Aardvark

I wasn't able to do, as the addon was non-responsive. It was also using around 6GB of memory when enabled and prevented Firefox from closing. I removed the addon, re-installed it, and its fine now. Same version, etc. Unsure what was going on there. Everything seems to work fine now.

Same issue for me. OS: Windows 10 Pro 22H2 (19045.2965) Browser: Firefox 113.0.1 (64-bit) Browser guard: 2.6.2 Symptoms: With browser guard enabled, tabs don't load. Disabling the extension resolves the issue. I'm not able to run the support tool right now, but when I get some time I will.

That worked.

I was using PowerShell to find duplicate files by file hash, export that list to a CSV. Everything worked fine. Then I tried to open the CSV with the default CSV editor (in this case Excel) by just opening the file. E.g. C:\Temp\DuplicateFiles.csv This triggered the following and shut down the PowerShell window. In fact, trying to launch any file in this method produces the same outcome. E.g. if I were to just attempt to open a text file: c:\temp\textfile.txt It only works if I launch the application first, with the file as an argument. notepad.exe c:\temp\textfile.txt Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 20/02/2022 Protection Event Time: 10:01 Log File: 36e4d0ae-91e0-11ec-9fea-107b4417fed6.json -Software Information- Version: 4.5.2.157 Components Version: 1.0.1562 Update Package Version: 1.0.51373 Licence: Premium -System Information- OS: Windows 10 (Build 19043.1526) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent - T1003 - Credential Access, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Protection Layer: APT Behavior Protection Protection Technique: T1003 - Credential Access File Name: URL: (end) Is this expected behaviour? I believe I'm running the most recent version of MalwareBytes.

MalwareBytes is detecting Rufus as a generic malware-ai (https://blog.malwarebytes.com/detections/malware-ai/). Open source tool located here: hxxps://github.com/pbatard/rufus/. Detection results: Malware.AI.4289186887, C:\FILES\DOWNLOADS\RUFUS-3.9P.EXE, No Action By User, 1000000, 0, 1.0.44998, E8638A74F765734CFFA7CC47, dds, 01425064, D8B30D4C4DBC07B11573481B58ADCD4B, D761D571BB4DCF5164484F3B573FE1C420444C77176F14D52AE5909D02360C75 Virus total info: https://www.virustotal.com/gui/file/d761d571bb4dcf5164484f3b573fe1c420444c77176f14d52ae5909d02360c75/community.

Sure, it doesn't block visually, just a tracking cookie block I think. I did try upload a screenshot earlier but it kept failing to upload for whatever reason. I didn't sign up for a pay account either. I've switched to a different machine and it was the same. I can hit the login button on the news.com.au website, it redirects me off to login.newscorpaustralia.com. I sign in and it seems to go through, but after being redirected back to news.com.au from login.newscorpaustralia.com you're not signed in. I'll PM you the logs.

I recently tried logging on to a news website to comment on a news article. Domain: news.com.au Issue: Unable to authenticate. Debug log: {"@timestamp": "2021-08-20T05:01:00.000Z", "message": "ANY: Just matched "tags.tiqcdn.com" in database: "mbgc.db.ads.2", "level": "INFO"} {"@timestamp": "2021-08-20T05:01:00.000Z", "message": "BTW: (URL_BLOCK) ad match found for hxxps://tags.tiqcdn.com/utag/newsltd/auth/prod/utag.js on hxxps://login.newscorpaustralia.com/authorize?client_id=XXX&response_type=token id_token&scope=openid profile&audience=newscorpaustralia&site=newscomau&redirect_uri=https%3A%2F%2Fwww.news.com.au%2Fremote%2Fidentity%2Fauth%2Flatest%2Flogin%2Fcallback.html%3FredirectUri%3Dhttps%3A%2F%2Fwww.news.com.au%2F&state=XXX&prevent_sign_up=true&open=login&source_code=NWWEB_ONS_100_H&nonce=XXX&auth0Client=XXX", "level": "INFO"} I've found the work around for this is trust login.newscorpaustralia.com in the extension, otherwise it breaks with Auth0 integration from the site. Not sure if there is a permanent solution for people who wouldn't figure out how to do this?

Correct, there is no website. As I said, this domain only hosts internal resources. But no matter what I type in, it comes up as hosting a trojan. E.g. Website blocked due to trojan Website blocked: sadkjfksdj234123413241234dfsdsfafkljdsaf[dot]porthos[dot]oflaherty[dot]family Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue.

FYI this is only happening in Browser Guard, MBAM does not have any issue (also running on the same devices...).

I believe this is being incorrectly categorised as distributing a trojan. Being that it has no Internet facing resources this seems like an error of some kind. How do we find out what trojan this is allegedly distributing? Website blocked due to trojan Website blocked: oflaherty[dot]family Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue.

Not showing as blocked for me either now. Went and had breakfast, came back and sorted...very strange.

Looks like a bad definition went out. Website blocked due to phishing Website blocked: www.australia.gov.au Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue. Website blocked due to phishing Website blocked: www.suncorp.com.au Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue. Website blocked due to phishing Website blocked: www.espn.com.au Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue. Website blocked due to phishing Website blocked: www.auda.org.au Malwarebytes Browser Guard blocked this website because it may contain malware activity. We strongly recommend you do not continue.

Product: MalwareBytes Browser Guard URL: hxxps://wo.ws/2ynVyTx Block reason: Reputation Website blocked due to a suspicious top level domain (TLD) Website blocked: wo.ws Malwarebytes Browser Guard blocked this website because it may contain scam activity. We strongly recommend you do not continue. World of Warships short URL service.

Not doing it for me any more either 👍

Product: MalwareBytes Browser Guard URL: hxxp://wiztreefree.com/files/wiztree_3_35_setup.exe Block reason: Reputation Website blocked due to suspicious download Download blocked: wiztree_3_35.setup.exe Malwarebytes Browser Guard blocks downloads that either come from websites that see relatively light traffic or may contain potentially malicious content. This is intended to protect you from new scams. However, if you trust content from this site and would like to proceed, click "Continue". Just an alternative software to WinDirStat for finding disk consumption in Windows.