BillH99999
-
Posts
837 -
Joined
-
Last visited
-
Days Won
2
Content Type
Events
Profiles
Forums
Posts posted by BillH99999
-
-
-
Not sure what happened, but tonight I updated to 4.4.7.134 1.0.1464 and I did not get the prompt to install Browser Guard.
Bill
-
OK... no problem. I'll look forward to a fix in a future version.
Bill
-
It's been three days with no word so I am just checking to see if the logs showed anything of use.
Bill
-
Sorry it took so long, I was tied up doing yard work and didn't see the postings. Here are the logs.
Bill
-
I just ran a threat scan and the file was not flagged.
Thanks,
Bill -
Then why have I gotten it with the last two updates? I have browser guard installed on all my browsers and it is active on all of them.
Bill
-
-
I am getting a false positive on SPFLite 2 again. This was reported and fixed back in July, but has returned.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 9/10/21
Scan Time: 12:01 AM
Log File: dab5073c-1204-11ec-a832-b88584a6ed27.json-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.44787
License: Premium-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: System-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 359703
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 4 min, 39 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\SPFLITE2\CFGMAINT.EXE, No Action By User, 0, 392687, 1.0.44787, , shuriken, , C9051A8048FF21A1A03F4C3E4DB0E0C8, 1517315B1BDD72091CB41EFDD1603AD9CBFFE83D35A2CC50F6253639D0B2D5A6Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
It is active on all of my browsers.
-
This happens to me as well. I have Browser Guard installed on all my browsers... Chrome, Firefox, and Edge.
Bill
-
If you know the password can't you just go into Settings > General and turn off user access?
Bill
-
I have run Norton and Malwarebytes together for years with no problem. Even with no exclusions in the two products it runs fine for me. However, just to be on the safe side I did add the exclusions a few years ago.
Bill
- 1
-
I agree. The position of the toggle was confusing. I also thought at first that it was enabling RDP rather than enabling BFP. I did go ahead and enable it after watching the video about BFP.
I think it would be a lot clearer if the toggle was next to BFP rather than next to RDP.
Bill
- 2
-
OK... thanks. In any case I have turned that option off so hopefully won't run into this situation again.
Thanks,
Bill- 1
-
I guess I still don't understand. I thought it was only detected because I had "Use expert system algorithms to identify malicious files" enabled. Why would the database version make any difference - or- does this option rely on the database for it's detections?
Bill
-
Well... my scheduled threat scan which ran at 12:01 AM on 7/10 didn't detect it, but my scheduled custom scan which ran at 12:15 AM on 7/10 did detect it. Hence my original question about why a custom scan would detect it, but a threat scan wouldn't. The file was C:\PROGRAM FILES (X86)\SPFLITE2\LIB\THINBASIC_TRACE.DLL and it was there for both scans.
Bill
-
2 hours ago, Porthos said:
Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.
I guess that was my question. If it is supposed to check all program folders, then why didn't the threat scan detect it? If was in a subfolder of Program Files (x86). The custom scan did detect it.
Bill
-
Thank for the info.
I have run the program that this is part of on numerous occasions without getting anything detected even though the custom scan detected it. I guess this means the program didn't execute this particular .DLL. I think I'll keep running my custom scan as it did detect it.
Thanks,
Bill
-
I would have thought that C:\PROGRAM FILES (X86) and it's subdirectories would have been "malware related areas". Is that not the case? Is there a list somewhere of what areas the threat scan looks at?
I have seen on these boards many times that custom scans are not needed and that threat scan are sufficient. This would seem to refute that idea.
Bill
-
Why was this detected in a scheduled custom scan, but not in a scheduled threat scan or a user initiated threat scan?
Bill
-
-
That setting was turned on. I don't remember ever turning it on, but maybe I did and just don't remember. I turned it off.
How about "Use artificial intelligence to detect threats"? I don't remember turning that on either. Is it on by default? Should I leave it on?
Another question. Why was this detected in a scheduled custom scan, but not in a scheduled threat scan or a user initiated threat scan?
Thanks,
Bill -
Here is another component of SPFLite which was flagged today.
Thanks,
Bill
Tamper Protection question
in Malwarebytes for Windows Support Forum
Posted
A question on tamper protection. I just used the Malwarebytes Support tool to uninstall and re-install Malwarebytes. It was able to uninstall Malwarebytes without asking for the password even though I have Malwarebytes tamper protection set to require a password for uninstallation.
Should this be possible? I thought the tamper protection setting should require a password before the uninstall took place.
Bill