Jump to content

exile360

Experts
  • Content Count

    25,361
  • Joined

  • Last visited

Everything posted by exile360

  1. I spent days doing research. I did not make it less effective, and those are not all of the settings I saw. There was an advanced interface (notice how your screenshot says BASIC?) that included things like adding additional rules, disabling automatic mode, turning on startup modification notifications and several other things. I scoured their documentation, various forums with user discussions and technical articles to make it as strict and secure as I possibly could (I was pretty paranoid about security back then).
  2. Actually there are, or at least there were in the version I was using (it was ESET NOD32 Antivirus, latest build at the point I last used it which was several months ago). By default several of the HIPS settings are disabled/inactive under the advanced configuration settings. I turned most of them on so that it would be more paranoid than normal.
  3. OK, please give the following a try. It may help to diagnose what's going on here: Dependency Walker: Please run Dependency Walker by downloading the appropriate version for your operating system: Note: if you aren't sure what type of operating system you have, you may follow the instructions listed here to find out (it may also be capable of automatically detecting and displaying it for you within that page, though it may not work depending on your browser's security settings). 64bit Windows versions (x64) 32bit Windows versions (x86) Once you've downloaded the file, unzip it to a folder and run depends.exe In Dependency Walker click on File in the top menu and select Open... In the browse dialog that opens navigate to the folder where Malwarebytes is installed (usually C:\Program Files\Malwarebytes\Anti-Malware) Double-click on mbamtray.exe Once Dependency Walker has analyzed the file it may display a notification dialog. You may close it by clicking OK then proceed with the next step Click on File in the top menu and select Save As... and save the mbamtray DWI file to a convenient location such as your desktop or the folder where you extracted Dependency Walker to Now right-click on the mbamtray.dwi file you just saved and hover your mouse over Send to and choose Compressed (zipped) folder Attach the mbamtray.zip file you just created to your next reply
  4. Greetings and welcome, Thank you for the suggestion. I'll see to it that the Product team hears your feedback. Please let us know if you have any further ideas or requests or require assistance with anything. Thanks
  5. OK, thanks. I did notice that even though it appears that all of Malwarebytes protection components are active, Action Center is reporting that both Malwarebytes and Windows Defender are disabled. I don't know if it's related or not, but you might try toggling the Action Center/Security Center setting in Malwarebytes to see if that changes anything. Once you do, grab a new set of logs so we can see if it's reporting correctly now.
  6. Thanks, and did you try restarting the system? If so, try rebooting one more time just to make sure the full install process has done everything it needed to and that things have settled down, then check to see if it still shows up in that list.
  7. If you haven't already, try rebooting the system to see if it returns to normal. I'm thinking it could possibly be due to the fact that following install, the tray is launched by an admin mode/user mode process (the installer) rather than the service like it normally would be. If that doesn't restore it to normal you may try reinstalling, however if you wouldn't mind, please first gather and post the diagnostic logs as instructed here so that the Product team has a chance to take a look at your install just in case it turns out to be some kind of bug and they come in search of data.
  8. Greetings, You have a couple of options. First, you can launch a Hyper Scan (the quickest/shortest scan type) on each of the systems and once the scan completes, uncheck this detection on each one and click Next then select Always Ignore when prompted on what to do with the unchecked items and these detections will be added to exclusions so they will no longer be detected. The second option would be to go to Settings>Protection and use the drop-down menu under Potentially Unwanted Modifications (PUMs) located under the Potentially Threat Protection section to change the setting to Ignore Detections or Warn User so that PUM detections like this will either no longer be detected at all (Ignore) or so that they will still be detected and logged, but will not automatically be changed/removed (Warn). I'd personally recommend "Warn" that way any other PUM detections will still show up in your scan logs so that you may review them to determine if they are changes you made or not and can decide from there on how to handle them. Further information on what PUMs are and how to handle them may be found in this support article.
  9. Yes, that's correct, the accounts used for the forums are not connected to your account for managing your subscriptions/licenses.
  10. The information in this support article should prove useful. You may also find this information to be helpful. Please let us know if that doesn't resolve it and if there's anything else we might assist you with. Thanks
  11. Actually, yes, I did. On multiple occasions I had Malwarebytes block exploits that ESET didn't detect at all, even though I even had its HIPS component active and turned up to higher than normal settings. Most of them were exploits on websites, usually from malvertisements, though at least a few times they actually came from compromised legit websites and on several occasions it came from malicious documents attached to spam/scam emails (in the case of the attachments, I would deliberately try loading them to verify that Malwarebytes would detect them just in case it turned out to be something I needed to submit to the Research team for analysis). In addition to that, I also came across several attachments which were EXEs designed to look like documents (usually PDFs, but occasionally Word Docs) and while a few of these were detected by ESET, most of them got right by it and were nailed by the heuristics in Malwarebytes.
  12. That's correct, even better, if you can use the Deactivate License button under the Account Details tab under Settings (or accessible via the My Account button in the upper right corner of the main UI) when you're ready to move your license/subscription to a new system, that will ensure that you don't have any issues transferring the license key to the new system.
  13. In case it's helpful, I recently used Malwarebytes alongside ESET in realtime on Windows 7x64 for a couple of years and had not issues at all, performance or otherwise.
  14. Hello again, I don't know if it will help or not, but it's worth a try anyway. Please try the new version which was recently released, version 3.4.4. Open Malwarebytes and click Settings and under the Application tab click the Install Application Updates button. It should prompt you to download and install the new version, allow it to do so. Once that's all done, reboot if prompted then give it a try once more to see if it functions correctly. If it won't work in normal mode, try booting into Safe Mode with Networking to see if it installs/updates there.
  15. That detection isn't from a website being blocked, it's from the anti-exploit component blocking your web browser from executing VBScript on that website. VBScript is a type of scripting not typically used by modern websites and even Microsoft themselves advise against its use due to the inherent security risks and the fact that it's pretty much been rendered obsolete by newer, safer and better methods of scripting and providing active content on websites. That said, typically Internet Explorer will itself block the use of VBScript, especially modern versions of IE on modern versions of Windows however there are cases where it does still appear to occur (I know because I've seen these very alerts myself in the past, though they vanished just as suddenly and mysteriously as they'd started). I would recommend that if possible, you not allow the execution of VBScript and just live with the alerts for now, however if it's preventing you from reaching the site in question you have a couple of options. You may use a different browser such as Firefox or one based on Chromium (such as Google Chrome or SRWare Iron), or you may disable the option which blocks the use of VBScript in Internet Explorer within Malwarebytes. To do the second, you'll need to open Malwarebytes and go to Settings>Protection and below where it says Real-Time Protection click on the Advanced Settings button and beneath the first tab called Application Hardening uncheck the box next to Disable Internet Explorer VB Scripting then click Apply at the bottom.
  16. Greetings and welcome Any item listed will be excluded. The checkboxes do not need to be ticked/filled/checked in order for them to be active. The checkboxes are there only for the purpose of manipulating the entries such as selecting specific ones to remove or edit. Please let us know if there's anything else we might assist you with. Thanks
  17. Excellent, I'm glad to hear that Yes, version 3.4 is officially out now and includes quite a few improvements to protection, performance as well as numerous bugfixes and usability improvements. Based on what I've seen of the beta and reports so far, this appears to be the most stable 3.x release to date.
  18. Yes, it's certainly possible. There's no telling what the changes in the underlying code for thread and process handling that have been made to address those vulnerabilities might do to the performance of various applications, including anti-malware and antivirus (along with everything else; something that is still being investigated by software developers as well as Intel, AMD and Microsoft themselves). That said, I am still hopeful that we can find some kind of solution here because that kind of lag/delay in launching your Office applications could have serious impacts on productivity if you close/open them frequently.
  19. Additionally, as with file infectors in the past, there's no guarantee that the encrypted files are actually intact. If the encrypting malware has a bug in its code and doesn't replicate and encrypt the files properly, they may be unrecoverable even if you have the correct decryption key and method. This is why prevention is so important, as mentioned above by Devin. Also, regularly creating backups of any important files and folders is also a good idea, and if you have the means, regularly creating full image backups of your entire system (a feature built into Windows since Vista, and free tools are available for this purpose for older operating systems such as Macrium Reflect Free). These backups and images should be kept on a separate storage device which isn't regularly connected to the system when it is being used/at risk of getting infected so that the backups are safe from becoming infected/damaged themselves. A lot of good info on the various tools and methods available for creating backups and disk images can be found here in our self-help guides section.
  20. Version 2.x of Malwarebytes was very different from 3.x and didn't have the logic built into it to detect the newer 3.x build as it uses different registry and folder paths as these were changed during the development of 3.0. This is why it is possible to install a 2.x build on a system where a 3.x version is already installed. For example, if you used Chameleon at any point to try to get Malwarebytes installed/running, it hasn't been updated for version 3 yet and remains compatible only with versions up to 2.x, so that is the most recent version it can install.
  21. Yes, his name is Steven Burn and he is the creator and maintainer of the hpHosts database. Originally he worked independently on tracking malware sites, spam sites, ad/tracking servers etc. for the purposes of the hpHosts project which is a series of HOSTS files freely available for the purpose of blocking such sites. Then Malwarebytes hired him on when they decided to add malicious site blocking to the protection in Malwarebytes' Anti-Malware years ago. Since then, and thanks to the added capabilities of the web protection component in Malwarebytes, he is now able to block not only specific malicious domains/URLs (as that is a limitation of the Windows HOSTS file), but also malicious IP addresses/servers as well as entire known malware friendly IP ranges. If you investigate the histories of the individuals who work for Malwarebytes, especially in their Research and Development departments, you'll find a veritable "who's who" of prominent members of the independent internet security and threat research community. From the longtime MSMVP Mieke Verburgh (otherwise known as "miekiemoes") to legends like sUBs, creator of the powerful and widely used "ComboFix", and S!Ri, creator of tools like SmitFraudFix, one of the early community tools designed to deal with rogue AVs before companies like Malwarebytes came along with engines and tactics capable of dealing with them, do developers like Doug Swanson (also known as Swandog46), developer of the legendary and immensely powerful script based threat removal tool Avenger, the predecessor to the DoR (Delete on Reboot) technology build into Malwarebytes and the man responsible for laying many of the foundations of the engine and capabilities in Malwarebytes during much of its early years (along with others like Marcin and ideas from Research of course). Bruce Harrison, the head of Research at Malwarebytes who became known early on as one of a handful of individuals capable of keeping up with and tracking down the latest threats in the industry that plague users and compromise their systems. This trend has continued if you look at key acquisitions and hirings such as the acquisition of ZeroVulnerabilityLabs, whose co-founder Pedro Bustamante now heads R&D at Malwarebytes (current VP of Technology for Malwarebytes and head of Product and Research). ZeroVulnerabilityLabs had developed an industry leading anti-exploit technology which has since become Malwarebytes Anti-Exploit and has of course been integrated into Malwarebytes as one of its most forward looking, proactive protection layers. Malwarebytes also acquired popular anti-adware/anti-PUP utilities Junkware Removal Tool (JRT) and ADWCleaner to enhance the detection and removal abilities in Malwarebytes against PUPs, a step in delivering on their public statement regarding a more aggressive stance on PUPs (something they put a lot of money, time and effort into; not just lip service as such acquisitions illustrate). There are many more. And if you hunt through the list of Researchers, Administrators and other key employees and forum members here who work for and with Malwarebytes you'll find a lot of familiar names and avatars if you've been around the various security forums/communities throughout the years. Malwarebytes has always been a community driven company from the very start when a young Marcin Kleczynski had a relative's computer get infected with something nasty that the usual AV tools could not remove and he found one of the free malware removal help forums where he received assistance in cleaning the system up and then turned around and started developing tools for making detecting and removing such threats easier, which eventually lead to the creation of Malwarebytes. Even I, who am former User Advocate for Malwarebytes and prior to that, the Product Manager for Malwarebytes and many other products (originally I was PM for all products at Malwarebytes as I was the first PM for the company), and prior to that came onboard as the first QA (Quality Assurance) as I had sown a knack for finding bugs in software through my voluntary testing of alphas/betas here on the forums and due to my efforts to learn and help others here on the forums was hired straight out of their own community, and I am not the only one.
  22. OK, good, so you've definitely narrowed down the issue to a performance conflict between Malwarebytes and Symantec. Based on that information, have you tried entering extensive exclusions in both applications for one another? If not it's definitely worth a try. First, I'd recommend excluding all of Symantec's folders from Malwarebytes via Settings>Exclusions>Add Exclusion>Exclude a File or Folder>Next>Select Folder... and browsing to Symantec's folder in Program Files (as well as Program Files (x86) if it has both, assuming this is an x64 system), then checking C:\ProgramData to see if Symantec has any folders there, and excluding them as well if they exist. Then check the 3 directories under C:\Users\<your user name>\AppData for any Symantec/Norton folders and excluding them as well if they exist. And lastly, check for any Symantec/Norton drivers and services which might be stored under C:\Windows, C:\Windows\System32, C:\Windows\System32\drivers as well as C:\Windows\SysWOW64 and excluding them via the Select Files... option in Malwarebytes for exclusions. Then you'll want to exclude Malwarebytes' folders, files and processes as extensively as possible from any and all components of Symantec that you can via its options. The complete list of Malwarebytes entries can be found here. Please give that a try if you haven't already to see if it helps and let us know how it goes. Thanks
  23. To be frank, the single greatest advantage Malwarebytes adds to your setup with Kaspersky is its signature-less exploit protection. I've been studying and testing various security tools and AV suites/products for years, and I have honestly never seen anything so proficient at single-handedly vaporizing one of the bad guys' most frequently used attack vectors (web exploits and maliciously crafted document attachments in emails are by far the two most commonly used methods of system infiltration/infection these days and have been for at least a few years now). The second, and one which you yourself have already commented on is the web protection component. I'm good friends with the main Researcher that maintains the database and I know how dedicated he is to his work, how little he sleeps and how passionate he is about thwarting the efforts of those who would use the web for ill and he is very good at what he does. Not only that, but just recently (a couple years ago or so) he finally got some help when Malwarebytes hired on some additional staff to maintain the web protection database. This has greatly increased the level of coverage that module has for discovering and blacklisting bad websites and servers and it also means that there's at least one person working on it at every hour of the day. To me, the other modules in Malwarebytes are just icing on the cake. I know how good the heuristics and threat detection capabilities are in Malwarebytes standard Malware Protection component and scan engine because I used to write the tests for them for QA, and they are nothing to scoff at, and are light years beyond what's being used by most AV engines even today, not only because of the flexible and versatile syntax provided to the Research team to target threats and threat families (to counter polymorphism, a common tactic of today's malware), but also because of additional technologies designed to leave active malware no place to hide and no way to survive removal or to resurrect itself (capabilities missing from every AV I've ever used or tested and the only engine I've seen ever come close to the ability of a technically proficient human being laying hands on a system and combing it thoroughly for malicious binaries, directories and registry structures which don't belong, something I myself used to do as a PC repair tech when my hands were tied because of lackluster tools from major security vendors during a time before a product like Malwarebytes existed). When you add to that the new smarter anomaly detection engine that was developed with 0-hour threats in mind, it only increases the proficiency of what the Malware Protection and scan engine components have to offer. But as good as all of that is, it still doesn't come close to the effectiveness of the first two components I mentioned at preventing infection. They're just that good. You already mentioned PUPs, which is definitely something Malwarebytes has proven itself to be superior at eliminating when compared to the majority of tools out there thanks in no small part to Malwarebytes' aggressive stance on PUPs. Malwarebytes also recently added the new ransomware behavior based protection component to the mix, and while it has definitely had its share of growing pains (high FP rate early on during alpha/beta testing as well as missing a few major families of known ransomware at first before it was better tuned by the Devs/Researchers), it has also proven to be a valuable asset and an effective additional layer of defense. There are also a few modules in development/test that we can't share any info on yet which I'm very excited about. But even without those added goodies, Malwarebytes as it is today is quite a powerful protection tool, whether used alone or alongside other layers of protection. The incident that happened last month was unfortunate. It exposed a critical flaw in the code of the web protection component and Malwarebytes responded quickly to not only correct the issue on the database side, but also rapidly wrote and rolled out a fix for the engine itself which prevents it from ever happening again. They also took extensive measures to ensure that such an entry cannot possibly make it into any database update that gets pushed out to customers via automated database analysis that looks for entries matching the bad string that caused the incident in the first place. This means that even users of older versions of Malwarebytes which don't include the engine fix don't need to worry about the issue impacting them ever again because no update like that can possibly go live. It will be automatically flagged by the system and rejected and the Research team will immediately be alerted to the issue so that they may adjust the database accordingly and push it back out to the automated test systems to run it through the testing process again, and only when it passes all validation requirements will it be allowed to go live to the users.
  24. You're very welcome. If you require any further assistance please let us know and we'll do our best to assist. Thanks
  25. By the way, I previously tested the trial of HitmanPro.Alert and found myself frustrated by the same lack of functionality you mention as I too had cause to disable it at one point only to discover that I could not without removing the application completely. Thankfully all aspects of protection may be controlled and configured via its settings, shields and exclusions. You can exclude detection of a previously detected exploit, exclude an application, file or folder from Malware Protection as well as Ransomware Protection (or exclude from just Malware Protection or just Ransomware Protection if you don't want it excluded from both). You can exclude an application from being blocked by Web Protection so that it allows all connections to all sites for that individual application/executable, or you may instead exclude an individual URL/domain or IP address so that specific websites or servers which are contained in the Malwarebytes Web Protection block database/black list will not be blocked for any applications/connections. It is quite versatile in its configuration options. You can even adjust the priority of scans so that they use less CPU to improve multitasking if you wish (for manual scans only; scheduled scans automatically run as low priority so as not to disrupt normal usage of the system while they run). You may find further documentation of Malwarebytes' features in this document as well as this knowledgebase. Please let us know if there is anything else we might assist you with. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.