Jump to content

KDawg

Honorary Members
 View Profile  See their activity

  • Posts

    219

  • Joined

  • Last visited

 Content Type 

Posts posted by KDawg

    ERROR EDRPlugin Error occured while reporting a MEDRNetCallback message

    in Malwarebytes Nebula

    Posted

    Hello Thanks for brining this error to our attention.

    This log entry is a new addition to the EDRplugin which prevents the plugin from failing to initialize if there are proxy communication issues.

    We have been made aware of the higher than expected number of event viewer logs, and working with our engineering team to get these back down.

    We appreciate your patience as we work to resolve.

    Many Thanks

    • Like 1

    Is this file from the Malwarebytes Deployment Tool?

    in File Detections

    Posted

    Hello Hugo,

    Thank you for the post and brining this to our attention.

    This is the legitimate Malwarebytes Remote deployment tool.

    We had detected this as a false positive, and should no longer detect on our latest updated Database version.

    Let us know if any blocks persist one those endpoint have been updated moving forward?

    Many Thanks,

    • Thanks 1

    Feature Request: Ability to see if Endpoint is currently running scans

    in Malwarebytes Business Products Comments and Suggestions

    Posted · Edited by KDawg

    Hello Scoutt thank you for the feedback on this.

    I totally agree with how this could be very useful in our cloud console.

    To best route this to the right people, our Development and Product leadership, I reccomend we use the Send Feedback option in your cloud console.

    This is in the bottom left of the Navigation Bar and we should be able to submit this and any other items you wish to see in the cloud console.

    Malwarebytes takes those "Send Feedback" requests very seriously. As well I will follow-up on my side with this one as well.

    Let us know if there are any issues or troubles related to this, we can try to work around or solve?

    Many Thanks,

    • Like 1

    Chrome detected as a trojan

    in Malwarebytes Anti-Malware for Business

    Posted

    Please update from your Management Console the Database for affected systems.

    We confirmed this was a False Positive and have removed from detection moving forward. Apologies for any inconvenience.

    The issue should no longer occur on or past Database version:
    v2020.08.14.07

    Please let us know if you are on this latest database or newer and still continue to receive detection's?

    suspected infection

    in Malwarebytes Management Console

    Posted

    Please update from your Management Console the Database for affected systems.

    We confirmed this was a False Positive and have removed from detection moving forward. Apologies for any inconvenience.

    The issue should no longer occur on or past Database version:
    v2020.08.14.07

    Please let us know if you are on this latest database or newer and still continue to receive detection's?

    Issues for CalusaWillp

    in Malwarebytes Management Console

    Posted

    Please update from your Management Console the Database for affected systems.

    We confirmed this was a False Positive and have removed from detection moving forward. Apologies for any inconvenience.

    The issue should no longer occur on or past Database version:
    v2020.08.14.07

    Please let us know if you are on this latest database or newer and still continue to receive detection's?

    Help for CNA

    in Malwarebytes Management Console

    Posted

    Please update from your Management Console the Database for affected systems.

    We confirmed this was a False Positive and have removed from detection moving forward. Apologies for any inconvenience.

    The issue should no longer occur on or past Database version:
    v2020.08.14.07

    Please let us know if you are on this latest database or newer and still continue to receive detection's?

    GoogleUpdateSetup.exe Fasle Positive?

    in Malwarebytes Anti-Malware for Business

    Posted

    Please update from your Management Console the Database for affected systems.

    We confirmed this was a False Positive and have removed from detection moving forward. Apologies for any inconvenience.

    The issue should no longer occur on or past Database version:
    v2020.08.14.07

    Please let us know if you are on this latest database or newer and still continue to receive detection's?

    Azure VM - Several Blocked Sites Daily (Ports 80, 443, 3389)

    in Malwarebytes Nebula

    Posted

    Hello Paul Thanks for reaching out to Malwarebytes

    Regarding these blocks, this appears the product to be doing its job as expected and stopping known malicious IP's from your server.

    The IP addresses you see listed are known to be used for attacks, and is why they were added to our blacklist.

    These blocks mean the server is available to the open internet on those ports, this requires the ports to be Port Forwarded through Network Address Translation. These are configurations in the firewall or router that allow this access in from the internet. Malicious actors use Port scanners to search the internet and look for these open ports to try and exploit, or brute force guess an administrator password.

    The blocks are likely port scan or login attempts on 3389 to try and remote into your network via RDP. Most of these actors are associated with Ransomware, once they are able to successfully guess (automated to guess many times per second) the RDP admin password, they log in manually disable all security and drop Ransomware. These blocks are a canary in the coal mine, that actions need to be taken on network configuration to prevent a Ransomware attack.

    We have our guide on locking down RDP further here, but I recommend disabling and closing the NAT translation, and finding an alternative remote access tool that doesn't require open NAT ports:
    https://blog.malwarebytes.com/security-world/business-security-world/2018/08/protect-rdp-access-ransomware-attacks/

    Protecting an internet facing website, requires much more than AV on the server hosting it, for ports 80 and 443 its even more complicated. That gets past my personal expertise with Azure websites, but if you have trouble locking it down and preventing those blocks, I can recommend using managed webserver hosting instead of configuring custom servers.

    Let us know if you have questions on this moving forward, or with the RDP lock-down guide provided, with those steps we should be able to stop the RDP brute force activity?

    We can open a business support ticket if necessary to continue working together or there is any trouble.

    Many Thanks,

    Got infected by GlobeImposter 2.0 ransomware - velasquez.joeli@aol.com

    in Malwarebytes Nebula

    Posted

    Nid15,

    Welcome to our business forums. Troubling that it us under these circumstances.

    We would like to investigate this further, and work to identify any possible miss.

    If you are able to please open a case, with email associated with your Malwarebytes Business account. You can open this here:

    https://support.malwarebytes.com/community/contactsupport/pages/business-support

    We are well aware of the Golbeimposter threat and would like to understand more on how this situation may have occurred.

    https://blog.malwarebytes.com/detections/ransom-globeimposter/

    If you have any questions feel free to respond here, or PM me privately.

    We are here to help!

    Many Thanks

    Need Info on Blocked Website bellsystem.usite.pro

    in Malwarebytes Nebula

    Posted

    Hello, and welcome to our Business Forums!

     

    Sorry to hear about this inconvenience, we submitted the website in question to our Web team for further review.

    After review, we no longer believe that website to be a threat, as such we have removed it from definitions.

     

    Those should propagate out within a few hours, and this should no longer get blocked on your side.

    Please let us know if there are any questions or if this block persists past a few hours.

    Many Thanks

    Ransomware

    in Malwarebytes Nebula

    Posted · Edited by KDawg

    Thank you for reaching out to us about your ransomware issue. We understand how frustrating it is to deal with an infection.

    Malwarebytes does not offer any decryption tools or ransomware removal services. To clean your computers, you should restore from a backup or reinstall your operating system from scratch.

    Here are some third-party website resources to assist you.



    What version of Malwarebytes was the client using when this occurred?

    We usually are able to stop most Ransom activity with our Anti-Ransomware module as well as other layers that help prevent it ever getting to this point.

    Are the file on the server actually encrypted?

    Just based on the image of the note looks similar to CryptoLocker, any idea what date this occurred on the system?

     

     

    Email Attachment "Samrat June order_PDF.ace"

    in Malwarebytes Nebula

    Posted · Edited by KDawg

    Hey eemizerp thanks for the Sample!

    We have reviewed and this should be already detected as you mention is even listed that we detect in VirusTotal.

    There are a few reasons that this could occur (out of date definitions, product not running/communicating), please ensure that the Endpoint Agent and Malwarebytes version 3.x are installed. As well an uninstall and reinstall can be a helpful troubleshooting step.

    If you are using our Endpoint Protection business suite my recommendation is to post in the forum above mentioned by Emphyrio

    Opening a case will get an agent assigned to help ensure this gets resolved:
    https://support.malwarebytes.com/community/contactsupport

    We are here to help!

    Many Thanks

    still issues with ace.dll

    in File Detections

    Posted · Edited by KDawg

    We are able to confirm that should now be resolved on the latest database.

    As well is should appear in the bottom Client Info tab when selecting that particular machine in the Clients list in you MB Console

    It should be past the date coded DB Mieke posted above (v2019.06.15.02)

    Please attempt a Reboot as well mentioned by Atribune

     

    Let us know if issues persist after the reboot we would request the following logs we should be able to confirm that you are on the latest:
    https://support.malwarebytes.com/docs/DOC-1072

    Bug: MBAE and Outlook 2019

    in Malwarebytes Anti-Exploit for Business

    Posted · Edited by KDawg

    Hi REGIT,

    That may be a notification as we inject our shield into Internet Explorer.

    I'm not certain with Outlook 2019 but many other windows programs will employ pieces of Internet Explorer that may run in the background.

    Do we also have any kind of outlook plugin in IE as well?

    It may be normal functionality if we are not experiencing any blocks or other symptoms of issues?

     

    Many Thanks,

    Having freezes with IE and Adobe in Win 10

    in Malwarebytes Management Console

    Posted

    Hi Toatzu,

    Sorry to hear that you are experiencing these issues in your environment.

    Do you have any other security software in addition to Malwarebytes on these machines experiencing the issues? We may need exclusions if so.

    As well I would recommend temporarily disabling the Anti-Exploit module on the affected machines so we can narrow down if this module may be causing the issue.

    I am not aware of any larger ongoing issue with those programs on windows 10.

     

    Many Thanks

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.