Jump to content

exile360

Experts
  • Posts

    31,301
  • Joined

  • Last visited

  • Days Won

    41

Everything posted by exile360

  1. Greetings, Thank you for reporting this issue. If possible, could you please reinstall Malwarebytes 3 and replicate the issue once more by disabling it from starting up and verifying that the issue occurs again and then do the following?: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  2. Yes, that's correct. I believe it is due to the same behavior. Hopefully the Devs will either correct this behavior or at least clarify in the UI how one is to go about creating exclusions in situations like this.
  3. Just for a bit of added info regarding Chromium browsers, I'm using it with SRWare Iron and haven't experienced any performance issues.
  4. Just to confirm, the free version of Malwarebytes doesn't include any command line support so automating a scan using the Windows Task Scheduler would not be possible.
  5. Yes, this is true, however that's due to the fact that updates for Defender/MSE are published as Windows Updates. Back when it was Windows Live OnceCare they did not do this, and if Defender/MSE were decoupled from Windows Update, I'm pretty confident they would not publish that information. That's not to say it isn't a nice idea, it's just that it's an awful lot of additional work for a research team to maintain such information for every update that gets published, especially when there are on average 10 or more updates published per day (I don't believe Defender/MSE gets updated that frequently; usually only somewhere in the area of 3~4 times per day max I believe, though someone more familiar with it can confirm).
  6. Greetings, I believe this is the same issue that I reported with the Chrome version here. For whatever reason, the browser extension now requires that the main site being viewed be excluded rather than just the source of any embedded content which may be blocked (for example an embedded ad, video, image or other content that one would frequently find being linked to/embedded in other sites). I agree that this functionality is not ideal and is not the expected behavior (at least in my opinion) since the block/redirect page even clearly states the source domain/URL as the content being blocked, so when that source domain is then excluded the previously blocked content should be displayed, however it no longer works that way (I am certain it did in the past as I've been using it since before it was even available to the public as a beta as I was directly involved in its conception and initial development). I believe this is a bug and should be fixed; either that, or the way that the block page/redirect works needs to be changed along with the allow list function in order to more clearly indicate what must be done in order to unblock specific content on a webpage, though as you say, this also can present risk since you end up having to whitelist the entire domain where the content is linked which may not necessarily be completely benign and may link to other content from other sources that are not so harmless (for example, unblocking a site so that a video may play might inadvertently also unblock a malvertisement containing exploits from a completely different source linked to elsewhere on the same webpage).
  7. Greetings, If you aren't using version 7.4.1 of ADWCleaner then please try that to see if it resolves the issue. You can find more info and download it here. If that doesn't correct the issue then it is probably a problem that will not be corrected until the next version (most likely 7.4.2) is released. I hope this helps and if there is anything else we might assist you with please let us know. Thanks
  8. No, you don't need to check to confirm any time ADWCleaner detects anything. It's just a PUP/adware removal tool, it isn't anything risky or dangerous.
  9. Greetings, That entry isn't anything harmful and it is up to you what you do with it, however it should do no harm if you have ADWCleaner remove the entry. Please let us know if you have any further issues or questions and we'll do our best to assist. Thanks
  10. By the way, I will also ping members of our Business Support team to take a look at this thread, as I am certain they can likely clarify many of these points as well (if not all of them); @CHMOD_777, @N33dful, @knguyen1 could one of you guys (or anyone from Business Support) assist here with definitive answers to these questions above regarding the EULA/licensing terms for using the Home/Premium software in a business environment (3 licenses) please? Thanks
  11. I believe the main issue they're addressing with the whole remote aspect and authorized users etc. is that they don't want someone setting up say a central server where the software runs for protection and they have a ton of thin clients running through that so that they all are using that protection on those other devices/instances in a virtual sense as a way of bypassing having to purchase separate licenses for each individual client/device. With regards to automation, I believe they're just talking about things like modifying the software to do things that it was not intended to do; it has no impact on other software on your system which includes its own automation such as Windows Defender. Basically they don't want you to modify any of Malwarebytes' code/files etc. to automate something to gain functionality that isn't intended/provided by the software as it is (like say, taking the free version and modifying it so that you can script automated/scheduled scanning with it even though the free version doesn't include that functionality). A good example would be building some kind of script that automates functions within the software beyond the functionality provided, like building an AutoIT script or similar to automate the software's functions in any way. They also don't want you automating/scripting deployment of the software I'm sure, especially since such functionality is included in the higher tier business versions of the product (which also include the remote management and monitoring features I mentioned; I think a lot of these items are to guard against the home product cannibalizing their more robust business products, which makes sense). With regards to remote services, I believe they're saying that you aren't authorized to take your copies/instances of the software and use them to run a remote PC repair business to get paid for it, like what a company such as Support.com or GeekSquad does where they remotely install the software on customers' systems to repair/clean them, then remove the software and repeat this process over and over to generate income from the software that they purchased. If you have a business and you have the software installed on your employees' endpoints and you remote into their systems to do things like scan their systems, check their logs, deal with notifications/threats/quarantine events etc., that's perfectly fine (though if it is something you end up having to do often and especially if it is across a larger number of devices, I'd highly recommend one of the actual business products since they include options for cloud based remote monitoring, remote management and automation via policies and remotely executed commands as well as an on-premises solution which provides the Malwarebytes Management Console for you to install on a server on your network to perform the same task, just on your local system/network rather than through the cloud). I'm not certain what they're referring to with regards to transferring the software except that I suspect they are trying to avoid situations where an individual purchases a single license and uses it to perform remote repairs on multiple devices within their environment, basically 'cheating the system' by exploiting the ability to transfer the software from one device to another. Really, in the case of actually replacing one device with another, it should not be an issue, however I would recommend speaking with Sales or a member of Malwarebytes Support just to make certain. That said, this too sounds similar to the above regarding remote repair businesses, though it could also encompass IT within a company as I mentioned, where say you bought 3 copies of the software, but regularly used it for installing on/cleaning up any number of a hypothetical 100 systems in your environment. Since you're purchasing the software to actually install on/protect 3 specific devices for the life of those devices (until they are replaced of course, at which point you would then transfer the software to the replacement device) then this should be just fine and should not conflict with the agreement, at least as I understand it, though this may be something to take up with Malwarebytes Sales and/or Support directly just to make certain if you are concerned about the restrictions. Obviously you wouldn't want to jeopardize your licenses just because you had to replace a device that failed or was simply replaced due to being out of date etc. I'm not certain what the deal is with the VAT/taxes etc. and why that is mentioned, except that it may be a holdover from when they did not have VAT built into the sales site, however this is another item you may want to confirm with Sales or Support officially if you are greatly concerned about it. Anyway, to get concrete answers, your best bet would be to contact Malwarebytes Support directly by filling out the form on the bottom of this page and they should be able to provide you with definitive answers to all of your questions. I am fairly knowledgeable, however I am definitely not an authority on the subject, especially with regards to the legal terms and conditions of Malwarebytes' licensing agreements and I would not want to provide any inaccurate information which is why I try to offer clarification where I can, but still must defer to the Malwarebytes staff for any definite answers to these questions. I apologize that I cannot offer more definite answers to all of your questions, however I would not want to mislead you and end up steering you wrong due to any inaccurate interpretations I may have of the agreements.
  12. Excellent, well at least you've got it back to stability. I'm glad you found the cause of the issue. I guess for now there's not much to do but wait on the Devs to see what happens with the anti-heapspray issue.
  13. Thanks, it may help to disable fast startup in Windows if you haven't done so already as this setting can definitely impact Malwarebytes and many other applications in a negative way. You can find instructions on how to do so here as well as here. I don't see any major issues offhand just skimming your logs so far except maybe that UAC isn't set to default (though I doubt it has any bearing on these issues): UAC Settings ================================== EnableLUA: On Consent Prompt Behavior Admin: Off If you wish to try resetting it to defaults just to make certain, you can. Just change the settings for UAC back to default then reboot the system and see if things improve, but I doubt it will make any difference honestly. Some kind of conflict or corruption is far more likely I would think. You can test the former by trying another uninstall/reboot/reinstall of the latest beta, then reboot the machine one more time to ensure that it starts up normally/properly afterwards since that first reboot works different from subsequent reboots since that is when a lot of the drivers and other background components get installed and launch for the first time (the second reboot ensures that they should load normally going forward, though obviously this is not always the case, especially if the issue is an intermittent one). Please give that a try and let us know how it goes. Thanks
  14. Wow, only 2GB. Yes, that's terrible for a modern version of Windows, especially 64 bit. That used to be plenty, like during the days of Windows XP, but ever since Vista, the bare minimum has pretty much been 3~4GB or more just to keep the system from being super bogged down and constantly paging to the disk drive to use it as virtual memory. In fact, ever since Vista x64 SP1 I've been recommending a minimum of 6GB of RAM or more just to ensure proper operation without any major RAM bottlenecks/performance issues, and that is just for a system where only basic web browsing and office applications are to be used (that much RAM isn't really a requirement for such things, but any less and you very quickly will experience a lot of paging to disk and slow performance, even if you don't multitask much just due to the amount of RAM used by the OS itself).
  15. Greetings, I am sorry that you are experiencing this problem, however we should be able to get a member of Malwarebytes Support to assist you in getting this issue corrected. I will alert a member of the Malwarebytes staff to get you in touch with Support to reopen your ticket and hopefully get this fixed. @AdvancedSetup would you please assist in getting this customer connected with a member of the helpdesk Support team to resolve this issue if possible? Thanks
  16. Greetings, I apologize that your topic was overlooked and that you did not receive a response sooner. With that said, this is actually quite normal when using a P2P (Peer-to-Peer) application such as a Bittorrent client, the reason being that IP addresses, which represent the physical servers where websites are stored, are often shared between multiple websites, and since P2P apps such as your Bittorrent client connect to a wide array of IPs to both download as well as use trackers for the content being downloaded, it will often occur that some of the sites/IP addresses you are connecting to/that are connecting to you will be shared with sites that host malicious content. This does not mean that your P2P application poses a risk to your system because at least as far as these connection attempts are concerned, it does not (though obviously any content being downloaded could itself be infected with Trojans or other malware, however that has nothing to do with where it is being hosted since the files being downloaded through the Bittorrent client are the same regardless of which sites/servers you download it from as the files are verified to be identical by hash (a mathematical checksum which tells the program that the file/data being downloaded is exactly what it should be based on the torrent you selected to download); it just means that these blocks themselves aren't because of anything malicious going on). So you have a few options. First, you can simply ignore the blocked connections, however obviously your downloads and uploads (seeding) may go faster if these additional connections were allowed. If you wish to allow the connections without drastically compromising your protection you can simply create an exclusion for your Bittorrent client's executable that is attempting to make the connections (it should be identified by file name in the Malwarebytes block alerts in your tray) using the method described under the Exclude an Application that Connects to the Internet section of this support article and that will allow the connections through your Bittorrent client while still blocking any connections to such potentially dangerous sites that might be hosted on the same IP address for other applications such as your web browser. The other option, which I really would not recommend, would be to disable the Web Protection component while seeding/downloading through your Bittorrent client. Since this last option would leave you at risk of connecting to malicious/dangerous sites in other web-facing applications such as your web browser, I would strongly recommend against that option. You can learn more about how Web Protection works by reviewing the information found in this support article which may also prove helpful. Anyway, I hope my somewhat long-winded reply helped to alleviate your concerns. Basically, Malwarebytes is doing its job of protecting you, however the particular connections you mention coming from your Bittorrent client should be completely harmless and you may exclude your Bittorrent client's process from the Web Protection component in Malwarebytes if you are concerned about download/upload speeds or just don't want to see all those alerts since doing so should not compromise your protection in any meaningful way, however if you are more comfortable just living with the blocks then that is fine as well. If there is anything else we might assist you with please let us know. Thanks
  17. It may help to run the Flash Uninstaller and try downloading the standalone installer for the NPAPI version (which is the version for Firefox) which are each linked in this post if you haven't already. Other than that I'm not sure what to try besides reinstalling Firefox or maybe even trying the portable version of it.
  18. By the way, I did a bit more digging and I believe I may have discovered more details about precisely why Malwarebytes may be detecting this application as PUP. Apparently it was created by a company called SS Protect Limited who have apparently 'cloned' their software under at least 3 different names (I've confirmed Total AV, ScanGuard, and PC Protect so far, however I recall seeing many other 'clones' of this same software over the past several years when researching AVs and PUPs (I'm not a professional threat researcher, I just do so sometimes in my spare time as a hobby) and a quick Google search of any of the 3 I mentioned will reveal what I'm referring to; it's exactly the same UI just with the name changed). I also came across this discussion which includes comments about the product, the company as well as comments on their Android version (via excerpts from the Google Play Store) and the vast majority are negative, including comments from users who actually purchased it claiming it was a scam. Whether or not their opinions hold any weight or not is of course entirely up to you to decide, however given all of this information I can understand why Malwarebytes' Research team might decide to classify this application as PUP. Of course with all of that said, if you still wish to use the application then the instructions above should resolve the issue, at least from the Malwarebytes side. I don't know how the other application is preventing the two from working together, but there should be some kind of exclusions interface, allow list, or ignore list where you should be able to prevent it from objecting to Malwarebytes' presence on the system (hopefully).
  19. That is unfortunate; hopefully we can find a fix for it or the Developers will be able to correct the issue assuming it is a bug. In the meantime it may prove helpful if you would provide some additional data. If you're up for it, please open Malwarebytes and navigate to the settings page and under the General tab enable the option under Event log data then reboot your system and replicate the issue and once that is done, please do the following: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Once that is done go ahead and disable the Event log data option in Malwarebytes again (otherwise the logs will likely grow to enormous size over time as it creates a LOT of entries as it is quite verbose for the sake of troubleshooting/diagnostics). Thanks
  20. Excellent, that explains it then It must be that Belarc is relying on individual file version information or some other info for some reason then and they will likely revise their database once the final build of Malwarebytes v4 has been released and the dust has settled.
  21. Greetings, If it is the same TotalAV referred to here then the issue is due to Malwarebytes classifying it as a PUP (Potentially Unwanted Program). If you wish to continue to use the two of them together you will need to configure a few things. First, either change how PUPs are handled system-wide in Malwarebytes via the drop-down menu under Settings>Protection for Potentially Unwanted Programs, or temporarily disable the Malware Protection component in Malwarebytes which is accessible either from the right-click context menu in the Malwarebytes tray icon or from the switch on the Dashboard tab, then install TotalAV (assuming it will install with Malwarebytes present on the system), then once that is completed, open Malwarebytes and click the Scan Now button on the Dashboard tab and allow the scan to complete. Once it finishes, verify that all of the detected entries are related to TotalAV then click the checkbox at the top of the results list to clear/uncheck all detected items and click Next and when prompted on what to do with the remaining items, select the option to always ignore them and they will be added to your Exclusions list in Malwarebytes which will prevent those items from being detected in future scans and by Malware Protection (though any time you need to install a new version of TotalAV through an installer you will need to either exclude that installer first, or once again temporarily change PUP settings or temporarily disable Malware Protection so that it does not get detected and quarantined by Malwarebytes). I assume there should be a similar exclusion mechanism in TotalAV, but if not then you probably will not be able to run the two of them together. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  22. One could make the argument that he has 'situational awareness' with regards to the relevant threats within his environment, including the potential for the 'insider threat', but of course now we're just arguing semantics . Sorry, couldn't help myself; please feel free to disregard my silliness.
  23. It does the same on Windows; I suspect it doesn't detect when Malwarebytes Premium is already installed (and likely can't since it is confined to the browser which basically renders it blind to the entire system outside the browser, basically keeping it within a sandbox). That said, I will provide this feedback to the Product team and hopefully they can work out a resolution for it.
  24. It may be using the site's redirect behavior to heuristically/behaviorally detect the test site since it behaves like (and quite frankly kinda looks like, at least in my opinion) a potential tech support scam site or similar (big red page following a redirect displaying a security shield icon and containing the words 'Microsoft', 'Windows Defender' and talks about being infected by viruses etc.). Of course it's also possible that they simply added the site to the block database just to use it as a test page for their own extension as well (though that's less likely I think).
  25. I'd go with Porthos' suggestion above, and if that doesn't correct the issue, do a normal uninstall (assuming the uninstaller is still present), reboot, then do the following and I can guide you an deleting any major remnants, including any active components and their associated loading points: Create an Autoruns Log: Please download Sysinternals Autoruns from here and save it to your desktop. Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following: Right-click on Autoruns.exe and select Properties Click on the Compatibility tab Under Privilege Level check the box next to Run this program as an administrator Click on Apply then click OK Double-click Autoruns.exe to run it. Once it starts, please press the Esc key on your keyboard. Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them: Hide empty locations Hide Windows entries Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options: Verify code signatures Check VirusTotal.com Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish. When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns. Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder Attach the ZIP folder you just created to your next reply
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.