Jump to content

malfor

Members
  • Content count

    2
  • Joined

  • Last visited

About malfor

  • Rank
    New Member
  1. Hi jong Thanks for the reply. I have a new query regarding Malwarebytes Anti-Ransomware and it concerns farflt.sys. Again when it starts up the program (logged in as restricted user) says that real Time protection is disabled ( and nothing works when clicking the Fix It Now button or the Start Protection link). This behaviour is random and only a reboot will get it working again. By chance using Systernals Autoruns for some other enquiry, it reports that: farflt File not found: C:\Windows\System32\Drivers\farflt.sys which is probably another reason why the program reports protection as disabled. Can you please check and advise as to what could be causing the deletion of farflt.sys from the system drivers folder? Does it get deleted by the program on shut down and not reinstated on startup? Is there a rogue program at work here which deletes it? Will saving a copy of it when the program is working and copying back into the drivers folder when not working and not there enable protection again immediately? Or does only a system restart work? Thanks for you help and assistance.
  2. Hello I am on Win 7 and just downloaded and upgraded to version mbarw-setup-consumer-0.9.18.807, I have also installed the latest version of Anti-Exploit. My first question is will the two co-exist with each other without any problems? My concern with AntiRansomware is that the Malwarebytes Anti-Ransomware Service relies on the Windows Management Instrumentation Service. It has happened to me several times that the program has failed to activate and clicking on the Fix button does nothing to get it going again. It was not until I realised just recently that mbarw is dependent upon WMI that a possible cause for this was revealed - which is that if the WMI service is not started its dependencies will also fail. This has happened to me several times until I sorted out the problem with the WMI service. But it also raises a serious security issue - what if a malicious program /script/hacker was able to gain access to the registry and deliberately turn off'/ lock the WMI service (winmgmt) from running? That would render mbarw totally useless and ineffective, as it does with the WSCSVC (Windows Security Center) service, would it not? So the question is what sort of protection or measures are in place to prevent this from happening? What measures can I take to protect myself from this potential unwelcome threat? I look forward to your opinion and advice and thank you in advance for them.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.