Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by JAWS98

  1. Hi Kevin,

    I think I see the cuase of the problem, the 8 computers that are showing in the Ungrouped Clients area all had different names to start with and were then moved to a different location and subsequently had their computer name changed, but Malwarebytes didn't update the existing record, instead creating a new record (so each computer has two records, old and new name).

    For Instance:

    Original Computer Name: DT-DS2-07A

    Renamed To: DT-DS2-07

    Malwarebytes shows both devices, but the original computer name shows as unregistered in the correct AD Folder, where the replacement name shows only in ungrouped clients.

    The IP Address show in the console matches that of the computer in DHCP, aling with the MAC Address.

    A couple of the computers have only just been renamed\re-imaged, the rest have probably been there for a couple of months now.



  2. Hi,

    I have a strange problem where Malwarebytes Management Console is syncing with active directory, however some clients are not appearing in their active driectory folder on the management console, they appear only in the "ungrouped clients" folder at the top of the list and if you click move you are unable to move them back to their correct folder.

    I have run the sync now button, confirmed that the username and password is correct.  If we move a computer on active directory or rename it, the change is reflected in the management console.

    Please see the two screenshots regarding this problem.

    Any ideas?



    Clients 01.JPG

    Select Group 01.jpg

  3. Hi,

    After upgrading JAVA on our Library server (due to upgrade of Library Software), every day or so we are getting the below error message reported by Malwarebytes, is this a false positive or something to be worried about?

    I have run a full scan on the server and nothing is found as suspicious.

    It started with just one process found, the last report reported 12 instances of the same process as exploit.  Is this because the Library Software is using JAVA and Malwarebytes believes it is under attack?


    Exploit threat detected, see details below:

    31/05/2018 16:57:51   Exploit payload process blocked BLOCK   C:\Windows\SYSTEM32\cmd.exe \c dir C:\   SYSTEM Java   C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe        Attacked application: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe; Parent process name: java.exe; Layer: Application Behavior Protection; API ID: 207; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra:

    Further to this, if I go on to the server and run the Library Software (Access-It), which requires JAVA to run, Malwarebytes does not detect any issues, the server was fine before I upgraded, just wondering if it is becase the JAVA version installed was through the installer and not through JAVA itself.


  4. Hi,

    I have the same reports being generated by Malwarebytes on several computers across our campus, is this a false positive or is it something to be suspicious about?

    28/05/2018 17:54:36       Exploit code executing from stack blocked      BLOCK       Adobe Reader   C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe                Attacked application: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe; Parent process name: iexplore.exe; Layer: Protection Against OS Security Bypass; API ID: 450; Address: 0x005ED010; Module: ; AddressType: ; StackTop: 0x005F0000; StackBottom: 0x005EC000; StackPointer: ; Extra:



  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.