Jump to content

Mark_Albrosco

Members
  • Content Count

    13
  • Joined

  • Last visited

About Mark_Albrosco

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Mark_Albrosco

    Machine Learning\Anomolous - ADO_NET_SAMPLE.EXE

    Hi Miekie - sorry I took so long. Zipped copy of the file is attached. Please let me know when it's been added to the clean file database. Mark.ADO_NET_SAMPLE.zip
  2. Mark_Albrosco

    Machine Learning\Anomolous - ADO_NET_SAMPLE.EXE

    Hi Miekiemoes, Unfortunately, I can't locate the file as it was quarantined by Malwarebytes. Any suggestions?
  3. Mark_Albrosco

    Machine Learning\Anomolous - ADO_NET_SAMPLE.EXE

    In the meantime, on the management console for Malwarebytes, I've added two exclusions: a "Registry Key" exclusion and a "Folder by Path" exclusion. I just cut and paste the Path values given in the quarantine/scan report. Can I get confirmation that this is sufficient, while the machine learning facility is updated?
  4. We're installing SQL Anywhere 16 and Malwarebytes Endpoint Protection quarantined one of the associated .exe files. See below: Hello Mark Cockburn, Based on your preferences, you are being notified that a new event has occurred on your account: Endpoint Name: hrplusserver.AHLTT.COM Domain/Workgroup: AHLTT.COM IP: 192.168.4.7 Scan Date and Time: 11/08/2018 - 12:00:00 PM Scan Type: CustomScan Detections Cleaned: 2 Severity: warning Group: Default Group Policy: Default Policy Displaying 2 of 2 detections below - additional details can be viewed via the Scan Report. Name Type Category Status Path MachineLearning/Anomalous.100% Reg, Value Malware Quarantined HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\SQL ANYWHERE 16\CE\ASSEMBLY\V2\ADO_NET_SAMPLE.EXE MachineLearning/Anomalous.100% File Malware Quarantined C:\PROGRAM FILES\SQL ANYWHERE 16\CE\ASSEMBLY\V2\ADO_NET_SAMPLE.EXE The file is not a threat. It's part of the SQL Anywhere 16 application. Please update the machine learning facility to exclude this file. I would like to restore this file out of quarantine to ensure that the SQL Anywhere application is not affected and works properly. How can we have this done?
  5. Mark_Albrosco

    Machine Learning\Anomolous - CACHE entry

    Thanks miekimoes - you've been very helpful. Glad to report nothing else was detected, and user has been advised to clear cache. Mark.
  6. C:\USERS\DHENRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\029ZB3KK.DEFAULT\CACHE2\ENTRIES\D4010F84F1C96EB96CF6142843D398C2CBEFDB20 I received a MachineLearning/Anomalous.100% Malware alert for the file above. Malwarebytes Labs was very helpful with identifying for me that this is a result of efforts to protect users from zero-day threats by detecting files that do not appear to be legitimate. However, I need to know how to determine if I have a real threat on my hands, or not. The file listed above does not give me any clue as to its origin or association with a legitimate program. And I use these detections to alert the user community, and to keep them vigilant. Note: I've scheduled remediation of this file, which I expect to quarantine the file.
  7. Wow - that was quick. Thanks Dashke!
  8. Morning - Malwarebytes Cloud Endpoint Protection blocked website </track.positiverefreshment.org/>. Is this a valid block? Thanks, Mark
  9. Detection and Quarantined reports (daily, weekly, on demand) show a time stamp that's 4 hours ahead of my time zone. However, the correct time is displayed for the same detection notices when viewed on the dashboard of Malwarebytes Management Portal (cloud.malwarebytes.com). Can this be corrected? I use the reports when communicating to senior management and to address security violations with end users. At times this has caused much "head scratching" as the time stamp on the report reports violations when the computer is powered off and the user has left the building. Mismatch-timestamp-MWB.docx
  10. Mark_Albrosco

    Valid malicious site? <free.fromdoctopdf.com>

    Excellent - thanks
  11. Good afternoon - is the following site malicious or safe? <free.fromdoctopdf.com> IP address = 74.113.235.138 Thanks - Mark
  12. Good day - would like to know if the following site is actually a malicious site or is it safe: <ns-404.awsdns-50.com> IP address = 205.251.193.148 Thanks, Mark
  13. Malwarebytes Cloud Endpoint protection has blocked the following sites as "malicious". The sites are being accessed by the dns.exe application from the primary domain controller. <ns1.ukfast.net> IP address = 185.181.199.215 <ns-404.awsdns-50.com> IP address = 205.251.193.148 I would like to know if these are truly malicious sites or are they benign.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.