Jump to content

exile360

Experts
  • Content Count

    24,588
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings and welcome, Based on the block information you provided it's actually being blocked by our anti-exploit component which is why excluding the website and file did not eliminate the issue. That said, vbscript.dll shouldn't actually be used by websites any more as it has been deprecated by Microsoft due to its frequent use by malware/exploits, however I too have encountered this issue occasionally with Internet Explorer though why it happens I still have not determined. More information on the deprecation of vbscript.dll may be found here. That article also provides information on disabling vbscript in Internet Explorer 11. If possible, I'd recommend doing that rather than excluding/disabling the detection, however if it is actually required for that website to function properly then that's obviously not an option for you so I have also provided instructions on disabling this detection. In order to eliminate the alert/block in Malwarebytes, if you need to I'd recommend temporarily disabling exploit protection when visiting the site, assuming you don't use it too often and won't be doing much browsing to other sites as you don't want to risk infection while vulnerable to exploit attacks. If that isn't a good solution for you then you may disable the setting or exclude detection of this particular exploit, however either option has the same net effect: To disable the setting that causes this detection you may access Settings>Protection>Advanced Settings (located under the Exploit Protection section)>Application Hardening and uncheck the box next to Disable Internet Explorer VB Scripting. If you uncheck that checkbox and click Apply that should stop Malwarebytes from blocking vbscript.dll whenever it is called by Internet Explorer, though again it is risky as vbscripting in IE has been deprecated for some time due to its use by malware so please be cautious. Alternatively, you may access the Settings>Exclusions tab and click Add Exclusion then select Exclude a Previously Detected Exploit>Next>Select then select the appropriate exploit detection from the list then add Internet Explorer (iexplore.exe) as the associated application, however because of the specificity of this particular shield, this would actually be no different than disabling the setting via my previous instructions above as both would leave you equally vulnerable and both should eliminate this detection from occurring. Unfortunately there is no way to exclude that DLL's use for a specific website and prevent it from being used on others, so if you do happen to encounter a malicious site employing vbscript.dll, Malwarebytes will not block it when this shield is disabled or this exploit detection is excluded. Please let us know how it goes and if there is anything else we might assist you with or if you have any questions about my advice and instructions.
  2. Right, but you can set it to "Warn User" that way it still detects them/shows them in your logs but doesn't actually remove/change them, at least for the time being while you're working this issue out. Obviously it means you'll have to review the logs with all those detections until the issue is corrected, but at least if anything else is changed that shouldn't be, you'll be made aware of it.
  3. I'm not aware of any known issues, however it is possible so I've contacted a member of our business product support team to review your case. He should be able to offer additional insight and assistance. In the meantime, did changing the setting for PUM detections work or did it continue to find and change/remove the excluded items/entries?
  4. Just to add, while it is not officially supported, Malwarebytes 3 should work on XP Pro x64, however some components will not. Specifically I know that our web protection doesn't function under x64 Windows XP and there may be others as well. It's also likely that any components which do not function under 32 bit Windows XP will also not work in the 64 bit version (such as our anti-ransomware component).
  5. No worries, I don't want you to leave it disabled permanently, this is just for testing purposes to learn more about the issue. Once you report your findings you may re-enable it and disable self-protection once more.
  6. Thank you for the suggestion, I will pass it on to the Product team for their consideration.
  7. Yes, just to test to see if that resolves it for the purpose of helping us to further isolate it. I'm glad disabling self-protection seems to have done the trick. If it holds, that would be the safest workaround until we get this resolved in a future release that way you aren't sacrificing any of Malwarebytes' detection capabilities or other malware blocking components.
  8. I have another thing for you to try which I believe will also work to allow your programs to run. Try disabling Exploit Protection prior to running any of the programs having issues (those listed in the shielded applications list). I do believe this is a bug in our anti-exploit component which our Developers have been working on, but I just want to make certain I'm correct so please let me know how the other attempts went with self-protection disabled then you may re-enable it and try running with exploit protection disabled to see if that changes things.
  9. By the way, if the primary issue is with Malwarebytes detecting and removing/changing these during scheduled scans you might consider configuring PUMs to "Warn user" instead of "Ignore" that way you'll still see all PUM detections in your logs and may review them should you have the need/in case some PUM you desire to be detected is found, that way you'll be aware of it and may address it. When set to warn Malwarebytes will simply detect the items and list them in the scan logs but will not change or remove them and will list the action taken as "No action by user".
  10. Greetings, As a short term solution you might consider disabling PUM detections for the time being until you get the exclusions issue sorted out. PUM detections (Potentially Unwanted Modifications) really only apply to system settings modifications which are sometimes altered by malware, however as long as your environment is sufficiently protected there is very little likelihood of any threats getting in and therefore being able to compromise any of the settings on your endpoints. The option that controls PUM detections should be under Protection and includes a drop-down menu where you can configure your Malwarebytes deployments not to detect them.
  11. Yes, unfortunately it's unavoidable. Since ESET, like most antiviruses, is an on-access scanner, whenever anything touches a file ESET scans each file it touches. In other words, this would happen if you'd been running a scan with the free version of Malwarebytes. Also, since most AVs are automatically configured to remove any threat they detect in realtime, there really won't be any decision to be made. Just as in your case, the order of events will take care of itself. The AV removes the detected object, the scan with Malwarebytes completes showing that it detected something. Even at that point, if the user decides to allow Malwarebytes to remove everything it has detected all that will happen is that Malwarebytes will attempt to remove a file that is no longer there, but it won't do any harm at all. I just wanted to make certain that no matter what, if any additional objects had been detected by the scan, that you did not leave them present on the system. One final note here as well: typically, this won't happen anyway. Because the AV scans every file that gets created, it will usually detect a new threat long before it is scanned by Malwarebytes. It just so happened that in this case, ESET couldn't detect the file until sometime later because it needed a database update which added detection for the file. This isn't something which occurs everyday, and in fact is quite a rare occurrence, so much so that we don't even have any sort of FAQ or knowledge base entry for any situations like this even though we've been recommending our customers use even our paid product alongside an active, up-to-date antivirus for years (since the beginning, really). As for our paid customers, it becomes even less likely because if the AV misses something, our layers of protection still have a very high probability of detecting the threat as 0-day/0-hour detection of new/unknown threats is an area we specialize in, especially in our paid product due to the many layers of protection it includes, many of which have a high probability of preventing any malicious file from ever even reaching the system like our Web Protection and Exploit Protection. Even in a scenario where our Malware Protection (the realtime analog to our scan engine) is the only one that would detect something as a threat comes across something also detected by the user's AV, the AV would have detected and removed it long before our Malware Protection would even have a chance to see it because in realtime our Malware Protection doesn't detect objects on-access, it detects them on execution, meaning when they attempt to enter memory, not when they're initially written to disk, so again, the AV (since it checks objects on-access, including as they are written to disk) would detect and remove such an object long before our Malware Protection even sees it. Our other earlier layers, if any of them is triggered by the event, would stop the attack chain so early that the malicious file itself would not have had a chance to even reach the system and therefore would block it before the AV even had a chance to see the file. This all goes back to how we have designed Malwarebytes to work alongside other layers of protection without conflicts. Again, I just wanted to make certain that if Malwarebytes had detected any additional traces that you still allowed it to remove them that way you wouldn't end up with a threat only partially removed. Either way the worst thing that could have happened was precisely what you saw which was two alerts, one from each product, about detecting something. No real harm would have been done no matter what choice you made as long as you allowed at least one of them to remove the threat (again, which by default your AV already did anyway and always would in such a scenario).
  12. Actually this shouldn't be too much of an issue. While Malwarebytes was scanning it accessed a threat that ESET was also capable of detecting, and since ESET is an on-access scanner, it detected the file. Allow ESET to remove the object and cancel the scan/removal for the Malwarebytes scan OR have ESET ignore the detection and allow Malwarebytes to remove what it found during the scan. The choice is up to you, however, be sure to check the Malwarebytes scan results. If there was more than one item detected, especially any loading points in the registry or associated files/folders with whatever object was detected by both, then I'd highly recommend having ESET ignore the detection and allowing Malwarebytes to remove it. This is because of the Linking heuristics capability built into Malwarebytes' scanner which makes it capable of more thoroughly removing an infection than most other antimalware solutions (including ESET). If you need to, temporarily disable ESET's protection in order to proceed with having Malwarebytes remove what it found during the scan. Then reboot and everything should be fine. edit: Never mind, it looks like ESET already removed the threat so it should be fine. Cancel the scan/results in Malwarebytes (but first check to see if there were any additional detections as I mentioned) and reboot as ESET recommends for cleanup. If there were other detections by the Malwarebytes scan then have Malwarebytes remove them then reboot when prompted.
  13. OK, I got some more info for you. While this has not been forgotten and they definitely do still plan to do this, there are some other things that have taken a priority and that's why this hasn't happened yet. For one thing, they've obviously been focused on fixing certain issues with the product reported by some of our customers (something that always takes priority) and there are also some new technologies under development that they are working on which have diverted resources away from projects like this for the time being. I wish I could say more, but I'm sure you can understand that there are some things which must remain secret in order to ensure our effectiveness against the latest threats, but just know that this hasn't been overlooked and they do indeed still intend to have these tests done, we just don't know when that will happen right now due to other priorities.
  14. Hey @WolfRules, I haven't heard anything new on that front yet, but I'll look into it immediately and get back to you. I'm actually quite anxious myself to see some tests too because I know that some of the new features we've rolled out recently are quite potent, including a new heuristics detection layer that looks very promising. I'll post back here if I get any news from the team that I can share
  15. I have returned with more news and a correction. It turns out that file isn't actually a registry backup as I thought it was, however it is something created by our scanner. It's a copy of an unknown file that our cloud component is analyzing to determine whether or not it is malicious, so it could actually be a threat but that is not guaranteed. That said, it can't do any harm as it is just a dormant copy of a file that exists elsewhere on your system so it won't be able to infect you even if it is malicious.
  16. OK, I've got some info for you and it's good news. That file is a temporary backup copy of the NTUSER.DAT file (a registry hive/file, basically) which is created when Malwarebytes runs a scan as part of our scan process. Once the scan is completed, the file should get cleaned up/removed by Malwarebytes automatically. So the good news is, it's not a threat/infection; the bad news is, it looks like AVG had a false positive. If there's anything else we can help with please let us know. Thanks
  17. OK, let me get a member of our Research team here to take a look. I don't believe the file is a threat, however I'd rather be certain.
  18. I share your sentiments regarding Windows Defender. While it does provide a basic level of protection from many common threats, it's far from a comprehensive protection solution and lacks components like the Anti-Exploit and Anti-Ransomware modules included in Malwarebytes 3 designed to target these modern, nasty threats. That said, you may even run Malwarebytes 3 alongside Windows Defender if you want to keep Defender as an additional layer of protection. You only need to set Malwarebytes to "Never register Malwarebytes with the Windows Action Center" under "Windows Action Center" which can be found in the main Malwarebytes UI under Settings>Application (scroll down near the bottom of the Application page and you should see it there). If there is anything else we might assist you with please let us know. Thanks
  19. I don't recognize that file name at all. It appears to be a GUID. Do you have self-protection enabled in Malwarebytes?
  20. Greetings and welcome No, it will not stack if you input the new key now. You'll need to wait until your current license has expired before changing over to the new key. If there is anything else we might assist you with, please don't hesitate to let us know. Thanks
  21. Greetings and welcome, Yes, this was done to correct an issue with the tray application not functioning properly. The Developers are working on an alternate solution to the problem this addressed so that the extra task will be unnecessary. In the meantime I've heard of users using the switch desktops function in Windows 10 to move the task over to a second unused desktop so that it no longer shows up in the default task switch view. Also, if you wish to exit Malwarebytes and want the service to close and not just the tray you need to leave the tray running, right-click on it and select "Quit Malwarebytes" and that will close the tray as well as all background services/processes/drivers/modules etc.
  22. It has no effect on how Malwarebytes actually functions, it just doesn't register itself with Action Center/Security Center in Windows any more so Action Center/Security Center no longer monitors its status. Malwarebytes' tray icon will notify you if there is any sort of problem with it anyway (protection turned off, databases out of date etc.) so having it monitored by Action Center/Security Center is not essential. If there's anything else we might assist you with please don't hesitate to let us know and thank you for choosing Malwarebytes to help keep your system safe .
  23. Yes, please try leaving it disabled to test if you don't mind. In fact, if you could further isolate it by disabling self-protection and then rebooting the system, then checking to see if it resolves the problem that could prove helpful as well as it would eliminate the self-protection driver from the equation.
  24. Just FYI, if you quit Malwarebytes via the right-click tray icon function, it should terminate MBAMService.exe on its own, it just takes a little while while it unloads all of its memory and modules. If you just quit and then force-kill MBAMService.exe via Task Manager etc., you run the risk of ending up with corrupted data files which were being written to at the time the service was exiting as well as potentially leaving other components in memory such as the DLLs and drivers it controls for our various protection components and other background functions. Because of this, if it is at all possible, I'd highly recommend just waiting for MBAMService.exe to terminate on its own after quitting Malwarebytes, otherwise the system's and product's behavior could end up being quite unstable, especially during the current Windows session since those other components I mentioned may remain loaded/active because the service was terminated too soon.
  25. Excellent, I'm glad you found it useful. If you have any issues or questions about the product or any ideas on how we might make it better to suit your needs, please don't hesitate to let us know. Thanks, and thank you for choosing Malwarebytes to protect your system from online threats.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.