Jump to content

exile360

Experts
  • Content Count

    23,961
  • Joined

  • Last visited

Everything posted by exile360

  1. Hehe, I ran the uninstaller, killed the service via Task Manager (so the uninstall could complete), then just reinstalled and updated once the fix was published. Perhaps not as clean of a solution as the one you describe, but I didn't have to reboot my system either .
  2. Yep, it has some pretty powerful heuristics for blocking the various categories of sites/threats etc. beyond a standard block database. It's a pretty cool tool, and when combined with the web protection in Malwarebytes 3 Premium, it makes for a rather robust web security/privacy browsing solution. Not to mention the fact that it can also speed up page load times rather substantially thanks to the fact that it blocks the ads and trackers found on most sites.
  3. It shouldn't be preventing web protection from starting in MB3 Premium. They're supposed to work together alongside one another. In fact, the plugin ties into web protection when MB3 Premium is installed/active and takes over redirecting for sites blocked by MB3's database in the browser displaying its newer block/redirect info page rather than the block page normally displayed in the browser when only MB3 is installed/active. That's due to the trackers such as Google etc. which are used for telemetry and whatnot. They're present on most pages on the web (which is one of the reasons organizations like Google have so much info on browsing statistics) so you're likely to see at least a few blocks on most pages you visit. The same is true for social networking trackers such as Facebook and Twitter. They're embedded on most sites these days and are blocked by most tracker blocking utilities, including the Malwarebytes browser plugin.
  4. Nice catch . Right you are, it's version 3.2..2, not 3.3.2. As indicated above, the version you have is an older build, version 3.2.2, not a newer 3.3.2 so yes, the latest home version build is still 3.3.1.
  5. While I do agree for the most part, enabling outbound filtering/blocking (including notifications/prompts to allow/block individual applications/processes) would be a welcomed addition. The capabilities are there for this and much more within the WFP APIs included in Vista and newer Windows versions and Malwarebytes is already using WFP for its web blocking component so adding this function wouldn't be too much trouble from a dev/code perspective. That said, there actually are already several rather robust and free options available that enable this functionality including Windows 10 Firewall Control (formerly Windows 7 Firewall Control and before that, Vista Firewall Control) by Sphinx Software, simplewall by Henry++, Privatefirewall by Privacyware, Tinywall by Pados among others. You can find a fairly comprehensive list of free firewalls, many of which leverage the built in WFP APIs/firewall technology in Windows Vista and newer here on Wilders.
  6. I like this idea a lot. In fact, if the solution is too lengthy/requires too much text/space (or even images for clarity) the prompt/notification could launch a step-by-step wizard and/or textual guide with instructions on resolving the issue, assuming any special steps are required beyond just downloading/installing the update. I'm thinking something similar to the Quick Tour feature currently built into the main UI. Basically a guided help tool for correcting issues, not unlike what MS offers with their guided help tools/troubleshooters and the MS Fixit solutions they once offered.
  7. Awesome, I'm glad to hear it ! You're very welcome, and if you have any more issues or need help with anything else please don't hesitate to let us know.
  8. I'm not certain that it's universal as it may (and likely does) differ depending on your location as Malwarebytes uses one or more CDNs (Content Delivery Networks) for their updates so your system will attempt to connect to the closest/fastest CDN/server for your particular location, however I got the following info from my firewall for Malwarebytes' connections when I executed an update check: I'll see if I can locate the update URL/domain name as that's the ideal solution for testing your connection. In the meantime you can try to ping those IP addresses to see if your system is able to connect to them if you wish.
  9. You shouldn't have to make any changes when using a VPN as I understand it, as having the VPN configured in your network adapter (which is how you connect to a VPN) should route all connections/traffic through the VPN automatically. A proxy is different and works per-application, at least as far as I know, and why it requires configuration in Malwarebytes. I say all this as I'm using an alternate DNS server myself (DNSCrypt via Simple DnsCrypt) and I didn't have to modify anything in Malwarebytes (or any of my other software) in order to allow it to connect/update. Likewise, with HTTPS Everywhere (which I am also using), it only affects your browsers so it has no bearing on whether Malwarebytes or any other software on your system is able to connect to the net (and I believe Malwarebytes uses encrypted HTTPS anyway, for security reasons). The only settings for Malwarebytes' connections are for using a proxy and can be found under Settings>Application under the Proxy Server section near the bottom (you have to scroll down in the main MB UI to see it). As for your firewall, if you have not configured it to allow mbam.exe, mbamtray.exe and mbamservice.exe to connect to the web, then that is most likely the reason why it cannot connect. Otherwise it could actually be your VPN itself blocking the connection on their end for some reason (they do often have filters to block malware, phising and other malicious content and sometimes additional blocks as well for things like ads, porn and other potentially undesirable content). I don't know what the specific domain/server is which Malwarebytes uses for updates, but if we can find out then we should be able to check to see if you're able to connect to the update servers directly via a ping command or through one of your web browsers. I'll look into it and see what I can find out then you can test to see what happens.
  10. You should be able to purchase a single license by visiting the purchase page for the home version and clicking the drop-down menu under Devices as shown below: You can choose between 1 or 2 years for your subscription duration, select the number of devices (licenses) you wish to purchase, then proceed with the rest of the purchase steps as you normally would.
  11. Avangate is a third party reseller which explains why you had to contact them directly as they would be the ones handling the billing for your license/renewals rather than Cleverbridge, which is the company that handles licensing/purchases for Malwarebytes when purchased directly from the company/through Malwarebytes. Currently the My Account feature cannot tie into third party resellers for handling autorenewal settings/license purchase options and implementing it in such a way as to be capable of it would require that all builds include this functionality for every new reseller, big and small, that sells Malwarebytes; something not likely to ever happen (and I've never seen a single AV/AM vendor that did either for such cases) especially since other resellers/vendors may have different purchase agreements and refund/renewal policies. Should you desire to have things function in a more streamlined fashion, I'd suggest that rather than renewing your license through Avangate, you instead purchase your next license/renewal through Malwarebytes/Cleverbridge if possible. That should give you the functionality you desire and eliminate the headaches.
  12. I tend to agree. Not only that, but given the specific nature of this issue, there really was no way to spot it prior to the update going out and the issue being reported by users/customers simply because the errant database didn't actually trigger any FPs or anything else that can be monitored/tested for in any automated fashion prior to the team actually being aware that this bug existed (and if they had been aware, it already would have been fixed before an update that triggered the issue had ever gotten published I'm certain). I know for a fact that Malwarebytes already had automated database checks in place to test every update before it went live before this event occurred. This just wasn't something that anyone would or could have predicted to test for. It was a corner-case bug caused by an errant string in the database that exposed an issue with how the service handles reading/loading of this specific kind of database string/entry. They now have a check in place to look inside the database and flag/block it from being published if such an entry exists, but again, it wasn't something anyone could have predicted prior to it being exposed by actually happening. It's a real bummer that it happened and yes, many users had problems because of the issue, but the company responded quickly, published a fix to correct the problem/prevent it from happening in the future and also implemented checks to spot any future updates which might include such an entry to block them from being published in the future. That's redundant measures they took on day 1 within hours of the event occurring to ensure that it doesn't happen again. In my opinion that's not only an acceptable response, but actually above and beyond expectations (most vendors would have simply published a fix in the code and called it good without bothering with the secondary database checks since the fixed code would prevent the problems/crashes from occurring again anyway).
  13. Yes, Malwarebytes does block all known currency miners, including those which come through embedded ads as well as other sources. That said, there is no harm in also using an ad blocker if you just want to see fewer ads on the web.
  14. If you guys haven't yet, please try following the instructions posted here to run mb-clean.exe/reinstall the latest version. Once it has been installed, be sure to check for updates. Hopefully that will resolve the issue. Regarding PC Pitstop, if possible, try disabling it temporarily while you install/activate Malwarebytes 3. Once it is installed and protection is active again, re-enable PC Pitstop and hopefully everything will work now, otherwise you may need to configure PC Pitstop to exclude Malwarebytes 3's files and processes. I don't have PC Pitstop so I'm not certain how to create exclusions in it so you may need to check with their support for further details if you aren't sure how.
  15. The most likely culprit would probably be your firewall. Since you're using AVG IS which has its own firewall rather than the default/built-in Windows Firewall, it's likely just a matter of excluding/allowing Malwarebytes to connect to the internet in AVG's firewall settings. There are other possible causes, but they are far less common. One example would be entries in your HOSTS file blocking some or all of Malwarebytes' servers, but unless you're infected by malware that modified your HOSTS file or you deliberately added Malwarebytes entries to your HOSTS file, such entries should not exist. Another would be if you use a proxy to connect to the internet but haven't entered the proxy credentials into Malwarebytes' settings, but such configurations aren't too common, especially for home users so it isn't too likely. Another possibility would be a problem on your ISP's end where their routing servers are failing to connect to Malwarebytes' update servers. You could run a trace to check for this, but again, it's not very likely so I'd recommend checking AVG's firewall settings before doing anything else to try to correct it.
  16. They already do have automated testing in place since the last major FP incident, which was precisely what was promised and the resolution that was implemented. The problem with that is, an automated FP check will obviously not flag any sort of memory leak/performance issue resulting from a corner-case bug like the one that occurred today. This bug was most likely the result of some bug in the code where, if a specifically written block entry in the database is included, it causes the service to fail to load the database into memory properly resulting in escalating RAM usage until the system runs out of resources. It's not something anyone would even think to test for (or expect to even be possible) until it has already occurred/been discovered, which was precisely what happened yesterday when the bad database got published. So now the Devs have likely implemented an automated check to scan the block database for any errant lines containing the specific string/block entry that is known to trigger this issue, and if found, notify the Research team and block the update from being published. As for live user testing prior to being published, with an issue like this it is quite likely that no one would have noticed it, especially if running a system with a fast CPU and a substantial amount of RAM (8GB+). Unfortunately, that would have been a very subjective thing to notice, and while one could argue that perhaps both a low-end and high-end (and perhaps even some mid-level) systems be used for such hypothetical testing, I'd again argue that unless an event like this had been predicted in advance (again, a corner-case which had never occurred prior to this), there would be no way to predict that such testing measures would be necessary to spot any potential issues. So really, the main problem with this issue was that there was no automated way to spot it/test for it without being aware of the bug that caused it prior to the event occurring, which wouldn't make sense since, if the team were already aware that this issue could occur, they would have published a fix for it long before this update that triggered it ever got published. It had to be an oddball corner-case issue that got past QA and Dev and thus no one was looking for it until it had already actually happened.
  17. No, the latest version is 3.3.1.2183, component package version 1.0.262, update package version 1.0.3807 as of 8:00AM CST, 1/28/2018.
  18. It's mainly because those other categories of threats are far more common these days. Malicious keyloggers aren't seen live in the wild too frequently at the moment (though I do suspect that once vendors begin to dig more deeply into the corporate/government/infrastructure space where APTs reign supreme that this trend will shift dramatically as APTs are more often than not designed NOT to display any obvious symptoms of infection and to take control of and/or exfiltrate data from the systems/networks they infect, unlike the more common threats like ransomers and the like whose primary goal is extortion). Screencap malware is another similar category of threat which is often found alongside malicious keyloggers and might also be something we see more prominently once researchers begin tracking more APT type attacks/threats. The same goes for more obscure/obfuscated worms as well as less frequently seen/more specialized/targeted types of exploits, some or all of which may or may not already be covered by existing anti-exploit tech in most current security applications (for example, the SMB vulnerability leveraged by WannaCry that caught a lot of vendors off guard as it spread through networks across Europe and elsewhere).
  19. Ah, custom block lists, yes, this has been requested in the past and last I heard they did plan to implement such a feature eventually, though when that might be I do not know.
  20. While I cannot speak for the staff, up until recently I was employed by Malwarebytes. I know for a fact that they do have automated test systems in place to test all updates before they go out and I do believe it is also protocol to do some level of live user testing by Research, however, given the nature of this issue and the fact that it can take quite a while (especially in systems with fast CPUs/large amounts of RAM) for this particular issue to show any obvious symptoms I suspect this is why the update got past QA. Regardless, knowing first-hand how other issues of this nature with broken/corrupted updates were handled in the past, I'm certain measures will immediately be put in place once the Devs fully understand the root cause to check for this issue for all future updates to prevent it from ever happening again. Whatever caused this, it's got to be something really obscure in the code as it's not something we've ever seen with the software prior to this to my knowledge.
  21. Yes, it must have been a bad update. I know they're already working on a fix. But they have to not only post a corrected update, but also test it fully internally first to make certain the issue doesn't repeat itself later on (and I'm sure they're also taking measures in the code and/or update system to prevent whatever the root cause was from occurring again in the future). For now I suggest everyone keep Malwarebytes disabled and/or uninstalled until the staff posts confirmation that the issue has been resolved (which will likely come in the form of a sticky thread in this area of the forums).
  22. For now anyone seeing issues should probably kill mbamservice.exe if you can, and if necessary uninstall Malwarebytes from your system until the staff announces that this issue has been resolved in order to prevent any possible loss of data/system crashes. Once they've got a fixed update pushed, reinstall/reactivate your Malwarebytes protection and all should then be well.
  23. I believe there must be an issue with the most recent database update as my installation is showing the same problems as are many others. I'm certain the Malwarebytes team will resolve this issue shortly. In the meantime, it may be best to terminate mbamservice.exe if quitting Malwarebytes the normal way (right-click tray icon and select "Quit Malwarebytes") to prevent further performance degradation, then watch the forums here for an announcement from the Malwarebytes staff when the issue has been resolved.
  24. While this isn't an authoritative answer, I'm pretty sure that number represents the number of blocked trackers (though it might apply to all blocks during the current session and/or on the current page, i.e. possibly ads and malware as well). It's likely similar to how other blocking plugins/extensions display similar info such as Adblock Plus, Disconnect, Ghostery, HTTPS Everywhere etc.
  25. That is a very valid point regarding hacktools and greyware in general. That said, keyloggers specifically should always be technically classified as spyware, however that does not necessarily categorize them as malware by default/under all circumstances. While spyware may, and often is in fact considered a sub-category of malware, not all spyware is all that malicious (same goes for some other categories such as adware) so if Malwarebytes were specifically an antispyware application I'd expect more strict blanketed targeting of all forms of keyloggers (legit or not), however since it is an antimalware app, a more generalized form of protection, some exceptions and differences in classifications are at least somewhat understandable (though I might then make the argument that one might seek additional protection to further augment the protection afforded by Malwarebytes to shore up such 'gaps' in protection). Either way, at least the worst of them are being targeted such as those used by banker Trojans and the like where the intent is definitely malicious. Those really are the most serious threats, though one still might be concerned about cases where others who've gained access to a system might have installed a legit keylogger for illegitimate purposes and want to take steps to better protect themselves/their endpoints from such potential threats (thinking corporate espionage etc. here as well as things like disgruntled exes and other similar scenarios where an 'internal' threat might exist).
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.