Jump to content

dlvphoto

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I'll add one more log to the mix. I'm getting the dropbox block on port 17500 but also getting blocked on port 63618 when my canon scanner software reaches out to the network to get status from my wireless printer/scanner/fax. It looks to me like it's blocking based on an attempt by anything to broadcast to the network and not any specific application. Once I get a few minutes I'll do some more specific digging and see if I can trigger it myself and eliminate the application aspect. -- logs -- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/20/17 Protection Event Time: 2:43 PM Log File: 0aec44f0-ce2b-11e7-9cab-305a3a589034.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3304 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 255.255.255.255 Port: [63618] Type: Outbound File: C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (end)
  2. There were no specific actions. I had no files being synced and nothing new had been synced to my dropbox folders in several days. Other than the normal process running in the background watching my shared folders, there was no other action going on. MWB has had no alerts or warmings of any of the content in my dropbox folders either, which is what I would have expected rather than the dropbox executable itself.
  3. Can you give some idea when the patched version of your detection engine will be released? I just had to reinstall the eve launcher on my system from a false detection that occurred a couple of hours ago. This is the second time in a couple of weeks that MWB has killed a legitimate major application due to false detection. After several years of flawless operation, I am becoming concerned with the reliability of your software.
  4. I confirmed that the dropbox.exe was deleted from my system before reinstalling Dropbox. The re-installation required me to disable malwarebytes completely before it would allow me to do so. Since then, I have had no further issues and the current updated signature database seems to be interpreting dropbox properly. I appreciate the nature of the task MWB has to perform and the line between something like dropbox and a malware dropper is a very fine one as far as automatic detection goes. However, closer coordination with the companies that publish the legitimate applications to ensure your signature databases have a good "friend / foe" recognition table would help prevent this kind of thing. (on a side note: It always amuses and pleases me to see MWB block outbound attempts for itunes to contact apple's me.com servers every time it launches. No free data for Apple!)
  5. It wasn't quarantined, but it was deleted from my system. I am going to have to reinstall Dropbox to get it functional again. Is there any indication why dropbox was tagged with a false positive?
  6. During a scan today, Malwarebytes tagged dropbox.exe as ransomware and, though it claimed to quarantine the dropbox.exe file, I do not see anything in the quarantine list in the MWB interface. Attached is my mbamservice.log. MBAMSERVICE.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.