Steve1982

Hi @jboursier, do you have any updates on this issue? It's still not downloading the cloud definitions and the local definitions are pretty old.

Hi, I'm pretty sure this is a false positive. Can you guys verify for me please? Here's the relevant info from the logs: -Software Information- Version: 4.5.0.152 Components Version: 1.0.1538 Update Package Version: 1.0.49112 License: Premium -Website Data- Category: RiskWare Domain: devrylaw.ca IP Address: 104.37.189.110 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe It comes back clean on VirusTotal. Thank you!

I have the same issue. After a restart MBAM reports "Careful, you're not fully protected" (clicking "View details" then reports that Windows firewall is off although it's definitely on). If I simply just wait a few minutes without doing anything the message automatically changes to "Great job! You're fully protected" (without opening Windows Firewall).

@H4V0C Forgot to add that I'm actually not on a beta, I'm running the latest non-beta version (4.4.9.142 / 1.0.1486)

Hi @H4V0C thanks for looking in this! Unfortunately that didn't help in my case. I stopped Malwarebytes via the "Quit Malwarebytes" option of the icon in the task bar, and re-launched the program via the Start menu. I'm still not seeing the General Settings section though.

FYI the Ad Blocker dictionary finally updated (20211020) but the Call and Web Protection dictionaries are still more than 3 months old.

Hi, The new Security Advisor feature on one of my MBAM installs doesn't show the "General Settings" section at the bottom (see attached screenshot from the installation that does show it). Both Windows Firewall and Brute Force Protection is definitely turned on though, and Security Advisor reports "Your device is safe and secure" at the top with a green shield. Anyone else have the same issue?

Hello! When was the last time the dictionaries were updated? Here's the latest version numbers from the app: Call Protection: 1.0.202107251904 Web Protection: 1.0.202107240204 Ad Blocker: 1.0.202108041306 Call and web protection is about 3 months old, while ad block is about 2.5 months old. I have the latest version of the app (v 1.7.0) installed and tried manually updating over both mobile and Wi-Fi. Thanks!

FYI this issue is ongoing and happens very frequently. For me it's only about 1 in 5 times that the latest database is downloaded when doing a scan. This wouldn't be such a pain if AdwCleaner at least kept the latest version of the database after it's downloaded for next time you run a scan.

Hello! I noticed that one of my MBAM installs never showed me the 30-day summary report even though the UI showed it as ON and Always Show. I had a look at the MbamClientConfig.json file and saw the following settings: "AlwaysShowMonthlyReport": null, "ShowMonthlyReport": null The working install did not have those settings at all so on the install that wasn't working I toggled "Always Show" to "Only show..." and back, and from ON to OFF and back. Now both settings have a value of true instead of null in the config file. TL;DR: I think there's a discrepancy between how the UI sees a value of "null" (i.e. it doesn't think the setting exists so it shows the defaults) and how the scheduler code sees a value of "null" (i.e. it sees that the setting exists and treats the null value as false, i.e. OFF).

Hello! Yesterday I checked for updates and was greeted with a "We need a moment to apply some updates. Restart Malwarebytes" message. After MBAM restarted I was surprised to see that both the Component Package version (1.0.1464 to 1.0.1474) and the Malwarebytes application version (4.4.7.134 to 4.4.8.137) changed. In the past, only the Component Package would be updated this way. A new Malwarebytes application version would give me a Windows UAC prompt to run MBSetup.exe (which I loathed!). Is this the expected behavior of the latest update process, and if so is this how all updates will be handled going forward?

I connect to WiFi but it's infrequent, mostly just to install iOS updates. I have unlimited LTE so prefer the extra battery life over using WiFi. I'm also not a fan of leaving WiFi on while I'm out and about, not knowing what it's reaching out to or doing while it's in my pocket ☺️ Quick question about the new version (1.4.5) that was released on June 16 ... I have the Premium version but don't use the phone or SMS blocking features, just the web protection and ad blocking features. I won't see any visible changes in the UI then right, just under-the-hood bug fixes etc. with the new version?

I see a new version 1.4.5 is now available in the app store, released on June 16. Anyone install this yet? Any issues? @treed Any chance we can get the ability to auto-update "protection updates" via mobile data in a future release? I almost never connect to WiFi and have to remember to manually click the update button every now and then. Thanks!

Hi @1PW Nice chatting to you again and thank you for the link to the VirusTotal scan with the hashes, much appreciated! I still use VirusTotal to scan files but file hashes published by the vendor help verify chain of custody. Signing certificates are great but basically has the same problem. You still need to verify the details of the certificate (not the somewhat useless CN but the SHA256 fingerprint, etc.) to ensure chain of custody since it's increasingly common for malware to be signed. BTW, I wrote a PowerShell script (see screenshot) that extracts the signer and counter signer certificates of the new file to a known, verified copy of the previous version and compares them to each other. That's when I noticed that the file was countersigned by a new company that I'm not really familiar with, hence my hesitation and decision to ask on the forum what the file hashes were to put my mind at ease. Better safe than sorry! 😄

Hi there! Can a Malwarebytes staff member please be so kind as to post the SHA1 or SHA256 hashes of the latest MBSetup.exe file? Looks like it's v4.4.0.220. I want to verify the file hashes before I accept the UAC prompt and continue updating my v4.3 install to v4.4. Thank you!

Do you guys use some of the common and widely-used ad and tracker blocking lists like EasyList or do you compile your own list from scratch? While Malwarebytes managed to eliminate a decent amount of ads it wasn't able to get rid of YouTube ads. I'm also seeing sponsored ads at the bottom of items on eBay, etc. It would be nice to have the option of adding our own block lists.

Hi, I noticed that the AdwCleaner cloud update server(s) are frequently down/unavailable, especially over weekends. I confirmed the issue from multiple PC's in multiple networks so it's not a problem with my network. AdwCleaner then resorts to using the local copy of it's definitions which is the copy that comes with AdwCleaner when you download it, so it's severely out of date. Two suggestions: 1) Can someone please look into the reliability/availability of the AdwCleaner cloud update servers? 2) Should the cloud update fail, it would be nice to have the option to use the definitions from the last good cloud update, as opposed to the original local copy. Thanks!

Thanks @1PW over the years I always found it funny that, when I went to scan my MABAM executables at VirusTotal, the majority of the time I'd find your upvote there already. It happened so often that eventually I'd be suspicious of the file if it wasn't there. 😂 The world has become a lot more tech savvy so I think a lot of people would actually know how to use hashes. The problem with code signing will always be that any bad actor with a couple of hundred dollars and some time on their hands can get their malware signed. So the real test of file integrity via code signing is verifying the authenticity of the certificate used to sign the code. And this is where things get a lot trickier, real quick. How do we know that the certificate used to sign the file we just downloaded, belongs to the real Malwarebytes Inc? Is simply relying on the CN good enough? At the very least you'd also want to verify the serial number and a few other details. But where are those details published so we can verify them? Suddenly we're back to things not being published on the Malwarebytes website that probably should be (at least, I haven't seen it). Anyway, I'm hoping the Malwarebytes team comes around on this. BTW, nice talking to you!

A digital certificate does not prove that the file you downloaded, came from the site you downloaded it from! It simply proves that the file was signed by the holder of the certificate. What part of this is so difficult to understand? Yes, digital certificates are a very important verification, nobody is disputing this. A file hash on the other hand is just another way to validate chain of custody to me, the end user. The two compliment each other. They offer similar, but slightly different forms of verification. Stop harping on spoofed websites, it's a distraction and merely one of many scenarios in which hashes are useful. But for what it's worth ... a savvy hacker is not going to setup a fake website for "www.malwarebytes.com" when all they need to do is redirect DNS for "downloads.malwarebytes.com" or "download.toolslib.net". None of these subdomains resolve to the same server so why bother spoofing the web site when Malwarebytes aren't posting hashes? The really smart hackers aren't that stupid. So ironically, by not putting a hash on the web site Malwarebytes is literally making it easier for them. Furthermore, spoofing the site is easily defeated by posting hashes to social media. Also, it really doesn't matter that some of the other AV vendors don't publish hashes. Many vendors do. Just do the right thing, regardless. Anyway, this is getting tedious. I'm out.

Apologies if it sounded like I was coming at you personally, not my intention at all. I did read the article. Let's just say that the reasons provided in the article are not compelling at all. Hashes aren't supposed to replace digital signatures as a means of verifying the integrity of an app. Period. These aren't two competing concepts, they complement each other. You can - and should! - have both. Hashes are more a chain of custody check to me personally. Also, the example provided of a web site being compromised therefore the posted hashes can also be altered to match the fingerprint of the downloaded file is not the only scenario where a hash would be useful, and in the case of Malwarebytes*, it's not even the one I'm most concerned about. I'm more concerned about bad downloads from a compromised PC (bad DNS, code injection, etc). Also, the article literally saying that keeping hashes updated is a "pain" is just cringe. Seriously? This can easily be automated. (*As an aside, it's not typical for a company like Malwarebytes to host their downloadable content on the same infrastructure as their public web site so if we assume for the sake of argument that a bad actor manages to compromise the entirety of Malwarebytes' infrastructure - downloads, web sites, update servers, etc. - plus their social media accounts where they should also be publishing the hashes, then we're talking about an extinction level event for the company).

Yep I'm aware if this but I'm referring to something else ... a popup that has a summary of all the real-time detections, scheduled scan detections, and a bunch of other summary information for the month all on one screen.

Me, the OP, users who asked for it over the years on the forum ... basically anyone who thinks that providing more ways of verifying a files authenticity is a good thing, not a bad thing? If a poll was conducted I'm sure most users would be in favor of it. Your reasons for not postings hashes is simply not compelling enough. We all use VirusTotal. We all check the digital signatures. Let's move beyond that. I (and many others) would like to compare vendor provided hashes too. If you don't want to, you don't have to. Forget about the users level of experience ... it doesn't matter and it's not for you to decide who is or isn't technically savvy. And forget about state actors. My original comment was just to underscore a point. State actors are the least of my concerns, and is the least likely to affect the average person. State actors target specific political opponents and/or other government entities. In the interest of time I'm not going to unpack the rest of it ... it's not that important to the topic at hand and we're just beating dead horses now. So instead of wasting more time on the thousands of hypothetical what-if scenarios we can conjure up where a hash may or may not have helped, can we please just acknowledge that some of your users would like to have the hashes posted?

One of my PC's recently gave me a monthly summary in a popup when I opened Malwarebytes, and then just a few days ago it did it again. None of my other PC's running Malwarebytes have given me this popup and they're all configured more or less the same. Any idea why? Is this something that need to be activated somewhere. I quite like this feature and would like to see it on all my PC's. In fact, it would be nice to see it on demand.

So how are we doing with this suggestion ... it still pains me to see this universally recognized "not good" color used to relay "all is well" 😉

This happened to me recently with one of my lifetime licenses. In the end I opened up a ticket and they fixed it for me. I too a little while though so you may have to run in trial mode for a bit.