-
Posts
1,009 -
Joined
-
Last visited
-
Days Won
3
Content Type
Events
Profiles
Forums
Posts posted by Massimiliano
-
-
Already done on Friday evening, as you advised me before split the discussion.
He disabled the experimental function.
He restored the files so that you could have them analyzed
At this point I would just like to know if the two files are dangerous and if it is better to permanently remove them without risking damaging the system or some application.
-
-
Quote
On 6/12/2021 at 1:22 PM, Xauma 95 said:
I've installed the lastest version and it asked me to install rosetta, but when i look the activity monitor it says malwarebytes is apple class, did something went wrong or it was normal?
On 6/12/2021 at 6:54 PM, Xauma95 said:
Still wondering why it asked me to install Rosetta as this version of malwarebytes is universal and on my activity monitor says apple class.
On 6/13/2021 at 4:31 AM Alvarnell said:
Possibly because there is a component that is not the app executable itself that hasn't been made universal yet. Something the coders will need to look into.
@treed , or another staff member, can you explain why?
Thanks
-
22 minutes ago, Xauma95 said:
Ok, thanks. One more question, the 2 layers of protection (malware and app block) are inside RTProtectionDaemon process or is there any other process i should have?
I'm inside RTProtectionDaemon which is supposed to handle the scan as well
-
The only two I've used are ka-block! and 1Blocker (I only use Safari) and I've never had any such problems
-
Just now, Xauma95 said:
Still wondering why it asked me to install Rosetta as this version of malwarebytes is universal and on my activity monitor says apple class.
This can only be said by a member of staff
-
4 minutes ago, Xauma95 said:
I can't find any report about definition updates, maybe because i just installed malwarebytes today and can't see what version i have, i only know malwarebytes version 4.10.4
That's exactly how I wrote you. Something must have changed in the last two versions.
You will surely see it on the first available update. However, it is not certain that it will be released this monthYou can rest assured. With Malwarebytes and a good ad blocker you are more than protected on the Mac.
If you use Chrome (or its derivatives) or Firefox you can use Malwarebytes Browser Guard (which is free) Malwarebytes Browser Guard
On Safari there is (always free) ka-block! (or 1blocker if budget permits which has a lot more features - I use this and I'm fine with it but if I were you, I would download ka-block for the time being! because the free Malwarebytes extension will be released soon, although not c 'is still a precise date; it can still be combined with 1blocker for those like me who have already bought it) -
Up to Intel-only versions when you installed Malwarebytes the definitions were updated and you could see them.
Now this doesn't happen anymore, probably when you download the installer it already contains the updated definitions (but I'm not sure).
As soon as they are updated (now there should be version 4.0.547 of 05/27/2021 - I keep a text file where at each update I take a note - if I have not forgotten to mark it but at most it could be one more version) you can see in the survey history -> Report tab. I mark it on a file precisely because I clean old reports from time to time.However, consider that if on Windows they are updated several times a day on macOS this does not happen because the total of Malware existing for macOS (since 2001) perhaps corresponds approximately to the number of malware produced in an hour for Windows.
On macOS 1 new malware in a month is already to be considered a particularly exceptional situation. @treed, @adas or another staff memberwill be able to clarify you better.Malwarebytes on my Mac is set up like this (see screenshots)
Enabling betas is a very personal choice. One scheduled scan per day is enough, doing it every 12 hours is my personal preference- 1
-
-
40 minutes ago, Porthos said:
Restore them and zip them up and attach so staff can check out.
Here are the two files. The zipped file is freely unpackable
42 minutes ago, Porthos said:Could you grab a log from the web block.
For this it will take a few days until he returns to the area; in the meantime, explain to me what you need and as soon as possible I upload them to the forum
-
3 minutes ago, Porthos said:
Are you remote accessing the PC?
No, but by contacting her for the two executables, I can know when she is back in the area and update you on the matter. Give me a few minutes
-
1 minute ago, Porthos said:
You personally are a Mac user correct?
I use both systems (I have used Windows for many years - and still have a PC that I use very little, but for several years now I have preferred the Mac and Apple products in general)
-
1 minute ago, Porthos said:
Restore them and zip them up and attach so staff can check out.
As for the two files, it is simpler, and I can do it by driving it over the phone
-
3 minutes ago, Porthos said:
Could you grab a log from the web block.
How should it be done?
Because, not being able to access the PC, for a few days, it could become complicated as the person concerned is not particularly computer savvy
-
Ok. I tell her to disable it
For those two files it is better to restore them from the Quarantine, in your opinion, given the names?
-
Just now, Porthos said:
These are found because you have
Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.
Should she disable it or keep it enabled?
-
Malwarebytes made the following blocks on the PC of a relative of mine (See screenshot) so she asked me for help
The first two executable files, which are in quarantine are:
- C:\users\user\AppData\Local\Microsoft\WindowsINetCache\IE\EWO26025\G2MCoreInstExtractor\_19709_19584[1].exe
- C:\users\user\AppData\Local\Microsoft\WindowsINetCache\IE\KOKRTQIU\G2MCoreInstExtractor\_19228_18962[1].exe
The site was then blocked
www.campagnamica.it
which is a site linked to Coldiretti (association of Italian growers)
This is the response of VirusTotal
This domain has also been blocked several times
v4clientoss-cn-hangzhou.aliyuncs.com
This is the response of VirusTotal
Can you tell me if they are false positives or if they are a risk?
At the moment I am unable to make any access to that PC because it is several kilometers away from me
I await an answer on the matter and in the meantime thank you
Have a nice weekend
Massimiliano
I notice that Malwarebytes is missing from VirusTotal for URL scanning? It's normal?
@AdvancedSetup If it is not in the correct section, please postpone the discussion
-
2 hours ago, Xauma95 said:
Ok thanks, do you know if i can transfer my windows licence to my mac?
If you have a subscription license for one machine, you must first deactivate it on your PC and then activate it on your new Mac.
If the PC is no longer usable, you can deactivate it from your account on the my.malwarebytes.com websiteOn Windows it is deactivated from Malwarebytes settings-> account tab. On Mac you activate it at the same time as installation or later from the account settings tab.
ATTENTION. If yours was an old license of the LIFETIME type, this can be used forever, but only with the Windows operating system, and in that case you must purchase a new subscription key (1 machine about 40 € / year; with more machines you see the savings)
-
2 minutes ago, Xauma95 said:
Are those versions stable or beta? Sorry i haven't tried MBAM yet on my new mac because i was waiting for a native m1 version
Both are stable versions.
Version 4.10.4 is currently downloaded from the site (Link to download it) -
11 minutes ago, Xauma95 said:
Does anyone know when will be available the stable version of malwarebytes for M1 macs? Thanks in advance
Version 4.9.7 (released May 19, 2021) and following (therefore also the current 4.10.4) are native both M1 and x86 being an Apple universal binary
-
If you have free licenses (as you seem to understand) just open MALWAREBYTES FOR MAC
On the top bar there is a button next to the gear
If it says ACTIVATE LICENSE just click on it and a window will open where you can insert the ACTIVATION KEY
If it says MY ACCOUNT it should be active and clicking on it opens the window indicating the edition (PREMIUM with the activation key next to it), the status (PREMIUM) and THE EXPIRY DATE (the day before the renewal is carried out in order to always remain protected)
-
just one question: will Browser Guard be compatible with 1Blocker (which I just bought with a perpetual license)? If so, how?
I'm ready, as soon as available, to be a beta tester, of course.
- 1
-
The release of both will be the TOP but already having Browser Guard for Safari will be fantastic (especially for those like me who only use Safari)
THANK YOU VERY MUCH
- 1
-
46 minutes ago, treed said:
but we'll wait to see whether it remains a significant issue
In my opinion it is not a significant issue as at the moment, perhaps because the Mac is new, it does not seem to have a particular impact on the battery charge. Its presence, when there is, is independent of the type of power supply, however.
My repeated reports are mostly due to the fact that it had never happened in many years and therefore I thought it could be a problem and not for the possible impact on the battery.
In fact, it has not happened to me yet, even with a use of several hours, to drain the battery too much.(I assume for the optimization between CPU M1 and Big Sur that, even with demanding tasks such as high resolution HandBrake conversion of a video of almost 3 hours, it didn't overheat in the slightest. The MacBook Air, which is fanless, was barely warm at the end).
56 minutes ago, treed said:prioritizing over other things that may have a bigger positive impact on customer experience.
I don't know what you mean, but I hope it's web protection (hope, they say, is the last to die). Meanwhile, on your advice, I bought 1Blocker
- 1
Can you check this website?
in Firefox
Posted
The website
https://www.telecupole.com
is blocked by Malwarebytes Browser Guard for Firefox
I attach lock screen
I attach VirusTotal link
https://www.virustotal.com/gui/url/f7f82e133d8079f20553e4701332014f7f4026e5f76108a94923b41cfb776175/detection
On VirusTotal 5 security vendors flagged this URL as malicious
Specifically they are:
This is the website of an Italian regional television channel in Piedmont (Italy)
I attach Body SHA-256 Virus Total
cf30b2bc861a449fc72ea0c2d5f64f38de1d89fa2e2afda023be5e226642d062
Could it be a false positive or is it really dangerous?
Thank you
Good evening
Massimiliano