OldMainframeGuy
-
Posts
51 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by OldMainframeGuy
-
-
Hello...is there any update on this? Is there additional information you need?
-
Running MBAM 4.5.18.226, update package 1.0.63238, component package 1.0.1823 on Windows 10 Pro 64-bit. This morning I upgraded digiKam from version 7.8.0 to 7.9.0. I've been using it for a few hours and suddenly MBAM flags it as ransomware.
False positive (I hope?)
Edit - log attached.
RobdigiKam.txt
-
All is well again; thanks for adding a little bit of excitement to our day. 😄
-
I finally had to shut MB down. I guess if you're going to have a false positive to a domain, you might as well go all the way and make it google.com.
- 1
- 3
-
Ditto; lots of Google sites being blocked. Happening in my e-mail client and Firefox.
-
Cli: I rebooted, updated Malwarebytes, restored the quarantined program and retested and all is well. Thanks for the quick resolution. If it's any help, when Malwarebytes flags the program as ransomware, it's at the time when I click on "Delete the files" (e.g. delete the files I've marked as duplicates).
Rob
-
Apologies; I replied back to the thread I started originally but I don't know if it will get noticed. Yesterday MBAM was upgraded to version 4.5.6 and DuplicateCleaner, previously whitelisted, is again being flagged as ransomware.
Log files attached.
Rob
-
After updating to version 4.5.6, Malwarebytes is again flagging DuplicateCleaner5 as ransomware. Can something be done about this please?
-
Logs attached. Since I originally posted this I updated MB ("Check for update") and re-installed the newer version of DuplicateCleaner5. I am no longer getting the ransomware alert. This was the text from the original alert:
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 3/11/22
Protection Event Time: 2:58 PM
Log File: 9b5beb04-a175-11ec-bfc0-fc3497a11518.json-Software Information-
Version: 4.5.5.175
Components Version: 1.0.1621
Update Package Version: 1.0.52195
License: Premium-System Information-
OS: Windows 10 (Build 19044.1586)
CPU: x64
File System: NTFS
User: System-Ransomware Details-
Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Duplicate Cleaner 5\Duplicate Cleaner 5.exe, Quarantined, 0, 392685, 0.0.0, 8acec432cbc01bcf00ab9c3f1990a5d8, 0c2175649ac0ddd85f7bf14f70ae994e4209a855d85d6aedc12096e321f65830
(end)I hope this helps!
Rob
-
I reinstalled the previous version of the program so I don't currently have the one that tripped the ransomware alert. Which log file are you looking for?
Rob
-
Today I upgraded DuplicateCleaner5 from version 5.0.13 to 5.14 and when I used its 'delete duplicate files' feature Malwarebytes intervened to prevent a ransomware attack - "Malware.Ransom.Agent.Generic". I uninstalled the new version and reinstalled the old and everything is OK right now. I'm thinking this is a false positive since it was downloaded directly from the publisher's site.
https://www.digitalvolcano.co.uk/duplicatecleaner.html
I also posted this on Digital Volcano's support forum.
Rob
-
Yesterday MBAM was updated to version 4.5.4 on Windows 10 21H2. This morning when I started my PC I noticed that MBAM was not running. I checked Settings->Security and saw that Windows Startup was off. It was on prior to the upgrade. I don't know if this is by design.
Rob
-
Thank you; this resolves the problem. Is this an issue with MBAM or should this remain unchecked "forever"?
Rob
-
Windows 10-64 21H1 w/MBAM 4.4.5. Every once in a while if I start LibreOffice (latest version, 7.2.0.4) , MBAM blocks it. Here's the details:
-Software Information-
Version: 4.4.5.130
Components Version: 1.0.1430
Update Package Version: 1.0.44501
License: Premium-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: System-Exploit Details-
File: 0
(No malicious items detected)Exploit: 1
Malware.Exploit.Agent.Generic, ComSpec=C:\Windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, ,-Exploit Data-
Affected Application: LibreOffice
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office WMI abuse blocked
File Name: ComSpec=C:\Windows\system32\cmd.exe
URL:
Attempting to start LibreOffice a second time works. Is anyone else seeing this?Rob
-
I think I'm good now that I understand what's going on. Thank you for your help.
Rob
-
Exile360: Thanks for your reply. When I click on the Scan card I do not see a scan in progress when the Update button isn't working - however, I believe that this is related to my torrent program, qBittorrent. When qBittorrent is running, the Update button does not work; if I shut down qBittorrent, the Update button works, so maybe it's related to something Malwarebytes is monitoring within qBittorrent?
If this is the behavior I can certainly live with it since I'm not running qBittorrent all day.
Rob
-
I'm running Malwarebytes Premium version 4.4.0.117, update version 1.0.41943, component package version 1.0.1318 on Windows 10-64 version 21H1 . I don't know when this started happening but the "Check for Updates" button on the Settings/General page stops working after the PC has been running for a while; I click on it and nothing happens. If I reboot the PC, the button checks for updates but eventually stops working again.
Any cures for this? I've tried shutting down Malwarebytes and restarting it but it doesn't help.
Rob
-
I've installed the latest version of digiKam (version 7.2.0 from digikam.org). The download suggested this site which was blocked by Malwarebytes:
https://mirror.math.princeton.edu/pub/kde/ftp/ I tried an alternate site and that worked. Now when I start the program it wants to download some additional files from the Princeton site and Malwarebytes is blocking the download. Is this a false positive?
-
I also have an SSD though my PDF documents are on a conventional disk. I just tried this again and noticed that I am no longer having the problem and I definitely was earlier; I tried with several PDF documents. I also notice that when I filed the first post I was on update 1.0.25272; now MBAM is on update 1.0.25284. Is it possible an update fixed the problem?
Rob
-
Running MBAM Premium 4.1.0.56, update 1.0.25272, component package 1.0.931 on Windows 10-64 1909. I don't know when this might have started but today I noticed that opening a PDF document with Adobe Reader is extremely slow (20-30 seconds). I opened a document and Sysinternals Process Explorer said mbamservice.exe was using 50% of the machine. I opened MBAM and stopped all of the real-time services and the PDF document opened immediately. I then turned them back on, one by one; enabling malware protection is what's causing the slow opening.
Is anyone else seeing this?
Rob
-
Browser Guard is blocking the download function at this site:
https://www.ashampoo.com/en/usd/psr/0474/office-software/pdf-pro-2
Bypassed the block, downloaded the file, scanned with Windows Defender and MBAM and file is clean.
Rob
-
Ashampoo PDF Free is also blocked:
https://cdn1.ashampoo.net/public/ashglob/0074/ashampoo_pdf_free_26507.exe
Rob
-
I think this has been fixed in the latest update to 4.0.4. I reinstalled 4.0.4, clicked on "Check for updates" and I haven't had any problems since.
-
50 minutes ago, Porthos said:
I just use what seems to work for me and my clients. Of course, I have lifetime licenses for all my computers and about 80% of my clients do as well. It is a win-win situation for me.
With the above being said, I would buy the subscription any day if I needed it.
I couldn't agree more; I also have one lifetime license and I often kick myself for not buying two. Does Malwarebytes offer less protection (or functionality) when running as a "secondary" product alongside Defender as opposed to running it in place of Defender?
digiKam version 7.9.0 flagged with Malware.Ransom.Agent.Generic
in Ransomware
Posted
Atribune: Thanks for the update!
Rob