lock

Yes, most (if not all) filter about port, protocol and URL/IP.

Do you think would be useful to have a sticky about what we should ABSOLUTELY allow in a firewall and what is RECOMENDED to allow?????

I have telemetry disabled, yet is asking for connection. I blocked it, and MBAM doesn't complain, is checking for program updates So, if something is determined to be "anomalous" by the cloud will be detected on the spot or is just one way info (from my PC to the cloud)????

Connection through child is a way of bypassing the firewall rules: for example you allowed "Mbamservice.exe" to access the internet and blocked "Assistant.exe" to access the internet.However, Assistant.exe can start the child " Mbamservice.exe" and access the internet. So far I have: C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe ALLOWED: 443 TCP to my-device.malwarebytes.com 443 TCP to keystone.mwbsys.com 443TCP to sirius.mwbsys.com BLOCKED 80 TCP to 13678.dspb.akamaiedge.net 80 TCP to crl.microsoft.com 443TCP to cdn.mwbsys.com 443TCP to iris.mwbsys.com 443TCP to telemetry.malwarebytes.com 443TCP to hubble.mb-cosmos.com Can anyone explain what each and every connection is doing and why we should accept it? Thanks!

Anybody can specify ALL firewall rules for MBAM??? Especially I have these: C:\Program Files\Malwarebytes\Anti-malware\Assistant.exe 1. Allow connect through child YES or NO? C:\Program Files\Malwarebytes\Anti-malware\Mbamservice.exe 1. Allow connect through child YES or NO? 2. TCP /443 to "hubble.mb-cosmos.com" YES or NO? Thanks!

''....direct access to the license activation system and will be able to deactivate the software from your previous installation so that you may activate it on your current one. '' unless you have proof of ownership, they will not do that.

Why such ambiguity???? "Certainly"??? "the idea"??? "is something"??? "considering"??? MBAM bought WFC to integrate it into the main product. No ifs ands or buts...

Are you familiar with crash tests rating in automotive industry? They use a mannequin instead of a human being , which doesn't press the brake before the crash (like in real life) and doesn't try to steer clear before the crash (like in real life) and doesn't oppose any force in arms (like a real person) Yet , these tests are standard in industry and the rating is accepted by everybody even though THEY ARE NOT BEING PERFORMED IN REAL LIFE SITUATIONS. Your whole argument is only to justify why MBAM refuses to participate in ANY tests ; among MBAM shields the Web protection is the weakest one with extremely high rate of FP ( it seems like the developers just wait for people reaction to "remove the block in next update") So, without the Web shield , MBAM could perfectly fit in AV Test / AV comparative methodology , but when it did it the result was disastrous. So, it seems more profitable to keep alive a myth rather than prove something. In over 5 years of running MBAM pro and MSE, Malwarebytes never detected anything , on 3 computers, so I do not believe.

From what I understood WFC will be integrated in MBAM, so will be updated with MBAM. If you paid 10$ you can still activate WFC 5.3.1.0 (the one which doesn't call home MBAM) . After integration of WFC in MBAM I doubt WFC will still be maintained as a separate entity.

Where did you get your premium license in the first place. (email,retail) ? Is there.

Yes, but I added iexplorer.exe in hmpalert64-test.exe and I got only 1 alert from all the tests, with IE open.

But under the same name????

Among protected applications it is iexplore.exe. So which iexplore.exe it is, 32 bit or 64 bit? both have the same name , and if I try to add it I get "This application is already being protected" Thanks!

Thank you for your answer! I downloaded hmpalert-test.exe from Sophos to test antiexploit capabilities of MBAM and I did not get any reaction. http://dl.surfright.nl/hmpalert64-test.exe Do you care to explain why?

When on Virus Total "one competitor" detects something and the other 75 NOT, we do not assume that the "one competitor" is wright and the rest of them wrong. Simply we classify the item as FP and we do not go and ask the other 75 why they did not detect it. In fact I did ask ESET , some time ago , and the answer was: mbae-test.exe it is not an exploit and doesn't behave like an exploit, that's why is not detected.

Tested also on ESET and ZERO reaction again.

Sophos Home detected the exploit as " Malwarebytes Anti-Exploit -Exploit test" ; that means the test is not detected as a generic exploit but rather based on a specific signature added by Sophos . Just tested with Vipre and ZERO reaction!!!!

Just out of curiosity, if an antivirus detects a virus based on its behavior / HIPS blocker (so basically detected on execution) how MBAM will react ? (MBAM is design also to detect on execution rather than access) Which one will grab it first????

With all due respect, if you do not know how the Malwarebytes exploit test works, based on what you assume that actually replicate exploit behavior??????? As I said (and inquired several times on this forum) , mbae-test.exe is not detected by anybody else as an exploit ( I tested with al least 5 security solutions), so clearly is just an innocent file with the signature added to mimic detection.

exile360 is absolutely right; such test doesn't mean ANYTHING!!!! The participant will simply add the signature to their detection list and that's it! The same is valid for so called "mbae-test.exe" from Malwarebytes which is supposed to show you that the antiexploit shield works; is just a simply signature added to their list and not an exploit . No other antivirus which has an antiexploit shield would detect "mbae-test.exe " as an exploit, so we can say that is nothing else than an ordinary fake!

So, the registry left behind after the antivirus did the cleaning are harmful? Can the registry themselves cause any reinfection or adverse effect?

Registry Cleaners are characterized as "shake oil" on this forum, and the whole idea is that they do more harm than good, and removing "orphaned" registry from uninstalled software will not improve anything. That being said, I notice multiple times MBAM detecting registry keys from previously removed malwares (removed by an antivirus). So, why is that??? Why having MBAM removing orphaned registry is OK but having a registry cleaner doing that is "snake oil"????

Why not? MBAM was proud to post a link in which we can see MBAM protection working on PC's with another antivirus installed, see here: https://www.malwarebytes.com/remediationmap/ If the stats are so impressive, why not share with the users???? Any way, would be the only stats ever provided regarding MBAM efficiency...

FP's to be called "minimal" have to be in the range of 20%-50% confidence. When the machine learning classifies something as malicious with a probability of 97% when in fact it is not, is hard to say that " FP rate as opposed to actual valid detections is minimal " Just look on this forum! You can continue to add all reported items to the "white list" but this is a futile exercise; is like trying to empty the ocean with a teaspoon. I bet there are thousand of users who do not report the "Anomalous detection FPs"

If the heuristic engine believes , with 97% confidence, that the specified file is malicious when in fact it is not, what value can add overall to the detection strategy??? Why persisting with this "machine learning" which seems to be a total failure???