Jump to content

exile360

Experts
  • Content Count

    23,922
  • Joined

  • Last visited

Everything posted by exile360

  1. Chances are it keeps happening because it's failing to remove the detected entries during cleanup so it keeps finding them with each scan, but that's just a guess based on issues I've seen in the past. It's also possible that some other installed application is restoring the items that are being detected, and while unlikely, it's also possible that some malware on the system that hasn't been detected is restoring them whenever they're removed (we've seen rootkits doing this with adware recently, for example; just search the web for "smartservice adware").
  2. If this does not work you might consider excluding the IP address instead, assuming all of the links are hosted on the same server (which they probably are).
  3. Some of the ad blocking HOSTS files included with HostsMan block some of the ad/tracking servers used by PayPal and ebay. It's possible that one of those is what's causing the issue. Can you open HostsMan and temporarily disable your HOSTS file via the green square button in its UI, then open your browser and try visiting PayPal to see if you are then able to access it? If so, then you'll need to figure out which site is the culprit. Usually there are comments/notes included with entries that might break sites such as PayPal and ebay so if you open the HOSTS file in HostsMan and sort by comments you should be able to scroll through the list and hopefully find the entries dealing with ebay/PayPal and then disable those particular entries so they are no longer blocked (or just disable your HOSTS file temporarily whenever vising PayPal, though that sort of defeats the purpose of using HostsMan/a HOSTS file since one of the reasons for using it is to block malicious ads and malware servers; one of which may at some point hijack PayPal; though not likely, it is a possibility).
  4. Yes, that should be fine. Just post up the requested logs and explain your situation and they'll check it out and let you know if they see any issues or signs of infection and go from there.
  5. Is it a question of wanting MB3 to scan new drives whenever they are attached or do you just frequently have external drives attached to your system and wish for them to be included in scans by default or is it something else that you are requesting? Also, I don't know if you knew this or not, but you can actually use the right-click context menu scan function to scan a USB attached drive by accessing Computer in Windows Explorer and right-clicking the drive and selecting the option to scan with Malwarebytes.
  6. Greetings Yes, you absolutely may if you wish to. In fact, approximately half of our paid users are currently running Malwarebytes without an additional antivirus. That said, we continue to design our products to be fully compatible with antivirus and other protection/security software products in realtime should you choose to add more layers to your system's security configuration. In fact, if you still want an AV but don't want to pay for it (assuming you are currently using a paid antivirus) you may simply remove your current AV and install Microsoft Security Essentials which is Microsoft's own free lightweight basic antivirus solution. The two run quite well together in realtime without conflicts. There are also several other free AVs available from other vendors such as Avast!, Avira, AVG, Bitdefender, Sophos and at least a few others if you want additional options. The final choice is of course up to you, however even if you choose not to use an antivirus any more and use Malwarebytes alone, we are confident that the protection it provides is sufficient to keep your systems and data safe from online threats and attacks thanks to all of the layers of protection built into Malwarebytes 3 including our longstanding best in class malware protection which uses heuristics and threat signatures to target known and unknown malware executables that try to run in memory, our web protection which blocks known malicious websites and servers known to host malware, exploits, scams, phishing and other malicious content, our exploit protection which uses several layers of behavior based exploit defense and detection technologies to stop exploits before they can compromise your system or your software and/or load malware onto your system, our anti-ransomware protection which uses behavior based rules and heuristics signatures to target both known and unknown ransomware, as well as our brand new advanced anomaly detection technology which uses heuristics algorithms to detect new unknown 0-day malware files and processes. On top of that of course we also provide our scanning and remediation engine which has its own definitions, malware signatures and heuristics to detect and clean any threat and detect signs and components of infection, including not only malware files, registry data, folders and processes, but also system changes that may be the result of a present or past infection or attack. We are constantly working to enhance our technologies further with each release and we publish signature updates multiple times daily (usually 10 or more per day) in order to stay on top of the latest known and unknown malware threats on the web. I hope that I've sufficiently answered your questions but if not, please let us know and don't hesitate to ask if you have any further questions or need assistance with anything else. Thanks
  7. I don't know if this helps or not, but I believe a recent MS update has affected a lot of HTTPS/secure websites making them fail to display frequently in Internet Explorer. Have you tried another browser such as Chrome or Firefox to try to access the site?
  8. Yep, it's possible that the slowdown is unavoidable in some cases due to the fact that MS uses a network filter driver/API which is most likely what causes the slowdown you are observing during browsing. I too have noticed some slowdowns when using MSE alongside MB3 (I'm on 7x64) when browsing however it isn't too bad but that may be due to the fact that I have pretty fast hardware.
  9. Greetings and welcome, As I understand it, there will be no further definitions updates for it and the only kinds of updates it might receive are bugfixes for critical issues until its End of Life date. As the announcement mentioned, the functionality of JRT has been integrated into ADWCleaner with the exception of temp file removal so you should be able to use that to remove any PUPs/junkware that you'd normally use JRT for.
  10. I get a small red/orange triangle with a white "!" in the center on my tray icon when I turn off any protection component, is that not what you're seeing on your system? As for integrating an AV and all that, I can't speak for the product team but I personally see that as a pointless pursuit. All that would do is add a ton of overhead to the software (not to mention most likely make it incompatible with any other AV software, something we'd really prefer not to do since we do still have users who like to run an AV of their choice alongside Malwarebytes, not to mention other third party security apps which may not be compatible with whatever AV engine we might choose). As for participating in AV Comparatives (we do participate in VT already), again, it's pointless and we've explained why many times. The ability to detect stale binaries and dormant scripts and executables does nothing to determine the effectiveness of a security product in real world infection/attack scenarios and since our most proactive protection features rely on stopping the attack much earlier in the process, throwing an AV engine/database into the mix and putting our software up for such testing would only illustrate the efficacy of whatever AV we happened to choose at dealing with such tests, not how our entire layered approach to security stands up against real threats. We will participate in some kind of testing once the team has time for it I'm sure. We know full well that several users such as yourself really want to see it. I just hope that you and anyone else looking for such testing realizes that doing well (or poorly) in those kinds of tests says nothing about how secure (or not) an actual user of that software is when surfing the web and facing actual live threats and attacks.
  11. Yes, but Windows Defender is a component of the OS that updates through Windows Update, not a third party piece of software. As for our Android app, things are way different on mobile platforms than Windows. When we've got drivers, services and the registry to deal with an installation of a new version requires a lot more. I'm not saying it's not possible, just that silent installs for major versions isn't how things are typically done. As for a semi-silent install, I suppose we could but such a thing would require serious modifications to our installer (assuming InnoSetup, the package type we use, allows that sort of thing) or a second executable to launch the installer with the appropriate switches to make it silent, both of which would take major work on the part of the Devs for something that we're not even certain all users would want and doesn't do anything to improve our proficiency at our primary task which is stopping malware. Again, I'm not saying it's impossible or even that it's a bad idea. I think you guys make some valid points and silent updates/upgrades is something I've wanted to do for a very long time (years, actually) because I do believe it makes sense. At the same time, at least now we have the ability to upgrade individual components of the software without requiring a full installer and user interaction, something we didn't have in the past and something most vendors lack so we're only having users go through an install when it's required due to a major version release where our primary files are updated. Besides, I've seen our new installation wizard and it's way simpler than it used to be. It only takes like 2 or 3 clicks and you're done. It's not like the installers we had in the past where it was like 5 steps and a bunch of choices/selections that had to be made just to get the software installed (and most importantly we now have an "Agree and Install" button instead of a set of radio buttons forcing the user to choose "I Agree" then clicking "Next" through a bunch of install wizard dialogs). Now it just pops up, has a button to "Agree and Install", the unavoidable UAC prompt since admin privileges are required and a "Finish" button once it's done. There is an option to modify the default installation parameters of course, but assuming you don't want to alter the install location or change whether the desktop shortcut gets created you don't need to bother with it. So really, while it isn't totally silent/automatic, it does provide an experience quite similar to the one you describe where users push an accept/decline button, except they get a notification that the update has been downloaded, click the "Install Now" button in the notification to launch the installer, click "Agree and Install" in the installation wizard then click "Finish" once it's done so like maybe 2 additional clicks (again, not counting the UAC prompt from Windows) which I really don't think is that bad. My point is, now that we have this new installation wizard which is a lot simpler and more user friendly, the need to automate/silence product upgrades is reduced greatly, at least in my opinion.
  12. Correct, you'd choose 1 (which is also the default upon installation; a daily scheduled Threat scan and hourly updates).
  13. As of version 3.2 whenever you use the Install Application Updates button located under Settings>Application in the Application Updates section it will pull down the newest available version update/upgrade so the metering now only applies to scheduled update checks and database update checks through the link in the Dashboard. As for installing updates/upgrades automatically/silently via the scheduler etc., we do currently do this for patches where only some of our component files are replaced, however for major version upgrades where the primary executables/services/drivers are replaced, an installer is still needed and we still have those versions install interactively. While it could be possible to handle even these upgrades silently via command line switches, we generally don't in case there are major new features we want users to be aware of (including some which may need to be configured during installation) and we also aren't comfortable pushing out such version upgrades in a silent manner. This is actually industry standard practice. I don't know of any AV/AM software that will download and install a new major version upgrade automatically/silently without user interaction. That's not to say that we won't consider implementing such a feature, or at least an option to allow this behavior, but for now at least we are doing things the way that other vendors do with regards to new version releases. Anyway, I hope this helps to clear things up a bit. Please let us know if any of you have any additional feedback and/or suggestions for us. Thanks
  14. It is possible. We did track down and fix at least some of the issues which were causing protection components to fail under some circumstances so if the software is working properly for you now then there should be no need to run MB_Clean and reinstall again. If you do continue to see any issues, then you may proceed with the clean install process and post back to let us know what happened and how it went. Thank you for your patience with us as we work to resolve these issues.
  15. Excellent, we're glad to hear it! Thank you for letting us know. I hope that all of our customers/users have experiences as good as your own with our latest release, there were quite a few improvements and bugfixes that went out with it.
  16. There was a patch released recently, so I'm guessing that was likely what was downloaded when you saw the 58mb download. With regards to your other questions, as far as I know the limit for incremental downloads is somewhere around 100 database versions (time is not a factor as I understand it) and yes, if just 1 line is changed in a database then that 1 line/change is all that is downloaded, not the entire database. Our incremental updates are truly incremental and have been for as long as we've had this feature. As for the issue you saw on November 3rd, there was a temporary problem with our update servers recently which was causing large downloads during updates however it has since been fixed so I expect that was the issue you were experiencing.
  17. These limitations and issues are precisely why only XP 32bit is officially supported. Native x64 driver support on XP 64 was I believe one of the major hurdles our developers faced that we couldn't overcome in addition to the lack of many of the newer APIs in more modern x64 operating systems (especially Vista SP1+ and more recently 7x64 SP1+) that made many of our newer protection features/components possible. It is unfortunate that we've never been able to fully support XP Pro x64, however given its age now and very limited user base, most vendors have excluded it from their lists of officially supported operating systems. As I said though, in our case specifically it really did come down to technical limitations with the OS as we did investigate supporting it while XP was still an officially supported operating system by Microsoft and at one time (during the Malwarebytes 1.x days) we did officially support it, though with certain limitations (like web protection not working in x64 XP).
  18. Greetings, While more often than not these are just PUPs (Potentially Unwanted Programs, usually in the form of bundled installers or adware plugins), they are occasionally malware/malicious. We do our best to block the ones hosting actual malware and while we do block many of the ones hosting PUPs as well, sometimes we do miss some, but that said, our detection rates against the actual PUP installers is excellent so even if you'd have downloaded whatever they were pushing, Malwarebytes most likely would have detected it, either as malware if it was malicious or as PUP if it was the typical adware/bundled installer most of these are serving up. In addition to fake Flash, there are also often fake Java updates, fake video codecs (they claim you require a plugin/codec update to watch a video/view a website, which isn't at all true), or browser add-ons, most of which are some form of adware/browser search 'enhancer' that actually just shows you the sponsored results of their affiliates who are paying them. I do hope this helps to both inform you and set your mind at ease a little. If there is anything else we might do to help please let us know, and also, if you happen to have the URL of the fake Flash update please feel free to post it in a new thread here and our Research team will take a look and add it to our block list if it is malicious or meets our criteria for blocking scam sites.
  19. Greetings and welcome, That's certainly a troubling experience. I hope that you have since taken measures to ensure your network is secure and changed all your passwords, especially the one you were having trouble with on that endpoint as it sounds like the caller may have been a hacker/scammer and may have somehow accessed the machine. It's also possible he logged your keystrokes during the failed login attempts. As for his status as a reseller, our support team will need to work with you to make that determination, but hopefully we can track him down for you to find out more about what's going on. If we have a rogue reseller out there we definitely want to revoke their reseller status (assuming that is indeed what's happened here). Also, if it was a hacker who had access to the network/endpoint in question it is also possible they were just posing as a Malwarebytes rep to earn your confidence as they saw after accessing your network that you had Malwarebytes installed. There are certainly several possibilities but either way I hope we can help to rectify the situation whatever it might be.
  20. Yes, these connections are quite normal. As Telos mentioned above, Malwarebytes is checking for updates. It also has several dynamic components which check in from time to time.
  21. You are absolutely correct, and in fact, your use of a layered approach to defense (including an AV) is one we actually do endorse. While we do claim that our software is now capable of replacing a user's antivirus, we do not tell our customers that they should uninstall theirs or cease using one. There is still value in a second opinion as well as a separate layer of defense in case one fails. For example, while we always hope that it won't happen, it is always a possibility that something might slip passed us or that our software could somehow become disabled. In either scenario, if you have an active AV it is possible that it might catch the threat and/or continue to function so that you aren't left defenseless in that scenario. This is also why, by default, we do not uninstall any installed AV or prompt our customers to do so via any sort of notifications or claims of 'incompatibility' and why we still design our products to function in realtime alongside other layers of protection, including antivirus. We do feel it is best to play it safe and that including an AV in the equation can only increase your odds of staying safe. I said once before in another thread that while we do feel we finally have a product capable of replacing a user's AV, we do not believe that users should not continue to run one if they wish to and that is still what I believe. In fact, even on my own system after installing Malwarebytes 3 I left Windows Defender enabled because it's light on resources and doesn't conflict with Malwarebytes. While it hasn't caught or blocked anything missed by Malwarebytes 3 so far, there is no harm in leaving it there as a secondary layer of protection.
  22. Thanks for reporting this. I just tested on my own system and the Hyper scan seems to be skipping things it shouldn't here as well (in my case it skipped the memory portion of the scan according to my log). I've reported this to the team. It seems we have a new bug.
  23. That's the thing, we believe based on our testing and data that between our heuristics and signatures, our behavior based layers of protection and our blocking of known malicious servers that we are providing a layered defense capable of stopping every threat that any traditional AV database could and more. Partnering with/integrating a third party AV is something we've considered many times, but each time the idea comes up our Research and Dev teams prove to us through real world data as well as basic logic why this would be a mistake, especially now that the vast majority of threats are not only polymorphic, but even to the extent that two malicious binaries downloaded from the same source on the same day are frequently different. This renders traditional signatures pretty much useless because real world threats change far too frequently for any reactive approach to be an effective defensive layer. You can overcome some of this polymorphism through the use of heuristics, but the bad guys have caught on there as well and are now publishing threats which will deliberately vary themselves to such a degree that most heuristics will miss subsequent threats from the same family/vendor within a very short span of time, sometimes even from one download to the next for the same URL. What they cannot change is the behavior of malware and the techniques used by threats to infect a system and accomplish whatever their malicious purpose is, be it to download other threats, to open a backdoor into the system, to capture keystrokes/passwords and other sensitive data or to extort money from victims via file encryption and/or lockout from major functions of the system. Honestly though, this data really only shows how proficient our database, heuristics and anomaly detection components are as compared to the AVs because again, it is not showing what our realtime protection components are blocking. Do keep in mind also though that we are not trying to say that these AVs are useless. It only shows that they aren't necessarily the only protection needed and that at least adding Malwarebytes to the equation will increase greatly the level of security provided to the user's system and data. You see, since the beginning we've been fighting an uphill battle against the traditional way of thinking that an AV is all that a system requires to stay safe online. We feel this data backs our claims that there is more to the story than just good test results and we are using real world data to prove it, not some controlled laboratory test using a finite set of aged malware samples or direct links to malicious binaries skipping several phases of the attack chain (one of the greatest flaws with most tests I feel). I hope that eventually we publish data on our protection components as well in order to show how many more threats and potential attacks we stop, even with a top AV installed, but for now we at least have realtime data showing that even our free scanner still has significant value to offer AV users regardless of the AV solution they've chosen.
  24. Yes, of course an FP is possible, but if we were to have any FP common/frequent enough to significantly skew the results, our forums and support systems would be flooded with affected users reporting it. If it is some obscure FP on a file almost no one has, then it wouldn't be a large enough occurrence to affect the data in any meaningful way. Besides, if Malwarebytes were that prone to FPs I seriously doubt we'd have the reputation we do or the number of users and customers that we have. So is an FP showing up on the map a possibility? Of course, but it's not very likely. As for disabling data collection, yes, that would affect the data. It would reduce the number of entries showing up in the map if you've had Malwarebytes detect anything via a scan if you've also got an AV registered with Action Center, so it reduces the data in favor of the AVs. Choosing whether Malwarebytes registers with Action Center/Security Center wouldn't affect the results. Most of this data has to be from free users as paid users of Malwarebytes would be far more likely to have any threat blocked/quarantined before a scan is run and the only data being reported on the map is from scans where something malicious has been detected (we aren't including PUPs either). It's as I said earlier in this thread, were we to include detections from our realtime components, the data would likely grow massively. As for running MB3 in realtime, again, most of this data (if not all of it) must be coming from free users of Malwarebytes. It happens far less frequently that our scans detect anything when our realtime components are active because they tend to prevent anything from getting onto the system which a scan would detect. We will have side-by-side testing, but the methodology must be realistic otherwise the results would be useless. The vast majority of testing I've seen was anything but realistic unfortunately. Our data on this map is quite basic. In order for something to show up, the user must have one or more AVs registered with Security Center/Action Center and MB3 must detect at least 1 malicious item on the system via a scan, meaning we don't count any of the data coming from paid/trial MB3 users where any of our realtime components has blocked/quarantined a threat of any kind. So we aren't even comparing our paid product to the AVs here, it literally compares our scan-only database to the resident AV(s), meaning a LOT of what we claim makes MB3 a sufficient AV replacement product is not being included in this data set at all. We're basically crippling ourselves by the requirement that an item must be hit by our scanner and must not be a PUP because we know our realtime protection is far more likely to stop an attack/threat long before our scanner will have a chance to see it. The way we're reporting this data gives the AVs a huge advantage over us, so if they were proficient at providing 'complete' protection, the numbers on the map should be far lower or even non-existent for the 'top' AVs that tend to do well in the various comparative tests. Yet I see those top AVs on the map plenty of times right along with all the others.
  25. No, we did not restrict in any way the components used by the AVs. All of that data is pulled from Malwarebytes users' systems and reflects what Malwarebytes scans detect on systems where each of those AVs is installed (as reported by Security Center/Action Center in Windows) so whatever protections the user of each system has active at the time, including all components of their AVs, whatever those Malwarebytes scans detect were threats that got passed them.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.