[Hi miekiemoes,]

You locked the topic so I have to create another one:

About "Web Protection...how the list is maintained"

1. So, once the list is created, nobody ever will review it? Just wait for somebody to report a wrong block???

2. Which one is your "hphosts" from ublock origin, see below:

 

Thanks!

[many false positives]

11 minutes ago, CillaR said:

Malwarebytes new version 3.6.1.2711 is flagging a lot of "trojans", leading me to think they're false positives.  I clicked to open msn.com today and immediately flagged (s.aolcdn.com) 192.229.211.36 as a trojan.  I temporarily excluded it .  I googled the address and came up with  error 404 - page not found.  FYI

Just take a look at Website blocking false positives:

https://forums.malwarebytes.com/forum/123-website-blocking/

7 from 10 reported are indeed FPs.

So, you can judge yourself...

[can someone please clarify]

12 minutes ago, soulalways said:

hi,

ok...what would you recommend please ?

thankyou for replying LOCK...

What I am running now , very table is Win7 64bit +MSE 4.10.209 (as my antivirus) + MBAM paid (but Web protection off) + PC Tools Firewall Plus (as firewall) (add all required exceptions)

If you do not like PC Tools, you can use Windows Firefall Controll from Binisoft (is free now, is an interface for Windows firewall)

As browser  Firefox + Malwarebytes extension (is free) + ublock origin

I had good results with ESET as antivirus , also Bitdefender free.

[can someone please clarify]

4 minutes ago, soulalways said:

MB is also an anti virus or not

MBAM is not an Antivirus!

Doesn't have the capabilities of an Antivirus, regardless how is advertised on Malwarebytes site.

So, get a good antivirus (not very sophisticated because will conflict one way or another with MBAM) and add MBAM paid.

From my own experience of over 5 years running MBAM, I can say that I did not see any benefit running it on top of a good antivirus.

[Web Protection...how the list is maintained]

Hello,

For long time now, the FP's for Web Protection seems to be out of control.

Just out of curiosity, look in the specific area of this forum and you will see that 7 out of 10 reported FP's are indeed FP's , with the well know answer "Thanks.Block is being removed"

My question is how do you generate the list of blocked site OR where are you getting this list from???

With this amount of FP's, the Web Protection is very questionable if not equal to ZERO. In fact I disabled the Web protection on my PC and I use something else (ublock origin)

Thanks!

[Malwarebytes got removed]

21 minutes ago, eriko89 said:

malicious software that would try to remove it?

Malwarebytes has a "self protection module in Settings /Protection, so in theory soul be self protected to removal, bu who knows?

I would run the uninstall tool provided by Malwarebytes (MBAM clean.exe)  from here:

And reinstall it from scratch.

[Malwarebytes got removed]

51 minutes ago, eriko89 said:

Should I be worried about any risk?

If Malwarebytes got removed without your knowledge or action, what is your best guess: should you be worried or not?

[Malwarebytes licence error. (MBAM404101)]

3 hours ago, adas said:

You can also remove the telemetry.malwarebytes.com entry

DO NOT remove the telemetry!!!! Disabling the telemetry in settings doesn't stop MBAM sending data about your PC to their servers.

This has been discussed and agreed upon on this forum.

[Malwarebytes sending Telemetry despite option is turned off!]

8 hours ago, Wutai said:

Explain please!

It is not only the telemetry; MBAM will establish over 18 connections to outside world , see here:

So, unless you have a good firewall to selectively block the connections, nothing can be done!

Still waiting for an official ansver from Malwarebytes.

[Firewall Rules]

29 minutes ago, exile360 said:

I also believe that one of the aspects of the cloud/Machine Learning heuristics

Thank you for your explanation.

If you have any "connections" with Malwarebytes management , can you push this issue , please?

Malwarebytes is connecting now (or is trying to connect) to at least 18 websites , so is very confusing to figure out which connection is legit, which is absolutely necessary and which is not.

Thanks!

[Firewall Rules]

8 minutes ago, exile360 said:

Web Protection component functions/is installed.

I have Web protection disabled.

However, I use Firefox with Malwarebytes browser extension 1.0.30

 

[Firewall Rules]

Mbamservice.exe    [C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe] is trying to connect to  TCP port 80 to:

cs9.wac.phicdn.net

crl3.digicert.com

crl4.digicert.com

ocsp.digicert.com

All these sites they do not seem to be related to Malwarebytes; So, are these connections legit or my Malwarebytes is compromised somehow?

Thanks!

[Testing detection functionality]

1 hour ago, randombytes said:

As for intentionally not detecting EICAR, Malwarebytes is doing us customers a disservice

It is not only this. By intentionally not detecting EICAR, MBAM reserves the right to say, down the road, that intentionally  did not detect this or that for various reasons.

Look for example of their anti exploit test file  mbae-test.exe ; it is not detected by ANY antiexploit in the market but MBAM !!!!

This is not classified as " an extremely outdated method of testing " and is OK , but Eicar not.

 

[Firewall Rules]

Hello,

Any news about what/where is MBAM communicating?

I need these to create my firewall rules.

Shouldn't be so complicated to ask the developers about something which is ALREADY implemented in MBAM.

[Virus not detected]

18 minutes ago, David H. Lipman said:

Lock:

If you have a question on "Web Protection", please start a new thread.

 

Ok, sorry if my mix-up created confusion.

[Virus not detected]

40 minutes ago, David H. Lipman said:

As a Web site that exist on the Internet, there is no software generating it on the PC in question for Malwarebytes' software to find.

So, do we need the "Web protection" or not???? As long as "there is no software generating on the PC" , why have "web protection" and not wait for the "software to be generating on the PC" and be detected by the other shields?

[35,569 quarantined items - what to do?]

1 hour ago, stonehopper said:

There are 35,569 items in the quarantine folder.  That can't be right??

This is within the first 15 minutes of using Malwarebytes. Now I don't know what to do about all of those items and have no way of telling if they are really junk files and can be deleted.  I'm worried about what to do about the contents of this folder and if any of the items are important to keep.

Would appreciate guidance.

Are you using an antivirus???   Did your antivirus quarantine something???

Restore several items from Quarantine and check them on VirusTotal.

[Firewall Rules]

3 hours ago, exile360 said:

I hope that helps to clarify things

Thanks, but I need specifics in order to create firewall rules.

[Firewall Rules]

Hello,

The question has been asked before but I did not get a clear cut answer.

It seems like ever .exe from MBAM is trying to communicate OUT over internet:

 

C:\Program Files\Malwarebytes\Anti-malware\Mbam.exe

TCP 443 to    www.malwarebytes.com

TCP 443 to    cleo.mb-internal.com

TCP 443 to    links.malwarebytes.com

 

C:\Program Files\Malwarebytes\Anti-malware\Mbamtray.exe

TCP 443 to    cleo.mb-internal.com

TCP 443 to    www.malwarebytes.com

TCP 443 to    cdn.mwbsys.com

TCP 443 to    links.malwarebytes.com

 

C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe

TCP 443 to    iris.mwbsys.com

TCP 443 to    my-device.malwarebytes.com

TCP 443 to    cdn.mwbsys.com

TCP 443 to    sirius.mwbsys.com

TCP 443 to    keystone.mwbsys.com

 

C:\Program Files\Malwarebytes\Anti-malware\Assistant.exe

* communicates using Mbam.exe

 

Can anybody clarify, please , why there is need for such "correspondence over the internet and which connection is ABSOLUTELY necessary for MBAM to work properly?

 

Thanks!

lock

[Firewall Rules]

links.malwarebytes.com ?

 

Thanks!

[Consumer Reports bad Malwarebytes review]

7 hours ago, exile360 said:

This is why Malwarebytes has invested so heavily in signature-less and behavior based technologies to augment their base Malware Protection component because their threat Researchers and Developers have discovered this truth

And all the other Researchers and Developers are stupid and still in the dark???

Malwarebytes did not discover anything: they simply bought whatever product was available on the market, (ransomware shield, antiexploit shield)

In-house products (web shield. anomalous detection) are not quite successful, look at the amount of FPs in this forum ... (many reports with 100% anomalous detection which are FP's in fact)

So, let's not exaggerate.... 

[Consumer Reports bad Malwarebytes review]

5 hours ago, exile360 said:

AV replacement means that it is capable of preventing infection by the same broad landscape of modern threats faced by systems today on the web, rather than using some limited database that only detects a small sub-set of infections currently in the wild. 

Do you hear yourself???

Malwarebytes  marketed as an AV replacement means "dich your antivirus and use only malwarebytes" nothing else!

5 hours ago, exile360 said:

Malwarebytes is now capable of stopping attacks at multiple points in the attack chain without having to rely on huge databases of signatures

What happened with "Malwarebytes doesn't target older malwares than 6 months?

 

[Compatibility ...the Achilles' heel of MBAM]

MBAM has continually grown since v1.75 , adding various shields (by purchasing software)  and today the compatibility is going to be the main issue with MBAM.

Version 3.5 is very likely to interfere with any antivirus which is running on the same computer; adding the exceptions MAY solve the problems but this will introduce additional risks on your defense.

Your antivirus has definition updates daily and major updates several times a year; this major updates are very likely to conflict with MBAM and again , developers have to workout a solution , over and over again.

On long term this is not feasible. 

So, either MBAM will became as soon as possible a fully flagged antivirus (by buying a well known antivirus engine)  OR

slowly slowly user will abandon the software , keeping only one major Antimalware solution on their PC.

[How to convert ID License to just a License Key?]

On ‎9‎/‎12‎/‎2018 at 4:14 AM, achzone said:

Hi,

I still have a number of valid lifetime licenses I purchased for Malwarebytes Premium, but recently purchased a MAC computer and want to use one of them on the MAC.

Problem is that the Licenses I have are in the format:

ID: XXXXX-XXXXX

Key: XXXX-XXXX-XXXX-XXXX

The MAC Malwarebytes only wants a License Key and does not accept the Key: as shown above as a valid entry to Activate the License.

How can I convert the above format license into a format the MAC will accept?

Many thanks for any help.

Andrew

 

What about installing an older version of MBAM which still accepts ID +KEY and after that update MBAM???

[Malwarebytes Premium + Windows 10 Defender?]

23 minutes ago, cdettman said:

that it's more important to use a good anti-exploit program, makes sense to me.

I figure if I'm going to go with Malwarebytes Premium, I'd prefer not to install a commercial anti-virus (or one of the free versions) and rather just allow Defender to do its job.

I know this forum is likely to be strongly biased towards supporting Malwarebytes, but if anyone can offer an objective view on this, I'd appreciate it.

You can use only the Antiexploit part of MBAM (which is free) on top of Defender.

https://www.bleepingcomputer.com/download/malwarebytes-anti-exploit/

Of course the full paid MBAM has more shields, however from my own experience of 5 years and 3 computers ,I never had a detection initiated by MBAM Pro before MSE (or Defender in Win10)