Jump to content

anyWARE-Mainz

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Reputation

1 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, since some time, we get these detections. It started with: Location: \u00dc\u0087\u00e4\u00bd\u0083\u00e3\u0095\u008d\u0002\u0018explorer.exe and later on we got: Location: ܇佃㕍explorer.exe I have no clue, what kind of malware this seems to be and where it resides or why there are displayed foreign characters in front of "explorer.exe". Anyone has a clue, how to proceed? We did scans with other antimalware-products, but did not find anything. Help appreciated, regards Daniel
  2. Well, but how to obtain "beta-updates" via OneView or Nebula console? As HangingWithDan wrote: Same issue we had on 3 different computers, word and excel, on different days. Regards, Daniel
  3. @LiquidTension No such file. Just a folder "*AppData\Local\Temp\mwbE39D.tmp" with a lot of files inside.
  4. @LiquidTension I will have a look into it. @alexl010 Yes we do. Did you find the source and a solution for it?
  5. ... and apologies - wrong forum as I see at the moment. Please move the thread to the business forum / endpoint protection. Thank you.
  6. Btw. - I can not edit my post, so this is, what the Support Tool says (see screenshot):
  7. Hi LiquidTension, where may I Upload the Log - any specific mailaddress? I will rather not upload them public.
  8. Hi, we got 2 different detections in the past 2 weeks on two different clients. Today it was: 1) Malware.Ransom.Agent.Generic C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk Blocked By Real-Time Protection 2) Malware.Ransom.Agent.Generic C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE Blocked By Real-Time Protection One or two weeks before before it was "Winword.exe" on a different client. The Product had to be repaired - restoring the .exe did not work. This is urgent, because just restoring out of quarantine does not work. Regards, Daniel
  9. The Excel Addin does not help, but the Resful API documentation would be helpful. Where may we get the documentation?
  10. Hello, thanks for your reply. The SQL-Database is only used, when on-premise. The Cloud-Console does not give "backend-access" as far as I know?! ... so there's the need of some kind of API or a possibility to get some client-information through local databases/registry. Did I write into the wrong forum? I thought, this is the right place for the could-variant. Regards Daniel
  11. Hi, as a MSP we use different monitoring-solutions. How may we/the monitoring-provider get informations about the Malwarebyte client-status? Regards Daniel
  12. I like to push this, regarding the time that has passed. Still no export/import option for settings? We like to use exclusion-/settings templates over all of our customers and have the need for documentation, so exporting into different formats is still important and import also. Beyond that a simple but effective documentation feature of all important settings would be great. Regarding the european law, auditors need documentation - especially for decurity products. Regards, Daniel
  13. Hi, as msp, we have some dificulties, to manage malwarebytes. First problem, we may not use one same mailadress for different customers as login. Our cusomers do not maintain their installations, but we do. Second, we may not send a on demand report to our ticket-system (no variable mailadress and no subject to enter). Reports will allways be mailed to the account-mailadress. Also a multi-tenant console would be great, where we may manage all of our customers. Any future plans for this? Is there a way to achieve our goals? Regards Daniel
  14. [...] You previously stated "Granted, we've never turned on active protection which may be the key " Correct - If you configure this, you are running the MBIR plugin which has zero IP blocking capability and would see no symptom [...] No, that was Kalrand (but interesting for me, too). I'm wondering, if we use "active protection" - I'm not sure, but I think "yes", if it is the term for "real-time protection". I like to provide some more information (did not want to hijack this thread, but it was interesting/informational - especially most bigger companies use more than 2 or 3 DCs). Here you are - maybe it helps - if you need more info, feel free to ask for: OS of 2 DCs: 2012 R2 Virtual: yes Roles: AD, DNS, one is DHCP Each DC/DNS points 1st to the other DC and 2nd to itself. Example: DC01: 192.168.0.2/192.168.0.1 DC02: 192.168.0.1/192.168.0.2 MBAM Options:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.