Jump to content

Warb

Members
  • Content Count

    4
  • Joined

  • Last visited

About Warb

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The only results to a search (in Process Explorer) for mbae are a bunch of 23 Chrome and Firefox processes using mbae64.dll (this is with exploit protection running having been started with Java incoming initially off, then switched on, then Unifi started). Under the same circumstances, searching for java results in a large number of java.exe/javaw.exe entries, some unifi entries and a couple of Apple entries, but nothing from the Malwarebytes stable that I can see. Searching for unifi also pulls up a large number of entries, again nothing obviously linked to MWB. If I have time later I'll restart MWB with exploit protection and the Java incoming setting switched on (i.e. set up to kill Unifi) and see if any MWB entries appear in these searches, but for now it "looks" like there are no direct links, at least in the "running OK" configuration.
  2. At present I am unsure of the consistency of MWB4. Last night, after reading exile360's message above, I retested and at that time I could start and stop both Unifi and MWB4's exploit protection (with Java incoming either on or off) in any order and Unifi would run happily. That was in contrast to earlier in the day, when I needed to follow a particular order as described previously. This morning I stopped (quit) MWB4 and restarted it, and the behaviour is exactly back as it was earlier yesterday, i.e. I need to start MWB's exploit protection with Java incoming switched OFF to get Unifi to run, and afterwards I can re-enable Java incoming. I do not recall whether I actually restarted MWB 4 from scratch last night (it was late). Very frustrating!
  3. The Ubiquiti Unifi network monitoring system uses Java. Previous versions of Malwarebytes have required an exception to be added to exclude the various components of Unifi to allow it to run correctly. After updating to MWB 4 (which inherently keeps all the existing exclusions that allowed Unifi to work under MWB v 3.x), I have discovered that no amount of exceptions/exclusions seems to allow Unifi to run properly, MWB simply throws up a generic "malicious incoming Java socket" alert and blocks it. Initially, simply disabling the 4 categories of MWB protection did not to allow Unifi to run, but after rebooting the PC with all protections OFF, I have found that I can re-enabled web, malware and ransomeware protection and still have Unifi working. What is more, whereas initially I found disabling protection did not fix the problem, after a reboot it seems that whilst enabling exploit protection kills Unifi, disabling it (without a reboot) allows it to run again. It looks like MWB 4 is not correctly using the file and directory exclusions to allow incoming connections to a Java application. But....Turning Java Malicious incoming shell protection OFF allows exploit protection to be switched on without killing Unifi. Interestingly, once exploit protection is running the incoming shell protection setting can be switched back on, and Unifi will continue to run. Disabling exploit protection and enabling it again (with incoming shell still switched ON) kills it instantly. So for now I have exploit protection ON, incoming shell protection ON and I am able to use Unifi. However a reboot of my PC without changing any settings will kill Unifi, and I'll have to disable exploit protection, disable incoming shell, re-enable exploit protection and finally re-enable incoming shell protection to have it all working again. Obviously this is less than ideal (understatement), but I thought I'd post it here in case anyone else finds the same problem.... Maybe Malwarebytes could fix this now I've done the diagnostic work?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.