Jump to content

Loc2262

Members
  • Content Count

    22
  • Joined

  • Last visited

About Loc2262

  • Rank
    New Member
  1. Yes I just verified in the service log. I had not booted my Windows installation for a day. Today MWB definitions file was 1.0.6535 upon boot, and before it had a chance to update, Services.exe tried to download Windows updates and got blocked on the IP 8.248.97.254. Half a minute later it updated to 1.0.6547 and the block was gone. Thanks again!
  2. Hello blender! Yes, seems to be fixed. I tried telnet connect to port 80 on the IP and host, no blocking by MWB. Many thanks! Kind regards, Frank
  3. Protection Event Date: 8/29/18 Protection Event Time: 10:02 AM Log File: e2432946-ab61-11e8-88dd-408d5c5489c8.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.6535 License: Premium -System Information- OS: Windows 10 (Build 16299.611) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: 3.tlu.dl.delivery.mp.microsoft.com IP Address: 8.248.97.254 Port: [49765] Type: Outbound File: C:\Windows\System32\svchost.exe
  4. It almost seems like it's a beta (or developer) version that was incorrectly released to the public. I don't have the Beta option active but got .421 last night. In MBAMSERVICE.LOG I found those lines: 08/14/18 " 23:25:57.986" 11055703 0000 1ea4 INFO mbupdatr.exe e:\jenkins\workspace\a_mbam3_updaterexe\src\mbupdatr\mbupdatr.cpp "wmain" 476 "Updated module: AEControllerImpl.dll" 08/14/18 " 23:25:57.986" 11055703 0000 1ea4 INFO mbupdatr.exe e:\jenkins\workspace\a_mbam3_updaterexe\src\mbupdatr\mbupdatr.cpp "wmain" 476 "Updated module: ArwControllerImpl.dll" 08/14/18 " 23:25:57.986" 11055703 0000 1ea4 INFO mbupdatr.exe e:\jenkins\workspace\a_mbam3_updaterexe\src\mbupdatr\mbupdatr.cpp "wmain" 476 "Updated module: CleanControllerImpl.dll" 08/14/18 " 23:25:57.986" 11055703 0000 1ea4 INFO mbupdatr.exe e:\jenkins\workspace\a_mbam3_updaterexe\src\mbupdatr\mbupdatr.cpp "wmain" 476 "Updated module: CloudControllerImpl.dll" [...] Those lines usually occur during a CP update, but only name "mbupdatr.cpp" without the jenkins path. Also in the folder "Program Files\Malwarebytes\Anti-Malware\sdk" I found additional files named "mbam.tmf", "mbamchameleon.tmf", "mbamswissarmy.tmf" and "mwac.tmf" were installed. Those are ASCII files "trace message format" and seem to contain information for a debugger / windows function call trace utility. They are clearly from a development environment. The first few lines of "mbamswissarmy.tmf" e.g. read: // PDB: d:\Jenkins\workspace\N_Swissarmy_Kernel\src\..\bin\x64\Win7_Release\mbamswissarmy.pdb // PDB: Last Updated :2018-07-24:01:34:08:964 (UTC) [tracepdb] The MBAMSERVICE.LOG also refers to the TMF files in one line: 08/14/18 " 23:26:00.300" 11058015 0ef8 08c4 INFO SPSDK SetGpIfeoProtection "selfprotectionuser.cpp" 929 "Starting Wpp logging - path = C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sdk\MbamChameleon.tmf" Also the INF files for the drivers contain "incorrect" (old) version information. Except for the version line, they're identical to version .391. The version info in the driver SYS files themselves is okay. Catalog files and driver files are correctly signed. Maybe someone can provide some clarification why a regular update version contains such development related data?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.