Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

Everything posted by alvarnell

  1. Part of your question has been asked and answered before, here. I'll tell you what I can and let the staff give you a more specific information about the purpose of each connection. The RTProtectionDaemon is rather poorly named in that it is responsible for the Protection Updates and much more. I suppose it would be possible to reverse engineer it in order to modify it for malicious purposes, so you may not get much in the way of technical information about it's use, but I think it's fair to understand what it's communication needs are. You can find very detailed information about what data is collected, stored and why in the company's privacy policy, but it does apply to all of their software, not just MBAM.
  2. alvarnell


    That has certainly been true of the iOS environment, but movement to that end in macOS has been glacially slow. I see nothing in the area of security to support that statement.
  3. So the fact that all apps Internet connection apps are affected tells us we've been looking in the wrong place for the problem (browsers). Since your guest account is working we know the problem is limited to your user environment. And since Safe Mode operation is OK, it means that something which normally loads when you log into your account is causing this, it helps narrow things down a bit, but still leaves that root cause to be somewhat of a mystery. I know you said you have already removed 4 or 5 proxies already. Can you check again to see if they are all deleted and all the protocols to configure are unchecked?
  4. I don't think I got a clear answer to my earlier question. Do all your other apps still have Internet access (e.g. Mail, Mac App Store)? What happens when you log into a different account (if you are only user create an additional for testing purpose)? What happens when you log in with Safe Mode enabled (hold Shift-key down at reboot)? Since you are able to post here (on some other device?), I’m guessing it's not a router problem?
  5. alvarnell


    https://techguylabs.com/episodes/1556#main (Last question of hour 2). Not yet available on iTunes, as of this posting. The attack vector discussions (mostly theoretical) have been ongoing for a couple of years now, but at least on the Mac side have recently been renewed by several macOS security bloggers. The problem with macOS is that we rely on Gatekeeper to prevent such things, but Gatekeeper only thoroughly checks apps on first launch. It's also possible to avoid Gatekeeper entirely, but that's a somewhat different issue. So if an attacker is somehow able to make changes to that app without breaking it after the first launch, it could be modified to act as malware. I don't follow things on the Windows side, but I'm not aware of any example threats on the Mac side. There have been a couple of examples of legitimate app sites that were hacked and a malicious version of the app with a different legitimate Apple DeveloperID signature being posted. The DeveloperID was quickly revoked and the original app developer removed the malicious app, but a few users were infected. There was also malware that masqueraded as "Symantec Malware Detector", but these aren't actually representative of the problem mentioned. The obvious fix is for Apple to make Gatekeeper more robust in it's ability to detect such modifications after the fact. But that will slow down each and every launch to varying extents, so that's probably why it hasn't been done yet. The best near term answer is for more developers to run their own checks at launch to ensure the integrity of their app has not been compromised. A few developers have been doing that for a very long time, but it's not yet common practice. Here's a more technical discussion of the issue that was recently posted by Howard Oakley: App signatures are always checked on launch, but serious errors may be ignored.
  6. alvarnell

    MAC Phishing Protection?

    Malwarebytes has a policy of not making public comments with regard to such things. Here's another related posting (last paragraph) that you might be interested in:
  7. Thanks for the details. Run through all the suggestions in the pinned article at the top of this forum. Many users have had success by running though each of the suggested steps.
  8. As @tacoma explained, you need to open the Terminal application, found in /Applications/Utilities/ then copy and paste each of the 6 commands listed and hit return, one line at a time to make changes to the chrome policies. I suppose you might be able to change them using the Chrome interface you have shown, but that's not what is being recommended here.
  9. First off, you really need to be running 10.11.6 with Security Update 2018-004 El Capitan which fixes hundreds of bugs and dozens of security issues with what you are still using. Honestly, there isn't any real way to troubleshoot a system that is so far out of date. The current version of Malwarebytes assumes that you are running an up to date OS. Secondly, I need to know exactly what those fixes you attempted were so I don't repeat them here. Lastly, where are you seeing the "no internet" message? Malwarebytes, your browser, your e-mail, all of the above?
  10. Contact sales for that: https://support.malwarebytes.com/community/consumer/pages/contact-us.
  11. Premium subscriptions for iOS devices are only available from the App Store due to Apple rules on such things. Premium subscriptions purchased directly from Malwarebytes are only valid on Mac, Windows, Android and ChromeOS devices. FAQ concerning this explain all this: https://www.malwarebytes.com/pricing/?rec=premium#faqs.
  12. alvarnell

    MB free on iPad Pro

    The web site appears to be very clear on this: https://www.malwarebytes.com/ios/. Ad blocking is free forever. Web protection is free for 30 days. iPhone capabilities are similar to that found on your Galaxy. You can't really compare tablet version to a cell phone version.
  13. alvarnell

    Malwarebytes Beta for iOS

  14. I haven't seen any other users report that here. Let us know if disabling RT Protection solves it or not. You may have to open a support Ticket and submit additional information to the staff if it continues to be an issue.
  15. Avast has been known to detect other anti-malware databases as infected. I don't know whether that's true of it vs. Malwarebytes currently or not.
  16. You should not run two anti-malware applications on her Mac, although there is usually no problem with both being installed as long as you don't run them simultaneously or allow both to be running a background process as they will likely interfere with each other when a new file shows up. Malwarebytes is not a typical scanner, in that it only looks in places where malware is actually known to be stored, rather than checking each and every file on the drive. That's why it can complete it job in a very short time. Every user will experience a different amount of time, depending on hardware configuration and drive type and size, but five seconds is relative short. My 2005 iMac with 1TB spinning hard drive takes several minutes.
  17. There is no such thing as individual privacy in the day and age of the Internet. I don't know anybody who hasn't had some amount of sensitive information compromised by a third party. That's where the danger lies, not with the majority of browser extensions. None of that bothers me one bit. Time saved by not loading tracking cookies probably more than makes up for any slow-down caused by the extension itself and I've tested that theory by timing the loading of a web site with and without Ghostery enabled (after emptying cache, of course). It cannot do it's job without access to all web pages. But only you can make those kinds of decisions for yourself.
  18. Not sure, I installed it many many years ago and it's been self-updating ever since, but I would guess you go to https://www.ghostery.com and click on Install Ghostery.
  19. Not to my knowledge. Just go here to fill out the form https://support.malwarebytes.com/community/consumer/pages/contact-us
  20. I suspect staff will need to have you open a support ticket and submit some diagnostic information directly. The only advice I can give you t the moment is to NEVER follow a supposed Adobe Flash Player update popup ever again! 99.9% of them are fake today. If you already have Flash Player installed, open SystemPrefs->Flash and check for an update. Otherwise navigate to Adobe's Flash Player in your favorite browser and download it there.
  21. Not sure about ghostery lite as I've never had to use it. Currently using Ghostery v5.5.0 with Safari 12.0.x.
  22. DNS Cache is used to speed up your browsing experience by saving URL translation information locally, so you don't have to keep asking for it on a remote DNS server. It does contain a list of sites you recently visited, but unless you have some sort of malware on your computer that can harvest that information and send it somewhere, it can't possibly be used to track. And I seriously doubt that any malware developer would find that information useful compared to other information on your Mac. You might find a better defense against tracking cookies is the Ghostery extention.
  23. See my reply to your other posting on this subject.
  24. It's not just an MBAM issue, there are quite a few apps that suffer from this problem, most involve a name change at some point so this could simply be related to when Malwarebytes Anti-Malware changed to Malwarebytes. I'm pretty sure there have been discussions and I think I even passed on a recommendation from LS on one approach to working around the issue. If you aren't willing to just hit "Ignore Code Signature", try going into LS Rules and delete everything you see involving Malwarebytes... and RTProtectionDaemon. Make sure LS is in "Alert Mode", reboot your computer, launch Malwarebytes and approve all the connection requests.

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.