DMC

As of 9pm on 14 July 2022, MWB Nebula began quarantining .DLL files with the same Malware.AI reference number. We have discovered (the hard way) they belong to Pharos' print service. Example: Quarantined Detection Data Name: Malware.AI.2373423128 Category: Malware Type: File Location: C:\WINDOWS\SYSTEM32\PSR9265C.DLL Detection ID: e8573994-03e1-11ed-bed4-54b3aefc7b09 Endpoint: redacted Scanned At: 07/14/2022 9:00:02 PM Quarantined At: 07/14/2022 9:00:03 PM Reported At: 07/14/2022 9:11:23 PM Scan ID: 07134216-8dad-4442-b7f6-7f5155fb551a Other files names quarantined include: C:\WINDOWS\SYSTEM32\PSR04AB0.DLL C:\WINDOWS\SYSTEM32\PSR0904A.DLL C:\WINDOWS\SYSTEM32\PSR0BEC1.DLL C:\Windows\System32\PSR0D8AD.DLL C:\WINDOWS\SYSTEM32\PSR10A58.DLL C:\WINDOWS\SYSTEM32\PSR128E1.DLL C:\Windows\System32\PSR1941E.DLL C:\Windows\System32\PSR1F19F.DLL C:\WINDOWS\SYSTEM32\PSR1F633.DLL C:\WINDOWS\SYSTEM32\PSR253AF.DLL C:\Windows\System32\PSR360A0.DLL C:\Windows\System32\PSR3927E.DLL C:\WINDOWS\SYSTEM32\PSR42D95.DLL C:\WINDOWS\SYSTEM32\PSR6AB4F.DLL C:\WINDOWS\SYSTEM32\PSR85000.DLL C:\WINDOWS\SYSTEM32\PSR8CE2C.DLL C:\WINDOWS\SYSTEM32\PSR9265C.DLL C:\Windows\System32\PSR9C828.DLL C:\WINDOWS\SYSTEM32\PSRAF59B.DLL C:\WINDOWS\SYSTEM32\PSRB7D8E.DLL C:\WINDOWS\SYSTEM32\PSRBA0C3.DLL C:\WINDOWS\SYSTEM32\PSRC07D3.DLL C:\WINDOWS\SYSTEM32\PSRCFA07.DLL C:\WINDOWS\SYSTEM32\PSRD6CAA.DLL

Hi KDawg, The issue seems to be slowing with the forced introduction of v2018.12.13.09 and the removal of a daily scheduler scan that restarts the PC (if needed) to complete threat removal. Is there a way to restore the quarantined item other using our client management service to forcibly push out a replacement .dll? Thank you, Daniel McIntyre

Greetings MWB Folks, We're experiencing a sudden rash of PC reboots due to MWB Managed Client 1.9.0.3671 quarantining C:\Program Files (x86)\Google\Update\1.3.33.17\goopdateres_hr.dll and rebooting the computers without warning. All of the affected systems have database version v2018.12.13.08. Please advise when you have a moment. Thank you, Daniel McIntyre

Greetings, We're seeing the same issue here. IE v11.0.9600.18638 (running under W7 ENT 64-bit) will launch, but it never displays any content in the window or in the URL field. Entering a URL fails to produce any content or any indication that IE is attempting to load a site. Clicking on the IE "Config Wheel" shows most of the options are greyed out", though Internet Options can be accessed via Control Panels-->Internet Options instead. Closing and quitting IE may or may not allow normal behavior. Stopping and disabling the MBAE service and restarting appears to correct the issue. We're running MBAE 1.09.2.1384 via MWB Console v1.7.0.3208 with MBAE client set up auto-update. Thank you for looking into this issue! Daniel Logs.zip