Jump to content

WORKS2016

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I've been seeing more and more attacks against RDP sessions recently and I've also seen it get far enough that someone has gained access to the desktop at the logon screen. I know the IP address, as mentioned in the Title and the IP. What I'd like to find out is where the attack is originating from on clients computers. Is it coming from an email they opened, a website they went to, etc. I was allowing RDP connection through the firewall on different ports until I noticed the possible attacker being at the logon screen. Now everyone makes a VPN connection first before RDP. Does anyone know how this attack is being initiated. After making users create a VPN connection they're are still showing active attacks. I'd like to pinpoint where they are coming from.
  2. I have a client that was hit hard by Lockbit. Took out all the workstations but one on the LAN and two our of 4 servers. It turned off and deleted Shadowcopies too. I have Malwarebytes installed on all the devices and it was never detected. While cleaning up the network I ran Malwarebytes and it didn't detect anything. Alarming and strange. I then downloaded Spy Hunter 5 and ran a scan and the ransomeware is detected. All my clients have Malwarebytes Endpoint protection, why and how would Malwarebytes skip over the ransomware even after I know 100% it's on the network. It's done so on all devices.
  3. I watch Digital Ocean, LLC on my network closely because I've seen more intrusion attempts from this company than any other. An incident that's definitely spiked my concern is testing an RDP port using port 3395 to a test computer. Within a day this computer was endlessly being scanned on the new port down to the minute from Digital Ocean's IP. Anyone have any insite on Digital Ocean's integrity, if it's worth blocking the IP, etc.
  4. Thanks KDawg. I hope to see the download available from the portal in the near future.
  5. Anyone else feel Malwarebytes reporting would be more user friendly if there was a download option? Why not have the option to download and view and not have to go through email, seems like an unnecessary step. Why go to email to download a file?
  6. Spoke to soon, it's the in the previous document you shared. %PROGRAMDATA%\Malwarebytes Endpoint Agent\Plugins\EDRPlugin\Restored Files
  7. thank you dcollins, exactly what I needed. Any idea where I can get information on the cache folder? Where's it's located, what type of file or database file it is. I would like to change the setting between time and file size and see how much the folders grow in size. Thank you.
  8. Have allot of potential clients asking how rollback works. Can anyone shed light on this for me? Some questions are what technology does rollback use, does it take up drive space and CPU resources?
  9. Great, thank you I'll search the posts. Any other sites areas to search?
  10. There's a nasty email going around using a password they hacked from another company to attempt to extort money from me. For example, I got an email stating someone accessed my account using a password that shockingly is one I've used before. So, immediately they have my attention. I happen to use a password vault so it was easy to determine where I used it and narrow down what was really going on. Turns out the password was a basic password I used years ago on a site that was irrelevant, for example, I made a one-time payment and didn't have anything else on file. Even if someone got access there was nothing that would affect me. Didn't use the password anywhere else. This company got hacked and the keychain compromised, the hackers then took my email and password and attempted to trick me into thinking my computer was hacked, they have all my data, and they wanted me to pay a ramsome. Not sure how legit this site is https://haveibeenpwned.com/ which claims to check if your email address was involved in a data breach which companies are involved. What are others using to research this? My clients are now getting this same email and it's concerning for them, for obvious reasons, and I want to give them a well-rounded answer. Not just you're fine and this is spam. Of course, I want to know this information for my ongoing research involving cybersecurity. Thank you.
  11. Never installed Endpoint Protection on a VM, any objections? Running 2012 Server Standard with two VM's. One is the PDC the other is the Exchange server. I read installing on the PDC can create issues with DNS and DHCP and some configuration, mainly exclusions are recommended. Didn't matter if the PDC was a VM or not. How about a VM / Exchange server? Any issues that it's a VM and does it interfere with mail flow, the information store, etc? Thank you.
  12. Trying to add an additional user to the portal and get the following error "Refusing to fulfill request" any ideas? Note, I've used the email account in another portal and suspect this may be why it can't be used again. If this is the case managing multiple clients portals this will be disappointing. Hope it's not the case. Thank you.
  13. @CHMOD_777 my post is about clarification. I need to know 100% Malwarebytes on it's own rolls back encrypted data to a prior safe state and entirely independent of 3rd party backup solutions. It's hard to test this without getting an infection. Does Malwarebytes rollback the data or does it rely on a 3rd party backup solution? Thank you.
  14. The spam filter was the issue. How about setting up an alternative email address, is it possible? Thank you.
  15. Cloud portal, Reports On-Demand: Select generate report changed to "Request Submitted" but nothing never happens past this point. Scheduled: I have daily, weekly, and monthly reports selected but never receive any reports. Is there a way to change the email address or add another email address to send reporting to? I assume it goes to the email on file under profile settings. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.