
TonyCummins
Members-
Content Count
110 -
Joined
-
Last visited
Community Reputation
0 NeutralAbout TonyCummins
-
Rank
Advanced Member
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Thanks for the heads up. I have gone and turned off the rootkit in the scan options. Appreciate it Tony -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Thanks KDawg...appreciate it -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Pm Sent Thanks -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Hi Blender, How do i acquire a log file of the detection. Using Nebula cloud console. The 2 tablets in question are in deputy vehicles so i dont have physical access to hardware right now tony -
TonyCummins started following Disappointed with Endpoint Protection., False Positive - Intel Pro Network connections, AdobeXMP.dll and 2 others
-
Seeing multiple endpoints flag following files with detection name of Malware.AI.1204675391 C:\WINDOWS\SYSTEM32\PROUNSTL.EXE HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PROSET Is this a known issue? We are using Cloud Malwarebytes Tony
-
@Atribune Here is the file attached. Located in following location: C:\Program Files (x86)\fiScanner\PaperStream Capture\PSCPDFLib\AdobeXMP.dll Thanks AdobeXMP.zip
-
Got hit with this this morning...i thought it was fixed? Users complain they cant "scan" this AM C:\Program Files (x86)\fiScanner\PaperStream Capture\PSCPDFLib\AdobeXMP.dll
-
If you haven't already, create a support ticket and gather logs. You could also search the forums for "High CPU". We've had issues on and off but the answers seem to be a little different for many.
-
Email with link to blocked site
TonyCummins replied to Mark_Albrosco's topic in Malwarebytes Endpoint Protection
I'd wait until someone more knowledgeable chimes in But to me it looks like the original sender wanted to know if / when the email was opened / read, kinda like the read receipt you can turn on in outlook. Instead they used a blank image to track that info, unfortunately for you the image is on a domain that malware bytes does not like. Maybe @Zynthesist can confirm for you as id hate to give you false information -
Email with link to blocked site
TonyCummins replied to Mark_Albrosco's topic in Malwarebytes Endpoint Protection
Hi Mark, I'm no expert but i think whats happening with that email is that there are "tracking" url's embedded in the email associated with that gnway domain. As soon as the email is opened it tries to pull the blank image to show it was opened. As soon as the mail is opened malwarebytes picks up the gnway parent domain and alerts you. <img alt="" src="http://onlykem.gnway.cc:6060/mailTrack?trackCode=QHQ913p6-201809246115858102" style="display:none"></div> <img alt="" src="http://onlykem.gnway.cc:6060/mailTrack?trackCode=ng9115S4-201809253135548505" style="display -
Disappointed with Endpoint Protection.
TonyCummins replied to fittan's topic in Malwarebytes Endpoint Protection
@AndrewPP...Thanks for posting the excel add-in !! I was not aware of that. -
Flagging "launch_leds.exe" as ransomware
TonyCummins replied to TonyCummins's topic in Malwarebytes Endpoint Protection
Thanks for your continued help...hopefully this will clear it up. -
Experiencing High Resource Usage
TonyCummins replied to Kernel009's topic in Malwarebytes Endpoint Protection
I got tired waiting on this to be pushed out (in the hopes it fixed the memory leak) i went and created a policy with no protection turned on. Moved the endpoints into that policy...ran a check for updates...it removed the old version...then i moved the endpoints back into the policy with protection enabled and it grabbed the 3.6.1.2716 version -
Flagging "launch_leds.exe" as ransomware
TonyCummins replied to TonyCummins's topic in Malwarebytes Endpoint Protection
No I was not aware of that! I was instructed to use wildcards by tech support in a ticket i created back in May. You think they would have known..... So remove the wildcard exclusion and exclude by file path? C:\Program Files (x86)\Zuercher Suite\production\launcher\launch_leds.exe) Also, the deputy is off shift that was having the exclusions ignored....probably because they where excluded by wildcards? So still haven't been able to grab those log files. -
Flagging "launch_leds.exe" as ransomware
TonyCummins replied to TonyCummins's topic in Malwarebytes Endpoint Protection
I will try get logs from the offending machine when he comes back on shift. The exclusion was not re activated...as u can see its been in place (manual one) since May 1st when support showed me how to correctly add it to the entire Zuercher folder.