Jump to content

exile360

Experts
  • Posts

    31,301
  • Joined

  • Last visited

  • Days Won

    41

Everything posted by exile360

  1. That's correct, even better, if you can use the Deactivate License button under the Account Details tab under Settings (or accessible via the My Account button in the upper right corner of the main UI) when you're ready to move your license/subscription to a new system, that will ensure that you don't have any issues transferring the license key to the new system.
  2. In case it's helpful, I recently used Malwarebytes alongside ESET in realtime on Windows 7x64 for a couple of years and had not issues at all, performance or otherwise.
  3. Hello again, I don't know if it will help or not, but it's worth a try anyway. Please try the new version which was recently released, version 3.4.4. Open Malwarebytes and click Settings and under the Application tab click the Install Application Updates button. It should prompt you to download and install the new version, allow it to do so. Once that's all done, reboot if prompted then give it a try once more to see if it functions correctly. If it won't work in normal mode, try booting into Safe Mode with Networking to see if it installs/updates there.
  4. That detection isn't from a website being blocked, it's from the anti-exploit component blocking your web browser from executing VBScript on that website. VBScript is a type of scripting not typically used by modern websites and even Microsoft themselves advise against its use due to the inherent security risks and the fact that it's pretty much been rendered obsolete by newer, safer and better methods of scripting and providing active content on websites. That said, typically Internet Explorer will itself block the use of VBScript, especially modern versions of IE on modern versions of Windows however there are cases where it does still appear to occur (I know because I've seen these very alerts myself in the past, though they vanished just as suddenly and mysteriously as they'd started). I would recommend that if possible, you not allow the execution of VBScript and just live with the alerts for now, however if it's preventing you from reaching the site in question you have a couple of options. You may use a different browser such as Firefox or one based on Chromium (such as Google Chrome or SRWare Iron), or you may disable the option which blocks the use of VBScript in Internet Explorer within Malwarebytes. To do the second, you'll need to open Malwarebytes and go to Settings>Protection and below where it says Real-Time Protection click on the Advanced Settings button and beneath the first tab called Application Hardening uncheck the box next to Disable Internet Explorer VB Scripting then click Apply at the bottom.
  5. Greetings and welcome Any item listed will be excluded. The checkboxes do not need to be ticked/filled/checked in order for them to be active. The checkboxes are there only for the purpose of manipulating the entries such as selecting specific ones to remove or edit. Please let us know if there's anything else we might assist you with. Thanks
  6. Excellent, I'm glad to hear that Yes, version 3.4 is officially out now and includes quite a few improvements to protection, performance as well as numerous bugfixes and usability improvements. Based on what I've seen of the beta and reports so far, this appears to be the most stable 3.x release to date.
  7. Yes, it's certainly possible. There's no telling what the changes in the underlying code for thread and process handling that have been made to address those vulnerabilities might do to the performance of various applications, including anti-malware and antivirus (along with everything else; something that is still being investigated by software developers as well as Intel, AMD and Microsoft themselves). That said, I am still hopeful that we can find some kind of solution here because that kind of lag/delay in launching your Office applications could have serious impacts on productivity if you close/open them frequently.
  8. Additionally, as with file infectors in the past, there's no guarantee that the encrypted files are actually intact. If the encrypting malware has a bug in its code and doesn't replicate and encrypt the files properly, they may be unrecoverable even if you have the correct decryption key and method. This is why prevention is so important, as mentioned above by Devin. Also, regularly creating backups of any important files and folders is also a good idea, and if you have the means, regularly creating full image backups of your entire system (a feature built into Windows since Vista, and free tools are available for this purpose for older operating systems such as Macrium Reflect Free). These backups and images should be kept on a separate storage device which isn't regularly connected to the system when it is being used/at risk of getting infected so that the backups are safe from becoming infected/damaged themselves. A lot of good info on the various tools and methods available for creating backups and disk images can be found here in our self-help guides section.
  9. Version 2.x of Malwarebytes was very different from 3.x and didn't have the logic built into it to detect the newer 3.x build as it uses different registry and folder paths as these were changed during the development of 3.0. This is why it is possible to install a 2.x build on a system where a 3.x version is already installed. For example, if you used Chameleon at any point to try to get Malwarebytes installed/running, it hasn't been updated for version 3 yet and remains compatible only with versions up to 2.x, so that is the most recent version it can install.
  10. Yes, his name is Steven Burn and he is the creator and maintainer of the hpHosts database. Originally he worked independently on tracking malware sites, spam sites, ad/tracking servers etc. for the purposes of the hpHosts project which is a series of HOSTS files freely available for the purpose of blocking such sites. Then Malwarebytes hired him on when they decided to add malicious site blocking to the protection in Malwarebytes' Anti-Malware years ago. Since then, and thanks to the added capabilities of the web protection component in Malwarebytes, he is now able to block not only specific malicious domains/URLs (as that is a limitation of the Windows HOSTS file), but also malicious IP addresses/servers as well as entire known malware friendly IP ranges. If you investigate the histories of the individuals who work for Malwarebytes, especially in their Research and Development departments, you'll find a veritable "who's who" of prominent members of the independent internet security and threat research community. From the longtime MSMVP Mieke Verburgh (otherwise known as "miekiemoes") to legends like sUBs, creator of the powerful and widely used "ComboFix", and S!Ri, creator of tools like SmitFraudFix, one of the early community tools designed to deal with rogue AVs before companies like Malwarebytes came along with engines and tactics capable of dealing with them, do developers like Doug Swanson (also known as Swandog46), developer of the legendary and immensely powerful script based threat removal tool Avenger, the predecessor to the DoR (Delete on Reboot) technology build into Malwarebytes and the man responsible for laying many of the foundations of the engine and capabilities in Malwarebytes during much of its early years (along with others like Marcin and ideas from Research of course). Bruce Harrison, the head of Research at Malwarebytes who became known early on as one of a handful of individuals capable of keeping up with and tracking down the latest threats in the industry that plague users and compromise their systems. This trend has continued if you look at key acquisitions and hirings such as the acquisition of ZeroVulnerabilityLabs, whose co-founder Pedro Bustamante now heads R&D at Malwarebytes (current VP of Technology for Malwarebytes and head of Product and Research). ZeroVulnerabilityLabs had developed an industry leading anti-exploit technology which has since become Malwarebytes Anti-Exploit and has of course been integrated into Malwarebytes as one of its most forward looking, proactive protection layers. Malwarebytes also acquired popular anti-adware/anti-PUP utilities Junkware Removal Tool (JRT) and ADWCleaner to enhance the detection and removal abilities in Malwarebytes against PUPs, a step in delivering on their public statement regarding a more aggressive stance on PUPs (something they put a lot of money, time and effort into; not just lip service as such acquisitions illustrate). There are many more. And if you hunt through the list of Researchers, Administrators and other key employees and forum members here who work for and with Malwarebytes you'll find a lot of familiar names and avatars if you've been around the various security forums/communities throughout the years. Malwarebytes has always been a community driven company from the very start when a young Marcin Kleczynski had a relative's computer get infected with something nasty that the usual AV tools could not remove and he found one of the free malware removal help forums where he received assistance in cleaning the system up and then turned around and started developing tools for making detecting and removing such threats easier, which eventually lead to the creation of Malwarebytes. Even I, who am former User Advocate for Malwarebytes and prior to that, the Product Manager for Malwarebytes and many other products (originally I was PM for all products at Malwarebytes as I was the first PM for the company), and prior to that came onboard as the first QA (Quality Assurance) as I had sown a knack for finding bugs in software through my voluntary testing of alphas/betas here on the forums and due to my efforts to learn and help others here on the forums was hired straight out of their own community, and I am not the only one.
  11. OK, good, so you've definitely narrowed down the issue to a performance conflict between Malwarebytes and Symantec. Based on that information, have you tried entering extensive exclusions in both applications for one another? If not it's definitely worth a try. First, I'd recommend excluding all of Symantec's folders from Malwarebytes via Settings>Exclusions>Add Exclusion>Exclude a File or Folder>Next>Select Folder... and browsing to Symantec's folder in Program Files (as well as Program Files (x86) if it has both, assuming this is an x64 system), then checking C:\ProgramData to see if Symantec has any folders there, and excluding them as well if they exist. Then check the 3 directories under C:\Users\<your user name>\AppData for any Symantec/Norton folders and excluding them as well if they exist. And lastly, check for any Symantec/Norton drivers and services which might be stored under C:\Windows, C:\Windows\System32, C:\Windows\System32\drivers as well as C:\Windows\SysWOW64 and excluding them via the Select Files... option in Malwarebytes for exclusions. Then you'll want to exclude Malwarebytes' folders, files and processes as extensively as possible from any and all components of Symantec that you can via its options. The complete list of Malwarebytes entries can be found here. Please give that a try if you haven't already to see if it helps and let us know how it goes. Thanks
  12. To be frank, the single greatest advantage Malwarebytes adds to your setup with Kaspersky is its signature-less exploit protection. I've been studying and testing various security tools and AV suites/products for years, and I have honestly never seen anything so proficient at single-handedly vaporizing one of the bad guys' most frequently used attack vectors (web exploits and maliciously crafted document attachments in emails are by far the two most commonly used methods of system infiltration/infection these days and have been for at least a few years now). The second, and one which you yourself have already commented on is the web protection component. I'm good friends with the main Researcher that maintains the database and I know how dedicated he is to his work, how little he sleeps and how passionate he is about thwarting the efforts of those who would use the web for ill and he is very good at what he does. Not only that, but just recently (a couple years ago or so) he finally got some help when Malwarebytes hired on some additional staff to maintain the web protection database. This has greatly increased the level of coverage that module has for discovering and blacklisting bad websites and servers and it also means that there's at least one person working on it at every hour of the day. To me, the other modules in Malwarebytes are just icing on the cake. I know how good the heuristics and threat detection capabilities are in Malwarebytes standard Malware Protection component and scan engine because I used to write the tests for them for QA, and they are nothing to scoff at, and are light years beyond what's being used by most AV engines even today, not only because of the flexible and versatile syntax provided to the Research team to target threats and threat families (to counter polymorphism, a common tactic of today's malware), but also because of additional technologies designed to leave active malware no place to hide and no way to survive removal or to resurrect itself (capabilities missing from every AV I've ever used or tested and the only engine I've seen ever come close to the ability of a technically proficient human being laying hands on a system and combing it thoroughly for malicious binaries, directories and registry structures which don't belong, something I myself used to do as a PC repair tech when my hands were tied because of lackluster tools from major security vendors during a time before a product like Malwarebytes existed). When you add to that the new smarter anomaly detection engine that was developed with 0-hour threats in mind, it only increases the proficiency of what the Malware Protection and scan engine components have to offer. But as good as all of that is, it still doesn't come close to the effectiveness of the first two components I mentioned at preventing infection. They're just that good. You already mentioned PUPs, which is definitely something Malwarebytes has proven itself to be superior at eliminating when compared to the majority of tools out there thanks in no small part to Malwarebytes' aggressive stance on PUPs. Malwarebytes also recently added the new ransomware behavior based protection component to the mix, and while it has definitely had its share of growing pains (high FP rate early on during alpha/beta testing as well as missing a few major families of known ransomware at first before it was better tuned by the Devs/Researchers), it has also proven to be a valuable asset and an effective additional layer of defense. There are also a few modules in development/test that we can't share any info on yet which I'm very excited about. But even without those added goodies, Malwarebytes as it is today is quite a powerful protection tool, whether used alone or alongside other layers of protection. The incident that happened last month was unfortunate. It exposed a critical flaw in the code of the web protection component and Malwarebytes responded quickly to not only correct the issue on the database side, but also rapidly wrote and rolled out a fix for the engine itself which prevents it from ever happening again. They also took extensive measures to ensure that such an entry cannot possibly make it into any database update that gets pushed out to customers via automated database analysis that looks for entries matching the bad string that caused the incident in the first place. This means that even users of older versions of Malwarebytes which don't include the engine fix don't need to worry about the issue impacting them ever again because no update like that can possibly go live. It will be automatically flagged by the system and rejected and the Research team will immediately be alerted to the issue so that they may adjust the database accordingly and push it back out to the automated test systems to run it through the testing process again, and only when it passes all validation requirements will it be allowed to go live to the users.
  13. You're very welcome. If you require any further assistance please let us know and we'll do our best to assist. Thanks
  14. By the way, I previously tested the trial of HitmanPro.Alert and found myself frustrated by the same lack of functionality you mention as I too had cause to disable it at one point only to discover that I could not without removing the application completely. Thankfully all aspects of protection may be controlled and configured via its settings, shields and exclusions. You can exclude detection of a previously detected exploit, exclude an application, file or folder from Malware Protection as well as Ransomware Protection (or exclude from just Malware Protection or just Ransomware Protection if you don't want it excluded from both). You can exclude an application from being blocked by Web Protection so that it allows all connections to all sites for that individual application/executable, or you may instead exclude an individual URL/domain or IP address so that specific websites or servers which are contained in the Malwarebytes Web Protection block database/black list will not be blocked for any applications/connections. It is quite versatile in its configuration options. You can even adjust the priority of scans so that they use less CPU to improve multitasking if you wish (for manual scans only; scheduled scans automatically run as low priority so as not to disrupt normal usage of the system while they run). You may find further documentation of Malwarebytes' features in this document as well as this knowledgebase. Please let us know if there is anything else we might assist you with. Thanks
  15. Yes, you may both individually disable Exploit Protection in Malwarebytes, both via an option in the tray icon's right-click context menu as well as an option under Settings>Protection in the main UI. Additionally, you may disable Exploit Protection for individual shielded applications (the list of programs protected by the Anti-Exploit component), both for the default list of shielded apps as well as any custom apps you might have added to the list. Also, it allows you to control individual exploit mitigation components via an Advanced Settings interface in the main UI that controls additional shields and exploit mitigation tactics. Below are images of the Malwarebytes interfaces of which I speak so that you don't have to take my word for it (and you may also use the 14 day trial of Malwarebytes 3 by installing Malwarebytes 3 from here if you haven't used the trial already):
  16. OK, please try the same with Malware Protection then verify that the following isn't running: MBAMProtection using the same method as above (it should tell you that it either isn't running or isn't installed as a service, but you may verify that this is the right driver by turning it back on and using the sc query MBAMProtection command again). If that does not help, turn Malware Protection back on then disable Exploit Protection; this is the one that ESProtection belongs to; I was mistaken about its purpose in my above post so then use the following command after disabling Exploit Protection: sc query ESProtection If that does not help, turn off Web Protection and verify that MBAMWebProtection is not running via the same method.
  17. You may adjust how much CPU is used by changing this setting to Lower the priority of manual scans to improve multitasking under Settings>Application:
  18. You're welcome, and if there's anything else you require assistance with please don't hesitate to post
  19. Ah, I see. That was most likely due to a (rather unfortunate, at least in my opinion) "feature" in Edge and several other modern browsers (Chrome does this too, as may Firefox) where, if the browser isn't closed normally (i.e. you didn't click the "X" close button to shut it down or it crashed (or in this case, killed it via Task Manager), it automatically "recovers" the last page you had it open to, which in this case was unfortunately that scam site.
  20. Greetings and welcome Did it actually change your home screen or did it just pop up one day and you couldn't get away from it without closing your browser while you were visiting a different website (in other words a pop-up or redirect to the scam page from a different page)? I ask because that's pretty typical for these kinds of scams. They work by popping up while you are browsing by inserting themselves as pop-up ads that end up taking over your browser window so that the only way out of it is to kill the browser's process using a tool such as Task Manager. They generally do not change your homepage for your browser or install any software. They just try to trick you into believing that something is wrong while the page is up and try to prevent you from closing the page so that you think you're actually infected hoping they can scare you into calling the number and paying them to fix infections you don't actually have on your system. As long as you can now open your Edge browser and it goes to your normal homepage and doesn't show that scam site then you should be fine. If you are continuing to see any signs of infection then please follow the instructions here and create a new topic by clicking here describing your issues and including the logs and information requested in the first link and one of our malware removal experts will assist you in checking and cleaning your system of any malware as soon as one becomes available. This help is provided free of charge and you don't have to buy anything (not even Malwarebytes) to receive help. If there is anything else we might do to assist you please let us know. Thanks
  21. I was hoping that would work as I've been seeing a similar impact on performance on my own system and usually disabling ransomware protection eliminates the issue, however I'm running Windows 7 and don't have Norton so I guess the differences in our environments is why it didn't work for you. You might also try the beta (which I have installed currently) which may be found here. Perhaps that will help improve performance. It's worth a try at least. It contains a lot of bugfixes. You might also run the following from a command prompt after disabling ransomware protection just to verify that it's actually fully unloaded when you turn it off: sc query ESProtectionDriver If you find that it is still active (i.e. the STATE is listed as RUNNING) then you should try disabling it by opening an administrative command prompt and entering the following command: net stop ESProtectionDriver If you found that it was still running and you subsequently disabled it via the above command, go ahead and attempt launching some of your affected applications again to test their performance.
  22. Greetings and welcome Just to test, would you please try disabling Ransomware Protection but leave the rest of the protection components in Malwarebytes running to see if that eliminates the issue? Please let us know how it goes. Thanks
  23. Greetings and welcome, I'm sorry that the software isn't working properly. If you would, please try installing the latest beta version from here to see if it resolves the issue you're having. Please let us know how it goes. Thanks
  24. Greetings, I'm sorry you're having these issues. If you would, please try installing the latest beta from here. Don't uninstall your current version, just install the beta on top of your existing installation so you don't have to worry about registering your license key again. Hopefully the beta will resolve the issue. Please let us know how it goes. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.