugs/issues that often plague them, especially older drivers, can be a real pain). Anyway, yes, please let us know if the issue returns and if there is anything else we might assist you with. Thanks
  8. I already offered to provide some files for you to test detection with if you wish, and several other vendors have created their own testing tools for this very reason (to test specific modules). The scan engine in Malwarebytes is by no means its primary layer of protection, nor is it anywhere near being its most effective, so even if EICAR were added, all it would do is validate that the least proactive component of Malwarebytes is functioning in a way that is irrelevant to its true capabilities (or even the capabilities of the scan engine itself, which is the very point I've been trying to make, because even a basic script can be designed to detect a string of text like EICAR, but that doesn't mean that such a script would be an actual AV engine). The way I see it, how something is detected is just as important as whether or not it is detected, especially when attempting to validate the functional status of something as mission critical as an AV/AM product. That's why we and other vendors have developed specific tools for this very purpose and why it would be far more valid to test using a relatively safe file (like a PUP; which you could easily archive within a ZIP folder if you wish to test archive scanning and can place anywhere you like to test where/what Malwarebytes scans) to determine whether or not Malwarebytes is functional. If an engine can detect a string of text, that says nothing about its ability to detect any threat that has existed within the last decade+ as I already mentioned, which is the entire purpose of such testing is it not? I mean what good would it do to validate that a product can detect something that isn't a threat, doesn't look like a threat, isn't detected the way that threats are detected and doesn't do anything beyond what looking at the status of a product in its own interface or in the Windows Action Center would tell you (i.e. whether the product's protection is active)? That's like using a website from 1998 to test a modern browser to verify that it is functional for loading modern websites; such a test would be invalid and could not be trusted to validate that browser's capabilities to read and render modern web code. The same is true for testing an AV/AM product with such an irrelevant test method as a basic string of text in a text file (because that is literally all that EICAR is and you can verify this yourself by downloading the text version and looking at it in notepad or any other text editor or by opening any of the other versions of it in notepad/any other text editor).
  9. Malwarebytes doesn't detect EICAR primarily for 2 reasons as I understand it. First, the test uses an extremely outdated method of testing an engine's detection capabilities, relying on a strict string of characters to be contained within a file. Second, since it also is used in non-executable files (such as text files and other non-PE file types), the primary Malware Protection component in Malwarebytes will not detect it because it doesn't look at those file types (malicious scripts and similar threats are handled by the Exploit Protection component which kills a real threat earlier in the attack chain, prior to the actual script execution phase which eliminates the need to attempt to target malicious scripts, which is a futile effort anyway given how trivial it is for the bad guys to alter/rearrange/encrypt/re-encrypt any malicious script file to completely evade any traditional text based/raw script detection technology in any AV/AM product or tool; this is why Malwarebytes instead uses behavioral detection to target exploits since, regardless of how the malicious payload/script etc. may be altered, the actual exploit behaviors used to get the object to download/execute remain limited and consistent because they must use some illegal operation/memory violation of some kind to accomplish the attack). While I do understand that the vast majority of AV/AM products do detect EICAR, the reality is that it does nothing to prove the efficacy of those products whatsoever because the methods used to detect it are completely irrelevant to any malware that has been created or found in the wild for well over 10 years (probably actually closer to 20+). With that said, I can provide you with a list of safe items you may use to test the various components in Malwarebytes if you wish, including some PUP installers which are harmless but should be detected by Malwarebytes since they do contain PUPs (Potentially Unwanted Programs). I'll have to concede to whatever the staff has to say about the situation, but the way I look at it, any product using EICAR as validation for their protection/detection capabilities is not doing their customers/potential customers any favors or inspiring any true confidence in their technology because it is an incredibly obsolete test method.
  10. OK, thanks. Also, please be aware that there is currently a known issue with the latest version of Malwarebytes which causes an error to be logged to the Event Viewer during system shutdown. The team is aware of this and plan to have it fixed in the next release, however it has not been linked to any other issues such as the problems you've described with startup etc.
  11. Do you have Fast Startup enabled in Windows by any chance? The reason I ask is because it is known to cause issues sometimes with Malwarebytes and other software due to the fact that it doesn't allow the system to ever fully unload/re-load the registry and certain other system components as it normally would during a full system shutdown/reboot. You'll find instructions on this page explaining how to check if it's on and how to disable it if it is. Also, considering how infrequently the issue seems to be occurring, it's possible that this is being caused by some particular scheduled task that only runs on a weekly basis such as the scheduled WinSAT check that occurs on some Windows versions once per week (there are others I believe; that's just the only one I recall off the top of my head at the moment). You might check Task Scheduler to see if there are any such tasks configured to run around the day/time that the issue is occurring as that may also provide a clue as to the root cause.
  12. Greetings, I cannot say for certain, however it does make sense considering the fact that a new version was released recently. If you have any version older than 3.6.1 installed then there is a new version available. If that is the case then you may either follow the message's instructions and allow it to install the new version or you may initiate the update manually by opening Malwarebytes and navigating to Settings>Application and clicking on the Install Application Updates button, or if you would prefer, you may download and install the new version yourself from here. You can find details about the new version here as well as here. Please let us know if you have any issues and if there is anything else we might assist you with. Thanks
  13. Greetings, Please try running the special build of Malwarebytes Anti-Rootkit found in this topic and have it remove everything it detects, then reboot if prompted to complete the removal process. Once that's done, proceed to run ADWCleaner and do the same, rebooting to allow it to complete the removal process if prompted. Once that's done, try running Malwarebytes again, reinstalling it if necessary to get it to run and try performing a scan and have it remove anything it detects, again rebooting if prompted to do so to complete the removal process. If any issues persist or if none of the above tools/scans would run then please go ahead and follow the instructions in this topic then post the requested logs and info in a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking your system and cleaning it of any threats as soon as one becomes available. Good luck, and I hope that the issue is resolved quickly.
  14. Thanks, I see that you're running Sophos and I recall there being an issue with Sophos a while back. Please try disabling the web protection component in Sophos to see if that makes a difference, then try enabling Malwarebytes again to see if you have internet access with Malwarebytes protection active. Please let me know how it goes and we'll proceed from there. Thanks
  15. Greetings, Please do the following so that we might take a look at what's going on with your installation: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Hopefully that will allow us to isolate the cause of the issue. Thanks
  16. Greetings, I just wanted you to know that I did submit your request to the Product team for consideration so that they might add it to their backlog of potential new features.
  17. OK, sounds good. Good luck and I hope that it goes well but if not then definitely let us know and we'll continue to troubleshoot the issue. Thanks
  18. edit: I just tested again and it wasn't blocked. Is it possible that it was actually the MB3 block database blocking it? I assume they use the same DBs, but could a discrepancy between the two cause this sort of issue?
  19. Ah, I see. Those "Jump to" links on the left just scroll the page to various section within the same document/article, so it's possible that for whatever reason those controls don't work with your device's browser. I will report this to the team to test, but I'm betting it has something to do with some kind of javascript restrictions in the browser you're using or something like that.
  20. I'm not sure as we still have yet to determine the cause, but if they can fix it they certainly will. So to get back to your specific issues, you said that when you try to launch the newsletter link contained in the email, it fails to open and that even when you view the link in a browser, links contained in the article fail to open, is that accurate? Is there anything else you can tell us? For example, what happens if you right-click on the link and copy it then try to paste/open it in a web browser, does it open then or does it still fail? Also, what happens when you click a link in the article exactly, does it just not navigate anywhere? What if you right-click on a link in the article and select "open in new tab" or "open in new window" or if you try to copy the link and paste it into another browser window or tab, does it work then? Sorry about the bombardment of questions, I'm just trying to narrow down the issue as much as possible. Just take your time and do your best to describe what you see happening and let us know. Thanks
  21. I see, it's because the auto-scrolling header/buttons cover up too much of the screen. It likely hasn't been optimized for display on lower resolution mobile devices. I will inform the team. Thanks for reporting this.
  22. You are most welcome, if there is anything else we may help you with please let us know. Thanks
  23. OK, do you mean articles linked like this one or are you referring to something else?: https://blog.malwarebytes.com/malwarebytes-news/2018/04/labs-ctnt-report-shows-shift-in-threat-landscape-to-cryptomining/
  24. I'm seeing the same block mentioned by the user: https://secure.gd/dl-avcleaner The block occurs when downloading the tool shown below which is found near the bottom of this page:
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.