wcutler

attached is the file. I understand that you said it was fixed but it still happened today. pc was on all weekend so it was getting the updates according to your logs ACE.zip

logs files from client Logs.zip

everything i am giving you is coming from the console which is matching up with whats on the client

here is the system logs 6/17/2019 10:12:52 AM Anti-Malware IP Protection started successfully 6/17/2019 10:12:52 AM Anti-Malware Starting IP protection 6/17/2019 10:12:52 AM Anti-Malware Database refreshed successfully 6/17/2019 10:12:48 AM Anti-Malware Database is upgraded to version v2019.06.17.08. Source: Management Server 6/17/2019 10:12:48 AM Anti-Malware IP Protection stopped successfully 6/17/2019 10:12:48 AM Anti-Malware Stopping IP protection 6/17/2019 10:12:48 AM Anti-Malware Starting database refresh 6/17/2019 7:52:06 AM Anti-Malware IP Protection started successfully 6/17/2019 7:52:05 AM Anti-Malware Starting IP protection 6/17/2019 7:52:05 AM Anti-Malware Database refreshed successfully 6/17/2019 7:52:02 AM Anti-Malware Database is upgraded to version v2019.06.17.07. Source: Management Server 6/17/2019 7:52:02 AM Anti-Malware IP Protection stopped successfully 6/17/2019 7:52:02 AM Anti-Malware Stopping IP protection 6/17/2019 7:52:02 AM Anti-Malware Starting database refresh 6/17/2019 5:26:18 AM Anti-Malware IP Protection started successfully 6/17/2019 5:26:18 AM Anti-Malware Starting IP protection 6/17/2019 5:26:18 AM Anti-Malware Database refreshed successfully 6/17/2019 5:26:14 AM Anti-Malware Database is upgraded to version v2019.06.17.06. Source: Management Server 6/17/2019 5:26:14 AM Anti-Malware IP Protection stopped successfully 6/17/2019 5:26:14 AM Anti-Malware Stopping IP protection 6/17/2019 5:26:14 AM Anti-Malware Starting database refresh 6/17/2019 4:36:00 AM Anti-Malware IP Protection started successfully 6/17/2019 4:36:00 AM Anti-Malware Starting IP protection 6/17/2019 4:36:00 AM Anti-Malware Database refreshed successfully 6/17/2019 4:35:56 AM Anti-Malware IP Protection stopped successfully 6/17/2019 4:35:56 AM Anti-Malware Stopping IP protection 6/17/2019 4:35:56 AM Anti-Malware Starting database refresh 6/17/2019 4:35:56 AM Anti-Malware Database is upgraded to version v2019.06.17.05. Source: Management Server 6/17/2019 2:25:17 AM Anti-Malware IP Protection started successfully

malwarebytes still quarantining ace.dll. Whats up?

we are still having this issue...

03/18/19 " 09:44:55.624" 346415632 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1163 "Received threat detection callback from ARW SDK, ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, Sha256Hash=e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1" 03/18/19 " 09:44:55.655" 346415664 11c8 0ecc DEBUG CleanControllerImpl mb::cleanctlrimpl::whitelist::SystemProtectedWhiteLister::IsObjectWhiteListed "systemprotectedwhitelister.cpp" 63 "SystemProtectedWhiteLister 'C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe' => 'Unknown'" 03/18/19 " 09:45:08.088" 346428097 11c8 0ecc DEBUG MBAMCoreImpl MBAMCoreImpl::ClassifyFile "mbamcoreimpl.cpp" 274 "File was successfully classified. FilePath=<C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe>. Status=<Unknown Object>." 03/18/19 " 09:45:08.416" 346428425 11c8 0ecc INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "arwcontrollerimplhelper.cpp" 1188 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. ObjectPath=C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, id=0x0" 03/18/19 " 09:45:33.926" 346453931 11c8 19a0 DEBUG AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwCleanupScheduler::ContainThreatsToRemediate "arwcleanupscheduler.cpp" 674 "Received a results callback from ARW SDK - ObjectPath = C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe, RegObjectPath = , ActionTaken=ARW_ACTION_KILL_PROCESS, Result = ARW_RESULT_SUCCESS, Type = Trace::OBJECTTYPE_FILE, RebootRequired = No" 03/18/19 " 09:54:52.937" 422637 1294 1454 DEBUG TelemCtrlImpl TelemetryControllerImpl::SendTelemetryRecord "telemetrycontrollerimplhelper.cpp" 1882 "Sending Telemetry Record: {""client"":{""architecture"":""x64"",""build"":""business"",""caller"":{""name"":""ARWController"",""trigger"":""Detection""},""filesystem"":""ntfs"",""os_version"":""Windows 7 Service Pack 1"",""program"":""MBRW-B"",""version"":""0.9.18.806""},""header"":{""installation_token"":""E1zQCHWxzpraKTqMyLyi1548698427"",""machine_id"":""db8f980da2439a7c0db72fca78a21c02c273396d"",""time"":""2019-03-18T09:45:34-04:00""},""license"":{""license_state"":""licensed""},""nebula"":{""nebula_account_id"":"""",""nebula_ea_plugin_version"":"""",""nebula_ea_version"":"""",""nebula_group_id"":"""",""nebula_job_id"":"""",""nebula_machine_id"":"""",""nebula_machine_name"":"""",""nebula_origin"":"""",""nebula_policy_etag"":"""",""nebula_policy_id"":"""",""nebula_schedule_etag"":"""",""nebula_schedule_id"":""""},""ransomware"":{""detections"":[{""disposition"":""ARW_ACTION_KILL_PROCESS"",""md5hash"":""e0b7029d438aa731078c1819de274c276d226cae2347d8f5d528469ae08c20e1"",""pid"":1712,""proc_path"":""C:\\Program Files (x86)\\ScanSoft\\PaperPort\\PaprPort.exe""}]}}"

this is where I found it - 😄\ProgramData\Malwarebytes\MB3Service\logs MBAMSERVICE.zip

still getting reports of paprport.exe being blocked by anti-ransomware

there is nothing in the quarantine below is from the user The workstation has given this Malware message on Tues and Wed. When this message appears, the PaperPort scanning program stops working and doesn't work even if the computer is rebooted. If I go into Documents and delete or move all the scans that were completed before, it will function again.

file from pc PaprPort.zip

c:\program files (x86)\scansoft\paperport\paprport.exe is being flagged as ransomware

yep - no more emails......

JUST GOT A NEW UPDATE DATABASE AND IT IS WORKING?!?!?!?!?!