Jump to content


  • Content Count

  • Joined

  • Last visited

About wcutler

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. wcutler


    03/18/19 " 09:44:55.624" 346415632 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1163 "Received threat detection callback from ARW SDK, ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, Sha256Hash=e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1" 03/18/19 " 09:44:55.655" 346415664 11c8 0ecc DEBUG CleanControllerImpl mb::cleanctlrimpl::whitelist::SystemProtectedWhiteLister::IsObjectWhiteListed "systemprotectedwhitelister.cpp" 63 "SystemProtectedWhiteLister 'C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe' => 'Unknown'" 03/18/19 " 09:45:08.088" 346428097 11c8 0ecc DEBUG MBAMCoreImpl MBAMCoreImpl::ClassifyFile "mbamcoreimpl.cpp" 274 "File was successfully classified. FilePath=<C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe>. Status=<Unknown Object>." 03/18/19 " 09:45:08.416" 346428425 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1188 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, id=0x0" 03/18/19 " 09:45:33.926" 346453931 11c8 19a0 DEBUG AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwCleanupScheduler::ContainThreatsToRemediate "arwcleanupscheduler.cpp" 674 "Received a results callback from ARW SDK - ObjectPath = C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, RegObjectPath = , ActionTaken=ARW_ACTION_KILL_PROCESS, Result = ARW_RESULT_SUCCESS, Type = Trace::OBJECTTYPE_FILE, RebootRequired = No" 03/18/19 " 09:54:52.937" 422637 1294 1454 DEBUG TelemCtrlImpl TelemetryControllerImpl::SendTelemetryRecord "telemetrycontrollerimplhelper.cpp" 1882 "Sending Telemetry Record: {""client"":{""architecture"":""x64"",""build"":""business"",""caller"":{""name"":""ARWController"",""trigger"":""Detection""},""filesystem"":""ntfs"",""os_version"":""Windows 7 Service Pack 1"",""program"":""MBRW-B"",""version"":""""},""header"":{""installation_token"":""E1zQCHWxzpraKTqMyLyi1548698427"",""machine_id"":""db8f980da2439a7c0db72fca78a21c02c273396d"",""time"":""2019-03-18T09:45:34-04:00""},""license"":{""license_state"":""licensed""},""nebula"":{""nebula_account_id"":"""",""nebula_ea_plugin_version"":"""",""nebula_ea_version"":"""",""nebula_group_id"":"""",""nebula_job_id"":"""",""nebula_machine_id"":"""",""nebula_machine_name"":"""",""nebula_origin"":"""",""nebula_policy_etag"":"""",""nebula_policy_id"":"""",""nebula_schedule_etag"":"""",""nebula_schedule_id"":""""},""ransomware"":{""detections"":[{""disposition"":""ARW_ACTION_KILL_PROCESS"",""md5hash"":""e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1"",""pid"":1712,""proc_path"":""C:\\Program Files (x86)\\ScanSoft\\PaperPort\\PaprPort.exe""}]}}"
  2. wcutler


    this is where I found it - 😄\ProgramData\Malwarebytes\MB3Service\logs MBAMSERVICE.zip
  3. wcutler


    still getting reports of paprport.exe being blocked by anti-ransomware
  4. wcutler


    there is nothing in the quarantine below is from the user The workstation has given this Malware message on Tues and Wed. When this message appears, the PaperPort scanning program stops working and doesn't work even if the computer is rebooted. If I go into Documents and delete or move all the scans that were completed before, it will function again.
  5. wcutler


    file from pc PaprPort.zip
  6. wcutler


    c:\program files (x86)\scansoft\paperport\paprport.exe is being flagged as ransomware
  8. https://www.sophos.com/en-us/products/intercept-x.aspx
  9. RubbeR DuckY Topic Starter Marcin Root Admin 4,229 posts Report post #38 Posted just now One last note: turning off Web Protection temporarily is an interim solution. Team has identified issue, I will update everyone shortly.
  10. RubbeR DuckY Topic Starter Marcin Root Admin 4,229 posts Report post #38 Posted just now One last note: turning off Web Protection temporarily is an interim solution. Team has identified issue, I will update everyone shortly.
  11. https://forums.malwarebytes.com/topic/219996-important-web-blocking-ram-usage-issue/
  12. MysteryFCM Forum Deity Staff 6,768 posts Location: Tyneside, UK Report post #29 Posted 1 hour ago I'm currently talking to both one of the developers and one of the support team (he's been able to reproduce it) to try and find out what is going on. As soon as we have an update as to the cause, I'll post back. Quote Steven Burn Web Protection Team Lead Follow us: Twitter, Become a fan: Facebook
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.