Jump to content


Honorary Members
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About AlexLeadingEdge

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi guys, We have an accountant who has lost the uninstall file for a program called BankLink. BankLink has recently been bought by MYOB, a large accounting software firm in Australasia. Details as follows... Malware.AI.4214841433 File Malware Quarantined C:\BK5\UNINS000.EXE MD5: 3ebba8c2e66a5cb61d45e2101375dd6f https://www.virustotal.com/gui/file/e88d8112447beb30652d1e6da310dc51113b5cfa1f9248bf7d2c4e00daf7c287/detection File is attached, password is 'infected'. unins000.zip
  2. Password is 'infected'. Soda_PDF_7_Installer.zip
  3. Got this today, can someone please check if this is a false positive? Name Type Category Status Path Malware.AI.3861356229 File Malware Quarantined C:\USERS\ADMIN\DOWNLOADS\SODA_PDF_7_INSTALLER.EXE
  4. I would like to second the request for an "unqarantine and whitelist" option. Trying to find out what the MD5 is (not that MD5 seems to always work) or to create a wildcard file location in the whitelist options is tedious.
  5. I'm not sure what is going on but these files keep coming back each day. I ran ADWCleaner and it found files that Malwarebytes didn't. From the location we initially thought it was due to the client using their personal Gmail account to sync with their work Chome account, but after removing all the Chrome Extensions and then turning off the sync the issue remains, the same files are picked up and quarantined every day. Interestingly, when running two scans one after the other, the first scan finds the files and quarantines them, and the second scan doesn't find anything. The next day they are
  6. I released it, scanned the computer again and the file was picked up again.
  7. Hi guys, Just a quick update, the latest version is 3.5.2 and all their machines are on that version, so it looks like it is a leftover install file of no importance to the client.
  8. Hi guys, We are seeing C:\USERS\REDACTED\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{ECF6FE39-A8B0-411B-83AC-75A17875FE6F}\RSERV34.MSI It is a remote access tool that our client uses to access all the point of sale machines. This is a tough one, given it could probably be abused, but so could other remote access tools such as TeamViewer, and TeamViewer isn't detected as malware. Can an admin please let me know who wants to take a look at this and I will upload log files to that person.
  9. Hi cli, How do I do this in OneView? Also, is there a way I can do this without putting it on an open forum? Privacy is an issue here.
  10. Hi guys, There is an install file that are being Quarantined by Malwarebytes Endpoint. The detection name is MachineLearning/Anomalous.100% The location is: C:\CompanyData$\Itsupport\Brookers\folio432\Libmangr\libmangr.exe This is a network shared location, and we have no reason to believe it is indeed infected. What other information do you need to whitelist this?
  11. Hi guys, I have just installed Malwarebytes Endpoint Protection on an Exchange server and it is trying to force a reboot. It gives me the option to postpone, but says it will reboot in ~540 minutes regardless, which is about 9 hours from now. I want to set the reboot time to a time of my choosing, not when Malwarebytes declares it will happen. It is a production server which will affect hundreds of people, so the timing has to be carefully managed so it is out of hours but doesn't reboot during the daily backups. I can't seem to see anything in the OneView or Nebula consoles to
  12. Thanks for you reply Exile360. I had a chat with a senior technician at Malwarebytes Support and they said just to Control + Right click on the Malwarebytes icon and select "Stop Malwarebytes Service" and turn it on again when I'm done.
  13. Hi guys, We asked Malwarebytes Support how to temporarily disable Malwarebytes while we do server upgrades but they came back with this long-winded multi-step answer (below). Can I make a request for a simple button / Action that allows us to pause the Real-Time Protection for 15-60 minutes? ******************************* Incident Response for Endpoint ProtectionIncident Response is a component of Endpoint Protection with all the real-time protection layers disabled. This can be utilized when RTP is not required but you would still like to run threat scans. Login
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.