Jump to content

AlexLeadingEdge

Honorary Members
  • Posts

    155
  • Joined

  • Last visited

Posts posted by AlexLeadingEdge

  1. I'm seeing the same errors every reboot. Did jgphelps get a resolution? A reinstall of Malwarebytes doesn't fix the issue.

     

    2021-09-28 13:41:47,000 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pecsa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
    
    ***********************************************
    
    2021-09-28 13:41:47,001 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pem4a_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
    
    ***********************************************
    
    2021-09-28 13:41:47,002 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_polpa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
    
    ***********************************************
    
    2021-09-28 13:41:47,003 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posaa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
    
    ***********************************************
    
    2021-09-28 13:41:47,004 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posba_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
    
    ***********************************************
    
    2021-09-28 13:41:47,005 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_povbe7_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
       at System.ThrowHelper.ThrowKeyNotFoundException()
       at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
       at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()

     

  2. 4 minutes ago, Porthos said:

    We need the detection log to assist.

    I have sent the command to download the Diagnostic Logs, but I see the device has gone offline, which is not a shocker since it is 5:07pm now :)

  3. Hi guys,

    My client has just bought a brand new Surface Pro 7 and I'm seeing this popping up:

    Malware.Exploit.Agent.Generic    Blocked    AE    exploit    ComSpec=C:\windows\system32\cmd.exe    2021-09-08 03:49:42 PM

    Any ideas how I figure out what Malwarebytes is unhappy about?

  4. I see that VirusTotal isn't updating properly. If you hit "Reanalyse file" it doesn't seem to actually refresh the screen. If you close the tab and open it again to the same link it has updated to the correct details. Perhaps a caching issue. I only noticed it this time around because I hit refresh and it still said "last scanned 10 days ago" after refreshing.

    //Edit: Yep, it has done it again. Still saying 15 days after clicking "Reanalyse file".

  5. Hi guys,

    We are using OneView and I've just added a new computer to it. I ran a Scan & Quarantine on this new machine (a terminal server) and it found 40+ items. I never got an email notification about the detections, but my boss did. I looked in Nebula on the company site and everything is ticked for notifications, yet still no email.

    Any idea why I am not getting the emails but my boss is? We both use the same email system.

  6. Hi guys,

    I keep seeing this popping up in my quarantine:

    PUM.Optional.DisabledSecurityCenter Reg, Value PUM Quarantined    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY

    By default TS Plus turns off the AV notifications for some reason. Not sure why exactly, but I'd don't want to mess with the terminal server software so I want to whitelist it. We have third party AV with Malwarebytes and BitDefender, with BitDefender turning off Windows Defender anyway.

    Do I add the exclusion as:

    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER

    or

    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY

     

    I guess the question is if the dword or key is the object that I whitelist.

  7. The location is the SolarWinds Patch Management cache. I don't know what this file is, some sort of update patch for one of our software packages I assume.

    Two vendors have flagged it in VirusTotal. CrowdStrike gives it a 60% confidence that it is a virus.

    https://www.virustotal.com/gui/file/1519a153cd3b93c1e56ad5f6ffc98195e2c68e963a14a74558b7b4c0adbf4e55/detection

     

    C:\PROGRAMDATA\MSPPLATFORM\FILECACHESERVICEAGENT\CACHE\A3B68742-F6D4-4DF1-B217-B7EC66B4C314.1.EXE

     

    File attached with password 'infected'

    a3b68742-f6d4-4df1-b217-b7ec66b4c314.1.zip

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.