Jump to content

StroTech

Members
  • Content Count

    43
  • Joined

  • Last visited

About StroTech

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Anti Exploit not updating on some machines, multiple versions behind We have a few machines that are multiple versions behind our other machines. Cannot figure out why they are not updating like the rest. What info do you need?
  2. Our network is locked down and we cannot get the latest version of anti exploit from the posted link https://malwarebytes.box.com Also, is there a way to replace the version of anti exploit that we have on our malwarebytes management server? When we install it on a new computer, it does not seem to be updating to the latest version of anti exploit on its own. I would like to replace it with another copy in case it has some problem.
  3. k, how long should it usually take for a fresh install with an older version of anti exploit to get updated to the current version of anti exploit? Right now A computer we reinstalled the endpoint security on has version 1.11.2.55. Just reinstalled it yesterday.
  4. Also, is it ok to take a recent version of the anti exploit installer and put it into the package template folder on the malwarebytes management server? Then create an installation package.
  5. All of the computers are getting updated to that version, so will have to wait and see if the issue persists. I do have another question. Should the Malwarebytes Management Server automatically update its Package Template folder? Currently it still has version 1.11.2.55 of Anti Exploit. I know after it is installed that it will automatically update to the latest on the client, but is the package template folder version not supposed to get auto updated for future installation packages?
  6. Hello, had two exploit notifications after I updated Office 365, wanted to check and make sure they were false positives: "2018-07-12T10:00:51.226-05:00";"usernameh";"11412";"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE";"9948";"explorer.exe";"2";"502";"301";"0x18061784";"";"0x00020000";"0x18230000";"0x18134000";"0x1822F308";"";"";"";"";"" "2018-07-12T10:01:17.062-05:00";"username";"2300";"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE";"9948";"explorer.exe";"2";"502";"301";"0x1B8B1784";"";"0x00020000";"0x1BA70000";"0x1B974000";"0x1BA6F1F8";"";"";"";"";"" We also had an exploit detection with adobe reader dc and pdfcreator: 7/11/2018 1:02:51 PM Exploit code executing from stack blocked BLOCK username Adobe Reader C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Attacked application: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe; Parent process name: PDFCreator.exe; Layer: Protection Against OS Security Bypass; API ID: 450; Address: 0x00C6D000; Module: ; AddressType: ; StackTop: 0x00C70000; StackBottom: 0x00C6B000; StackPointer: ; Extra: Total count: 1. Please let me know what else you need.
  7. Sadly it is still happening. To note, we are able to import using excel's legacy wizard. Turn On Excel Legacy Import Wizard.docx
  8. Checking to see if anything has been found out
  9. Here are the detections from Malwarebytes: 1 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0 Quarantined PUP.Optional.Spigot.Generic 2 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css Quarantined PUP.Optional.Spigot.Generic 3 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html Quarantined PUP.Optional.Spigot.Generic 4 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup Quarantined PUP.Optional.Spigot.Generic 5 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js Quarantined PUP.Optional.Spigot.Generic 6 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\popup Quarantined PUP.Optional.Spigot.Generic 7 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\newtab Quarantined PUP.Optional.Spigot.Generic 8 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales Quarantined PUP.Optional.Spigot.Generic 9 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales\en Quarantined PUP.Optional.Spigot.Generic 10 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata Quarantined PUP.Optional.Spigot.Generic 11 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop Quarantined PUP.Optional.Spigot.Generic 12 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\chromeRestore.js Quarantined PUP.Optional.Spigot.Generic 13 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\after.js Quarantined PUP.Optional.Spigot.Generic 14 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\background.js Quarantined PUP.Optional.Spigot.Generic 15 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\contentscript.js Quarantined PUP.Optional.Spigot.Generic 16 computer name usrname IP Address doamin 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\icon.png Quarantined PUP.Optional.Spigot.Generic 17 computer name usrname IP Address doamin 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\manifest.json Quarantined PUP.Optional.Spigot.Generic 18 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css\description.css Quarantined PUP.Optional.Spigot.Generic 19 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css\popup.css Quarantined PUP.Optional.Spigot.Generic 20 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup\description.html Quarantined PUP.Optional.Spigot.Generic 21 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup\popup.html Quarantined PUP.Optional.Spigot.Generic 22 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\userNewTab.js Quarantined PUP.Optional.Spigot.Generic 23 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\popup\popup.js Quarantined PUP.Optional.Spigot.Generic 24 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\newtab\slim_newtabpage.html Quarantined PUP.Optional.Spigot.Generic 25 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales\en\messages.json Quarantined PUP.Optional.Spigot.Generic 26 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata\computed_hashes.json Quarantined PUP.Optional.Spigot.Generic 27 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata\verified_contents.json Quarantined PUP.Optional.Spigot.Generic The only copy of the files are in the quarantine and I do not want to take them out of quarantine until it is sure that they are a false positive.
  10. Checking to see if this is a false positive or not. Quarantine.zip
  11. When a user goes to the data ribbon to import From Text/Excel, the import fails due to a block from malwarebytes. Excel just closes with no error or anything. The Malwarebytes detection does not really give me a good idea of a particular service to add an exception for. Alert Time: 5/23/2018 10:27:07 AMServer Hostname: Server Domain/Workgroup: Server IP: Notification Catalog: ClientDescription:Exploit threat detected, see details below: 5/23/2018 10:26:13 AM Exploit code executing from Heap memory blocked BLOCK Microsoft Office Excel C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE Attacked application: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE; Parent process name: explorer.exe; Layer: Malicious Memory Protection; API ID: 203; Address: 0xC84EED21; Module: ; AddressType: 0x00020000; StackTop: 0xCAA40000; StackBottom: 0xCA946000; StackPointer: 0xCAA3E9A8; Extra: Total count: 1.
  12. I think i might have figured out the new problem, it looks like after changing the IP, we still need to set an exception for our vpn for the new server.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.