Jump to content

lock

Members
  • Posts

    388
  • Joined

  • Last visited

Posts posted by lock

  1. 3 hours ago, exile360 said:

    There isn't a category of existing threat known that Malwarebytes is incapable of targeting with at least one if not multiple layers of the protection it provides, however if you know of any examples of any live in-the-wild threat categories/types that are not covered, you are certainly welcome to list them

     

    Well then, if  "there isn't a category of existing threat known that Malwarebytes is incapable of targeting ???" , Malwarebytes should be very successful in participating in AV Comparatives or AV Test.

    Up to that time is only your world , as Malwarebytes employee.

  2. "Can I replace my antivirus with Malwarebytes for personal use?"

    Mr. David H. Lipman provided a comprehensive answer to this question here:

    In a nutshell , the answer is NO, MALWAREBYTES CANNOT REPLACE AN ANTIVIRUS

    • MBAM is incapable of dealing with File Infecting Viruses
    • MBAM is incapable or removing malicious code that has been prepended, appended or cavity injected into a legitimate file
    • MBAM does not target script malware files via signatures
    • MBAM is not a historical anti malware solution.

    So exile360, what is so difficult to understand????

  3. 1 hour ago, dcollins said:

    As for your why nothing showed up

    I tried again with "AntiTest.exe" from Spyshelter.  "AntiTest.exe" is not detected by MSE as malicious but it is detected by MBAM.

    Tested on 3 different PC , 2 of them without firewall ; triggered MBAM detection 10 times but NO DOT popped up on the map.

    I cannot provide logs as I am concerned about privacy (hence blocking all telemetry in normal operation)

    However, this is easy to reproduce by anybody , so if you will try it and get a dot on the map, I am OK.

    So far, the only conclusion is, that the map has nothing to do with reality.

    But I may be wrong (wouldn't be the first time!)

  4. 18 minutes ago, dcollins said:

    based on your previous posts, you also have our telemetry server blocked, so this makes perfect sense why you didn't see the dot

    In my situation, telemetry was blocked at firewall level; as I said,  disabled the firewall prior the test

    20 minutes ago, dcollins said:

    I have our telemetry servers blocked at my house so I don't flood our servers with my test data

    That is  funny explanation why you blocked telemetry....I am quite sure the servers can handle millions of transaction , so data from your house will not "flood" them .

  5. Hello,

    Another user posted a question which disappeared meanwhile...

    "How to test "Malwarebytes remediation map""

    So, I tried to reproduced what the OP posted and I did not get any reaction on the "Remediation Map"

    I was able to zoom on the map the area I live in (no detection)
    Now, I disabled my antivirus and my firewall and unzipped a malware and scan it with MBAM.
    Sure enough, MBAM detected it and I quarantined.

    Repeated several times.

    NOT A DOT POPPED UP ON THE MAP.

    So, how does it work???

    On some other forum somebody posted a funny map:

    image.png.0a9108600bb5bcb7bc5e387f422985a5.png

     

  6. 10 minutes ago, exile360 said:

    As for updating it, it takes much longer than 1 minute because every change he submits must go through a review and approval process to make certain it is accurate and acceptable

    If the process to make sure is accurate and acceptable is so laborious, how come NOBODY involved in this process noticed the missing hot potato, "telemetry"

    exile360, you seem a nice knowledgeable guy, but statements like this just add insult to injury...

  7. 14 minutes ago, exile360 said:

    telemetry.malwarebytes.com:443 is NOT the same sub-domain as www.malwarebytes.com:443

    my firewall did not detect any attempt to connect to www.malwarebytes.com:443  , so my best guess is that the member of support tried to "substitute" telemetry.malwarebytes.com:443  with www.malwarebytes.com:443 for evident reasons.

     

    18 minutes ago, exile360 said:

    and already said he would revise it to include it.

    The revision would take 1 minute, yet nothing changed.

    I really do not understand why we need 3 pages on this forum , only to find out what /where /how Malwarebytes sends data from our PCs to outside world. 

  8. 2 hours ago, Fatcap said:

    apparently the process seems to have stopped after sending the data.
    I will continue to watch for this. There may be a delay between stopping sending statistics and stopping the process.

    Read this topic :

    and see what Malwarebytes is sending over the internet , one way or another: look how a firewall populated with rules is:

    image.thumb.png.1cfa1b9ffdba51dfd8cca45d6bd4a637.png

  9. 4 hours ago, AdvancedSetup said:

    California Consumer Privacy Act of 2018 concerning data collection and has passed legal review more than once

    Dear Sir,

    I am positive that Malwarebytes complains with California Consumer Privacy Act of 2018   but I do not know how is this relevant for a product sold internationally , where different legislation may apply.

    As a paying customer I have the right to "deliver" the data you collect or not. That's why you have a selection in "Application / Usage and Threat Statistics ON/OFF"

    However, even though the selection is OFF, Malwarebytes will continue to collect data, which it is not a fair practice.

  10. On 10/17/2018 at 6:14 PM, dcollins said:

    Here's the support article that lists why we reach out to certain URL's: https://support.malwarebytes.com/docs/DOC-2706

    Earlier another user advised to "trust" Malwarebytes...

    The "support article"  says the the connection to " www.malwarebytes.com:443 " is " Used to verify connectivity to the Malwarebytes servers "

    In reality the connection is to "telemetry.malwarebytes.com:443" and is used for telemetry....

    Why not being honest???? How do you want tho gain "trust"?????

  11. On 10/17/2018 at 6:14 PM, dcollins said:

    Here's the support article that lists why we reach out to certain URL's: https://support.malwarebytes.com/docs/DOC-2706

    I notice that you have some URL's not in this list, those are mostly related to Windows certificate validation and unfortunately that list is ever-changing, so it's not something we can easily document

    Thank you for following up with my request.

    Unfortunately the support article is pure informative; I cannot see any information about telemetry...

    Anyway, the way the information is presented is impossible to use in creating firewall rules; see below the Windows Firewall Control rules; so, which is what????

    image.thumb.png.c362ecdf7f7eae2002e9cd61c1638957.png

  12. 6 minutes ago, AP2012 said:

    Surely you either trust Malwarebytes or you don't?

    There are different degrees of trust; to begin with, my level of trust in Malwarebytes would increase if they will explain somehow each and every connection their software is making over the internet ( 24, so far , based on my firewall).

    I blocked all but 4-5 , and everything works fine , hence my question.

  13. 2 minutes ago, lmacri said:

    It looks like those were false positive detections by Malwarebytes Web Protection and that *.smbcb.com was eventually unblocked

    Thank you for your answer!

    *.smbcb.com  may have been a FP , but from being a FP to sending data to it , seems a long way.

    I have Web Protection off om my MBAM; I will wait for clarification from staff regarding the 24 remote connections initiated by Mbamservice.exe on TCP80.

    Thanks!

  14. 4 hours ago, dcollins said:

    What tool is showing we're reaching out to the site? Also, does this happen at the end of every scan for you?

    My firewall is PC Tools Firewall plus :

    image.png.cf05d60c40309fbf3beca4ffb87a78db.png

     

    I do not do frequently  a full scan (of a C drive), maybe this is first time in months, so I do not know if this will happen after each scan.

    However is worth mentioned that Malwarebytes services is trying to connect now to 24 remote addresses on TCP80 and 1 remote address on TCP443 for which I did not get any explanation; all of them are blocked, MBAM updates properly.

    I am eager to get an answer about MBAM connections to various remote addresses....(next week, as you said?)

    Thanks!

  15. 8 hours ago, dcollins said:

    I will do what I can to get the support article put together by the middle of next week

    Thank you very much for not ignoring my request!

    8 hours ago, dcollins said:

    Since this new post is basically the same question that you had before

    Meanwhile my firewall detected 17 new connections asked by Malwarebytes, hence the new post...

  16. 4 minutes ago, exile360 said:

    like database and program updates, the cloud components and of course licensing/subscription check-ins.

    For program updates is TCP 443 cdn.mwbsys.com

    For update check is TCP 443 sirius.mwbsys.com

    For licensing check is TCP 443 keystone.mwbsys.com

    For cloud classifications is TCP 443 hubble.mb-cosmos.com

     

    What about the rest of 17 connections? I do not want to live with the feeling that MBAM is collecting data about us and deliver i it to different channels...

  17. Thank you for your answer!

    What about :

    C:\Program Files\Malwarebytes\Anti-malware\Mbam.exe

     

    TCP 443 to    www.malwarebytes.com

    TCP 443 to    cleo.mb-internal.com

    TCP 443 to    links.malwarebytes.com

     

    C:\Program Files\Malwarebytes\Anti-malware\Mbamtray.exe

     

    TCP 443 to    cleo.mb-internal.com

    TCP 443 to    www.malwarebytes.com

    TCP 443 to    cdn.mwbsys.com

    TCP 443 to    links.malwarebytes.com

     

    C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe

     

    TCP 443 to    iris.mwbsys.com

    TCP 443 to    my-device.malwarebytes.com

    TCP 443 to    cdn.mwbsys.com

    TCP 443 to    sirius.mwbsys.com

    TCP 443 to    keystone.mwbsys.com

     

    C:\Program Files\Malwarebytes\Anti-malware\Assistant.exe

     

    * communicates using Mbam.exe

  18. Hello,

    [C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe ] is trying to connect to the followings:   

     

    TCP80

    cs9.wac.phicdn.net

    crl3.digicert.com

    crl4.digicert.com

    ocsp.digicert.com

    crl.microsoft.com

    www.microsoft.com

    ocsp.verisign.com

    crl.verisign.com

    e8218.dscb1.akamaiedge.net

    ocsp.thawte.com

    crl.thawte.com

    ts-ocsp.ws.symantec.com

    ts-crl.ws.symantec.com

    s1.symcb.com

    sv.symcd.com

    sv.symcb.com

     

    TCP443

    my-device.malwarebytes.com

     

    I have web shield disabled, so are all these connections legit?

     

    I would rather prefer an answer than having this post joint to the other unanswered ones!

    Thanks!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.