anyWARE-Mainz
Honorary Members-
Posts
33 -
Joined
-
Last visited
Reputation
1 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Hi, since some time, we get these detections. It started with: Location: \u00dc\u0087\u00e4\u00bd\u0083\u00e3\u0095\u008d\u0002\u0018explorer.exe and later on we got: Location: ܇佃㕍explorer.exe I have no clue, what kind of malware this seems to be and where it resides or why there are displayed foreign characters in front of "explorer.exe". Anyone has a clue, how to proceed? We did scans with other antimalware-products, but did not find anything. Help appreciated, regards Daniel
-
Hi, we got 2 different detections in the past 2 weeks on two different clients. Today it was: 1) Malware.Ransom.Agent.Generic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk Blocked By Real-Time Protection 2) Malware.Ransom.Agent.Generic C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE Blocked By Real-Time Protection One or two weeks before before it was "Winword.exe" on a different client. The Product had to be repaired - restoring the .exe did not work. This is urgent, because just restoring out of quarantine does not work. Regards, Daniel
-
Cloud-Console API für monitoring products
anyWARE-Mainz replied to anyWARE-Mainz's topic in Malwarebytes Nebula
The Excel Addin does not help, but the Resful API documentation would be helpful. Where may we get the documentation? -
Cloud-Console API für monitoring products
anyWARE-Mainz replied to anyWARE-Mainz's topic in Malwarebytes Nebula
Hello, thanks for your reply. The SQL-Database is only used, when on-premise. The Cloud-Console does not give "backend-access" as far as I know?! ... so there's the need of some kind of API or a possibility to get some client-information through local databases/registry. Did I write into the wrong forum? I thought, this is the right place for the could-variant. Regards Daniel -
Hi, as a MSP we use different monitoring-solutions. How may we/the monitoring-provider get informations about the Malwarebyte client-status? Regards Daniel
-
I like to push this, regarding the time that has passed. Still no export/import option for settings? We like to use exclusion-/settings templates over all of our customers and have the need for documentation, so exporting into different formats is still important and import also. Beyond that a simple but effective documentation feature of all important settings would be great. Regarding the european law, auditors need documentation - especially for decurity products. Regards, Daniel
-
Hi, as msp, we have some dificulties, to manage malwarebytes. First problem, we may not use one same mailadress for different customers as login. Our cusomers do not maintain their installations, but we do. Second, we may not send a on demand report to our ticket-system (no variable mailadress and no subject to enter). Reports will allways be mailed to the account-mailadress. Also a multi-tenant console would be great, where we may manage all of our customers. Any future plans for this? Is there a way to achieve our goals? Regards Daniel
-
Malwarebytes Endpoint Protection on VM's
anyWARE-Mainz replied to WORKS2016's topic in Malwarebytes Nebula
[...] You previously stated "Granted, we've never turned on active protection which may be the key " Correct - If you configure this, you are running the MBIR plugin which has zero IP blocking capability and would see no symptom [...] No, that was Kalrand (but interesting for me, too). I'm wondering, if we use "active protection" - I'm not sure, but I think "yes", if it is the term for "real-time protection". I like to provide some more information (did not want to hijack this thread, but it was interesting/informational - especially most bigger companies use more than 2 or 3 DCs). Here you are - maybe it helps - if you need more info, feel free to ask for: OS of 2 DCs: 2012 R2 Virtual: yes Roles: AD, DNS, one is DHCP Each DC/DNS points 1st to the other DC and 2nd to itself. Example: DC01: 192.168.0.2/192.168.0.1 DC02: 192.168.0.1/192.168.0.2 MBAM Options: