Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by grahamperrin

  1. Maybe URLs such as the one for ICQSetup.exe can be whitelisted; there are no detections at https://www.virustotal.com/gui/file/f614127a923c3a62a8609be8633aceaffbddb5c83327a549d45c62ed9dc96085/details
  2. Thanks. A related URL is similarly blocked by the Emsisoft Browser Security extension. Other detections: https://www.virustotal.com/gui/url/8b5c2d2ca86a4f85c7f156eddbc584b92baa2dc0665faba34967ee7fe7bcc90f/detection FYI https://forums.malwarebytes.com/forum/122-false-positives/
  3. Can you provide the address? Please use <> to format the address as code (to prevent the address becoming a link). Thanks
  4. Website blocked: vexillium.org Malwarebytes Browser Guard blocked this website because it may contain malware activity. More specifically (the address below has site content, the address above does not): Website blocked: oshogbo.vexillium.org Malwarebytes Browser Guard blocked this website because it may contain malware activity. Is continued blocking appropriate, or is this a false positive? ---- https://www.reddit.com/r/freebsd/comments/f26zr4/checksumming_in_filesystems_and_why_zfs_is_doing/ discusses a technical blog post at the blocked site.
  5. … also, it's unusual to see download of a local file blocked.
  6. Sorry, ignore that question. (I was thinking of a different issue.)
  7. Before you check the box, has the block page finished loading?
  8. https://filmora.wondershare.com/ https://filmora.wondershare.com/download-filmora9-win.html https://ssl-download.wondershare.com/filmora_full846.exe None is blocked by 2.1.8 with Firefox 72.0.2 (64-bit) on FreeBSD-CURRENT. For the filmora_full846.exe file that you successfully downloaded, what's the SHA256?
  9. Hmm, the linked text (for the blocked download) was not linked when I first pasted the quote. Bloody Invision software.
  10. Via download link #9 at https://redd.it/er2a2e https://d1lu10v4lwogmd.cloudfront.net/Tron+v10.9.2+(2020-01-19).exe Please consider whitelisting. Thank you Side note: https://forums.malwarebytes.com/search/?q=tron&updated_after=any&sortby=newest&search_and_or=or shows some uses of the script.
  11. org.uk See discussion at and below https://forums.malwarebytes.com/topic/256039-possible-false-positive-rightsnetorguk/?do=findComment&comment=1358569
  12. org.uk See the discussion at and below https://forums.malwarebytes.com/topic/256039-possible-false-positive-rightsnetorguk/?do=findComment&comment=1358569
  13. Can you share the address of one of the sites? Use <> to format the address as code. Mac OS X or Windows? At https://firefox-storage-test.glitch.me/ what's the status for each of the four subsystems? (This is probably not directly relevant, but it's generally good to check.)
  14. org.uk See https://forums.malwarebytes.com/topic/256039-possible-false-positive-rightsnetorguk/?do=findComment&comment=1358569
  15. I do get a block on org.uk (and still, on the URL in the opening post).
  16. Re: https://support.malwarebytes.com/docs/DOC-3715 please, what's the new frequency?
  17. The suspicion was probably for the name of the file, which began with a '.' .exe
  18. OK, no rush. IMHO it's of primary importance to benefit from the block (of suspected malware). Knowing the address of what's blocked will satisfy our curiosity. Assuming that the block in your case is of an iframe – and not of the page that contains the iframe – bear this in mind: you might need to scroll from the top of each visited page, to the foot, to discover the in-page blue Malwarebytes icon. If you're unlucky: the iframe area might be somehow obscured or invisible. Hint You can keep Malwarebytes Browser Guard statistics in a separate window, not limited to a pop-up: visit (and expect a block of) https://iptest.malwarebytes.com/ in the address bar, change the app/eventpages/block.html?… part of the address to app/app.html bookmark the tab give the bookmark a suitable name, maybe Malwarebytes Browser Guard popped out move the tab to a new window. Using the interface out of context – not popped up – we can not expect dynamic updates of statistics. You can prepare for a workaround: click Statistics choose today click MALWARE note the number choose this week note the number. After visiting any suspect page you can refresh the view of statistics, to tell whether the MALWARE count has risen. Trigger: switch from this week, to today or vice versa. Something like this: A clunky hint, but it might be useful if working with the extension alone (without a Malwarebytes premium product).
  19. Thanks, It's ongoing – and troublesome, when addition of the extension is not followed by a hint to activate the enabled extension. False sense of security; trouble. Please see the multi-issue screen recording at https://forums.malwarebytes.com/topic/255369-ux-where-only-part-of-a-page-is-visibly-blocked/?do=findComment&comment=1355596
  20. User-accessible logs will be welcome – provided there is zero scope for anyone/anything other than the currently logged in user to scrape (without explicit permission) data that reveals URLs where malware is detected. Consider the possibility of malicious actors using scraped data to identify the fallibilities (behavioural patterns) of an end user. Consider iframes. Please see the multi-issue screen recording at https://forums.malwarebytes.com/topic/255369-ux-where-only-part-of-a-page-is-visibly-blocked/?do=findComment&comment=1355596
  21. Watch this screen recording from around 01:30 on the timeline: 2019-02-09 08:25.mp4 Alongside this, please read: https://forums.malwarebytes.com/topic/255253-unable-to-activate-browser-guard/?do=findComment&comment=1353442 https://forums.malwarebytes.com/topic/255511-what-malware-was-blocked/?do=findComment&comment=1355145 Observations: absence of the hint that entry of an e-mail address is required to activate the enabled extension awareness of the blocked iframe occurs only if the window is wide enough the blocked iframe is classified as malware, but is not blocked when malware protection alone applies (to the page that contains the iframe)
  22. Sorry, I couldn't reproduce the problem and IIRC there was insufficient scrolling to see an error. If it recurs I'll follow up here. Thanks
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.