Jump to content

wcutler

Members
  • Content Count

    37
  • Joined

  • Last visited

About wcutler

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. attached is the file. I understand that you said it was fixed but it still happened today. pc was on all weekend so it was getting the updates according to your logs ACE.zip
  2. logs files from client Logs.zip
  3. everything i am giving you is coming from the console which is matching up with whats on the client
  4. here is the system logs 6/17/2019 10:12:52 AM Anti-Malware IP Protection started successfully 6/17/2019 10:12:52 AM Anti-Malware Starting IP protection 6/17/2019 10:12:52 AM Anti-Malware Database refreshed successfully 6/17/2019 10:12:48 AM Anti-Malware Database is upgraded to version v2019.06.17.08. Source: Management Server 6/17/2019 10:12:48 AM Anti-Malware IP Protection stopped successfully 6/17/2019 10:12:48 AM Anti-Malware Stopping IP protection 6/17/2019 10:12:48 AM Anti-Malware Starting database refresh 6/17/2019 7:52:06 AM Anti-Malware IP Protection started successfully 6/17/2019 7:52:05 AM Anti-Malware Starting IP protection 6/17/2019 7:52:05 AM Anti-Malware Database refreshed successfully 6/17/2019 7:52:02 AM Anti-Malware Database is upgraded to version v2019.06.17.07. Source: Management Server 6/17/2019 7:52:02 AM Anti-Malware IP Protection stopped successfully 6/17/2019 7:52:02 AM Anti-Malware Stopping IP protection 6/17/2019 7:52:02 AM Anti-Malware Starting database refresh 6/17/2019 5:26:18 AM Anti-Malware IP Protection started successfully 6/17/2019 5:26:18 AM Anti-Malware Starting IP protection 6/17/2019 5:26:18 AM Anti-Malware Database refreshed successfully 6/17/2019 5:26:14 AM Anti-Malware Database is upgraded to version v2019.06.17.06. Source: Management Server 6/17/2019 5:26:14 AM Anti-Malware IP Protection stopped successfully 6/17/2019 5:26:14 AM Anti-Malware Stopping IP protection 6/17/2019 5:26:14 AM Anti-Malware Starting database refresh 6/17/2019 4:36:00 AM Anti-Malware IP Protection started successfully 6/17/2019 4:36:00 AM Anti-Malware Starting IP protection 6/17/2019 4:36:00 AM Anti-Malware Database refreshed successfully 6/17/2019 4:35:56 AM Anti-Malware IP Protection stopped successfully 6/17/2019 4:35:56 AM Anti-Malware Stopping IP protection 6/17/2019 4:35:56 AM Anti-Malware Starting database refresh 6/17/2019 4:35:56 AM Anti-Malware Database is upgraded to version v2019.06.17.05. Source: Management Server 6/17/2019 2:25:17 AM Anti-Malware IP Protection started successfully
  5. malwarebytes still quarantining ace.dll. Whats up?
  6. wcutler

    paprport.exe

    03/18/19 " 09:44:55.624" 346415632 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1163 "Received threat detection callback from ARW SDK, ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, Sha256Hash=e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1" 03/18/19 " 09:44:55.655" 346415664 11c8 0ecc DEBUG CleanControllerImpl mb::cleanctlrimpl::whitelist::SystemProtectedWhiteLister::IsObjectWhiteListed "systemprotectedwhitelister.cpp" 63 "SystemProtectedWhiteLister 'C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe' => 'Unknown'" 03/18/19 " 09:45:08.088" 346428097 11c8 0ecc DEBUG MBAMCoreImpl MBAMCoreImpl::ClassifyFile "mbamcoreimpl.cpp" 274 "File was successfully classified. FilePath=<C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe>. Status=<Unknown Object>." 03/18/19 " 09:45:08.416" 346428425 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1188 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, id=0x0" 03/18/19 " 09:45:33.926" 346453931 11c8 19a0 DEBUG AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwCleanupScheduler::ContainThreatsToRemediate "arwcleanupscheduler.cpp" 674 "Received a results callback from ARW SDK - ObjectPath = C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, RegObjectPath = , ActionTaken=ARW_ACTION_KILL_PROCESS, Result = ARW_RESULT_SUCCESS, Type = Trace::OBJECTTYPE_FILE, RebootRequired = No" 03/18/19 " 09:54:52.937" 422637 1294 1454 DEBUG TelemCtrlImpl TelemetryControllerImpl::SendTelemetryRecord "telemetrycontrollerimplhelper.cpp" 1882 "Sending Telemetry Record: {""client"":{""architecture"":""x64"",""build"":""business"",""caller"":{""name"":""ARWController"",""trigger"":""Detection""},""filesystem"":""ntfs"",""os_version"":""Windows 7 Service Pack 1"",""program"":""MBRW-B"",""version"":""0.9.18.806""},""header"":{""installation_token"":""E1zQCHWxzpraKTqMyLyi1548698427"",""machine_id"":""db8f980da2439a7c0db72fca78a21c02c273396d"",""time"":""2019-03-18T09:45:34-04:00""},""license"":{""license_state"":""licensed""},""nebula"":{""nebula_account_id"":"""",""nebula_ea_plugin_version"":"""",""nebula_ea_version"":"""",""nebula_group_id"":"""",""nebula_job_id"":"""",""nebula_machine_id"":"""",""nebula_machine_name"":"""",""nebula_origin"":"""",""nebula_policy_etag"":"""",""nebula_policy_id"":"""",""nebula_schedule_etag"":"""",""nebula_schedule_id"":""""},""ransomware"":{""detections"":[{""disposition"":""ARW_ACTION_KILL_PROCESS"",""md5hash"":""e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1"",""pid"":1712,""proc_path"":""C:\\Program Files (x86)\\ScanSoft\\PaperPort\\PaprPort.exe""}]}}"
  7. wcutler

    paprport.exe

    this is where I found it - 😄\ProgramData\Malwarebytes\MB3Service\logs MBAMSERVICE.zip
  8. wcutler

    paprport.exe

    still getting reports of paprport.exe being blocked by anti-ransomware
  9. wcutler

    paprport.exe

    there is nothing in the quarantine below is from the user The workstation has given this Malware message on Tues and Wed. When this message appears, the PaperPort scanning program stops working and doesn't work even if the computer is rebooted. If I go into Documents and delete or move all the scans that were completed before, it will function again.
  10. wcutler

    paprport.exe

    file from pc PaprPort.zip
  11. wcutler

    paprport.exe

    c:\program files (x86)\scansoft\paperport\paprport.exe is being flagged as ransomware
  12. JUST GOT A NEW UPDATE DATABASE AND IT IS WORKING?!?!?!?!?!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.