Jump to content

Mark_Albrosco

Members
 View Profile  See their activity

  • Content Count

    64

  • Joined

  • Last visited

Posts posted by Mark_Albrosco

  1. Posted

    Hi - we're using the Cloud Endpoint protection.

    The following is taken from the two endpoints that received the blocked website notice; are they at the most current versions/database?

    The EPP update differed for the two units.

    If not can one manually run an update of the DB for the Cloud EP?

    Engine Version: 1.2.0.793
    Last Refreshed: 07/21/2020 8:49:25 AM
    Asset Manager: 1.2.0.330
    Endpoint Protection: 1.2.0.831
    Endpoint Protection Protection Update: 1.0.17190 / 1.0.17170
    Component Package Version: 1.0.651

     

  4. Posted

    Received blocked website notices for </pl15364254.passtechusa.com/> and </www.hiprofitnetworks.com/>
    VirusTotal scan returned one hit for "Spam" from Spamhaus engine for ESET the first site above (passtechusa); and "Clean / No engines detected this URL" for the second one (hiprofitnetworks).
    Would like to know if these are valid blocks or not.

    The EP protection report is attached.

     

    MWB-report-20200511.JPG

  7. Posted

    Thanks Zynthesist,

    I'm assuming that the DB version is equal to the Endpoint Protection Update.

    I checked two other endpoints that experienced the same "blocked site" notices on the previous day. Their Endpoint Protection Update is now at 1.0.14775, and no further "blocked site" notices were received.

    I'm waiting on the scheduled tasks to "Check for Protection Updates" and "Refresh Assets" to be executed.

     

  8. Posted

    Hi - Thanks for the notice. I checked one of the endpoints against my own unit.

    What Protection Update version contains the fix?

    My unit carries Endpoint Protection Update 1.0.14769, while the endpoint that experienced the "blocked site" notice is at 1.0.14753.

    I've scheduled a Task to check for protection updates in the meantime.

  9. Posted

    We have Malwarebytes Cloud Endpoint deployed at our site.

    A number of endpoints were reported as having "blocked websites" for </login.live.com/> and carried a few different IP addresses:

    40.90.23.154
     
    40.90.137.124
    40.90.137.120
    40.90.137.126

     

    I checked the URL on VirusTotal and the results came back as "clean".

  10. Posted

    Good day - would like to know if the following site is actually a malicious site or is it safe:

    <googlecm.hit.gemius.pl> IP address = 79.137.69.91

    Reported as a blocked website by MWB Cloud Protection.

    It was not detected by any engines in a Virus Total scan of the URL.

    Found forum entries that suggest a link to Coinhive bit coin miner.

    Looking forward to your guidance.

    Thanks,

    Mark

  13. Posted

    MAM - re: your question on reason for using it.

    I have a HIK Vision NVR, and want to view it remotely from my PC using the iVMS 4500 application.

    But the application is meant for mobile device OS platforms. When I searched for the iVMS 4500 download for Windows 10, it was suggested that I install bluestacks and this would allow the iVMS 4500 application to run in the emulator on the PC.

     

  18. Posted

    Below is an image of the only area that contains any links in the email - hovering over the URLs shows a link that matches the hypertext (so it's not a redirect to a bad site). The section above the contact info, is an image - hovering over it does not show any link.

    Would you be willing to look directly at the attachment in one of my earlier posts? Maybe I'm missing something?

    image.png.7d14d35213b294c02435d3ec1ea30eb9.png

  19. Posted

    Thanks Zynthesist - the host (onlykem) is a supplier; users get email from them on occasion.

    As soon as the email is opened, the user receives "blocked site" notifications.

    They haven't clicked any links in the email, so I'm having trouble understanding what about the email is causing the attempts to launch the site.

    I'm suspecting maybe the images in the signature line, or something of that nature, might be the culprit? But I was hoping Malwarebytes Labs could confirm

    Maybe I should inform the supplier of the experience?

  20. Posted

    @KDawg @Karland - so I got a fresh detection today of the same PUP. 

    I checked my detection history and it's the same registry entry each time. I deleted it from quarantine again.

    After reading the article suggested by KDawg, I could not narrow it down to a specific browser; so I followed the steps suggested for a possible "root kit" infection.

    The policy for the endpoints has "Scan Rootkits" disabled; I enabled it and ran a scan of the specific device - results came back with 0 threats detected.

    How do I kick this up to "Support"? :)

  23. Posted

    Hi Miekie - below is the status of our endpoints re: Malwarebytes Version and Protection Update Version.

    Is it safe to assume that the Protection Update Version is more important than the Malwarebytes engine version?

    There were 15 "false-positive" detections regarding VSTAPROJECT.DLL.

    9 of these were in Quarantine and restored.

    5 were under "Remediation Required" - I opted to remediate: will it place the file in Quarantine and allow us to restore? What can I expect to happen here?

    1 was under "Detections" - submitted a fresh scan+quarantine...or is no action required here, i.e. the file just won't be detected as malware by the newer "protection versions"

    Malwarebytes version 3.4.5.2470
    1.0.8267
    Malwarebytes version 3.5.1.2600
    1.0.8217
    1.0.8261
    1.0.8265
    Malwarebytes version 3.6.1.2716
    1.0.8145
    1.0.8195
    1.0.8201
    1.0.8215
    1.0.8229
    1.0.8251
    1.0.8253
    1.0.8261
    1.0.8263
    1.0.8265
    1.0.8267
    1.0.8269
    1.0.8271
    1.0.8277
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept