Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Amaroq_Starwind

  1. Speaking of Symantec, I learned the funniest thing; turns out my dad has an old friend who's pretty high up the Symantec ladder now. Back on the main subject, there might be a new user registering some time in the near future. I discussed the subject of Recycle Bin hardening with him (her?) just a little bit ago, and they had some interesting ideas regarding two-factor authentication and asymmetric encryption.
  2. Here we go: https://community.spiceworks.com/topic/1065273-av-on-host-vm-or-both Turns out there's actually a VM manager with built-in anti-virus capabilities for your VMs, and it supports the tried and true Kaspersky engine. I know that it's not exactly an Anti-Malware system for Windows 2K and 2K3, but it's better than nothing IMHO. Maybe in the future, Malwarebytes Endpoint Protection will have accommodations for protecting virtual machines.
  3. Hmm... I'll have to dig around. I'll let you know if I can find anything. If you're able to convert your hard disks for those servers into virtual hard drives, though, then you could probably run them inside of virtual machines. Maybe there's a modern anti-malware utility that can scan what's happening on a VM from the outside.
  4. I'd just reimage them, personally. However, legacy versions of Malwarebytes which still run on Windows XP might be able to run on Windows 2000 or Windows Server 2003, with some tweaking. With the amount of tweaking that would probably be needed however, it probably wouldn't be worth the effort if you're just going to get rid of the servers. Hence, reimage.
  5. By the way, whatever ideas people come up with, remember that there are three goals here: Practicality: Could it be achieved with a simple redirect or filter driver, or would it require a significant rewrite of the operating system? Would it require management by the end user with specialized software, or would it be a Fire-and-Forget solution? Creativity: This one is a bit harder to judge, being more of a subjective spectrum. On the one hand, there's the "if it ain't broke, don't fix it" camp, but on the other, there's just something really satisfying about innovation and originality. Versatility: Whatever idea you have, does it have a very niche use case, or can it be applicable to a wide range of situations? Bear in mind that people are finding new ways to use old stuff all the time, so there's a lot of wiggle room here. Again, this is mainly just brainstorming. I don't need to see any specific technical implementations, so don't worry if you don't have those details worked out. And if you're not sure about your idea, feel free to pitch it anyway so that other folks here on the forum can discuss it with you. Everything has the potential to inspire something else.
  6. Come on, isn't anyone at least a little excited? This is a big moment for me.
  7. I've been thinking about the Windows Recycle Bin. Or more specifically, I've been thinking about how there's no way to secure it, and prevent unauthorized users and applications from attempting to view or restore sensitive information that has been deleted. And no, I'm not talking about permanent file deletion, since on a personal scale sometimes you'll forget to permanently delete something, and on a company-wide scale you can't guarantee that every employee's first instinct will be to permanently delete a file. While I'm at it, I can't help but notice that the recycle bin doesn't seem to have any form of compression or deduplication, but that seems like far less of an issue than security. I guess this is more of a brainstorming thread than anything else; if for some reason you needed to secure (or at the very least, optimize) the Windows Recycle Bin, how would you go about doing it? What techniques would you opt to use, and for which scenarios?
  8. The image should say it all... I honestly don't know what to make of this...
  9. This is less of a support request (since I already know how to fix it) and more of a bug report: The Malwarebytes Windows Firewall Control application, when you set the service to Automatic (Delayed Start), will show an exclamation mark in the tray and won't be able to connect to the service. The only way to fix it is to manually restart the service in the Service Manager (services.msc), since the application doesn't auto-restart, nor is there a context menu option to restart the service manually. I have confirmed that this issue only occurs when the service is set to Automatic (Delayed Start) I have the service configured to restart automatically after 5 minutes when it fails, and I have the "FailureActionsOnNonCrashFailures" REG_DWORD set to 1, but it doesn't help since the service is not technically failing, rather it's the tray application which fails. Also, Malwarebytes Windows Firewall Control is not covered by the ServiceStatus.cmd available elsewhere on this forum, nor is it covered by the Malwarebytes Toolset or the Malwarebytes Support Tool. In fact: despite Malwarebytes' acquisition of Binisoft being a while ago, you can't even get it directly from the Malwarebytes website yet, and you need to go over to the Binisoft website to get it. If these issues could be addressed in some fashion, I would much appreciate that! Sincerely, Amaroq P.S.: Dear moderators, I sincerely apologize for the minefield of URLs. I promise that none of the links are malicious, however. You can double-check!
  10. You really ought to watch Person of Interest. AI doesn't have to be a crapshoot. The future is already here, whether we want it to be or not, so all we can do now is make the most of it. Or pray that we get hit by a solar flare which sends us back to the dark age.
  11. @kenzolicious I'm with Exile on this one. Please show some more respect to the Malwarebytes team.
  12. What I meant by implementing Case-sensitivity was to implement the ability to detect Case-sensitive filenames and folders that normally wouldn't be accessible otherwise, not to make the scanning itself Case-sensitive >.<
  13. After reading some threads by AdvancedSetup (here, and here), I've been messing around with Windows services, both through the Services Manager (Services.msc) snap-in, and through the Registry Editor, and an idea struck me. I would like to configure the Malwarebytes Support Tool to automatically launch whenever a Malwarebytes-related service fails, but I can't seem to locate the directory of the installed support tool executable on my computer, nor do I know which specific command line parameters and arguments (if any) that I should use when specifying the Failurecommand registry value (data type: REG_SZ) or the "Run a program" option in the Services Manager. Could somebody give me a place to start, @dcollins perhaps?
  14. Hey, Malwarebytes Community! 🦊 In my neverending pursuit to be more helpful to other members of this community, I've taken to trying to call attention to specific staff members whenever a problem arises that I'm not able to help with. However, I'm still fairly unfamiliar with which members of the forum specialize in what, and for the ones currently employed by Malwarebytes, which departments those members happen to be in. As such, I'd like to request some kind of cheatsheet for the usernames of staff members in different departments so that I have a quick reference for redirecting other users when they need assistance. I do not require any legal names, just usernames. Sincerely, Amaroq
  15. Good afternoon, Malwarebytes community! 🦊 I am delighted to inform you on this exciting day that I am now officially enrolled at Lone Star College in Houston, Texas. I will be working towards my Associate of Science degree in Computer Science, and my Associate of Applied Science degree in Cybersecurity, both of which will help me on my way to seeking employment. It is my hope that I will also one day be able to get a Microsoft certification as an Information Technology and/or Networking specialist, and if I'm especially lucky, perhaps even an enrollment in the Malwarebytes Academy and/or an enrollment at Rice University. A small disclaimer: My username on this forum is not my legal name, since I generally do not feel too comfortable using my legal name online in most cases, and when I first joined the Malwarebytes community I had wanted to use a name that my friends would easily recognize whenever I referred them here to get help. However, for the purposes of more official business, I am not afraid to share my legal name with trusted members of this community via private messages, along with other information such as my recently obtained college email address. Before I was thrust into the world of cybersecurity, I always thought I'd go into either Game Development, Fiction Writing, Computer Hardware Design, Electronic Music or Higher Physics as a career path. It's always funny how these things all turn out, but perhaps a degree in Cybersecurity could still mesh well with these (especially higher physics, once Quantum Computers are more prevalent). Godspeed, everyone!
  16. Good afternoon, Arsenal! I forget who on this forum is in the Sales department, but maybe @Porthos or @exile360 can be of some help to you in verifying the legitimacy of this offer.
  17. There's a typo in the file. ::--------------------------------------------------------------------------------------- :MBAMSIZE ::--------------------------------------------------------------------------------------- REM %windir%\system32\wbem\WMIC.exe path win32_process WHERE Name=^"MBAMService.exe^" get Caption^,HandleCount^,PrivatePageCount^,WorkingSetSize SETLOCAL EnableDelayedExpansion FOR /F "usebackq skip=1 tokens=1-5*" %%a IN (`CMD /S /C "WMIC path win32_process WHERE Name="MBAMService.exe" get Caption^,HandleCount^,PrivatePageCount^,WorkingSetSize"`) DO ( IF [%%a] EQU [MBAMService.exe] ( REM ECHO %%c %%d b:%%b SET /A pps= %%c / 1000000 SET /A wss= %%d / 1000000 ECHO. MBAMService.resource. PrivatePageCount !pps! Mgb WorkingSetSize !wss! Mgb HandleCount %%b IF !pps! GTR 1000 (ECHO *WARNING* Memory usage is high) IF %%b GTR 5000 (ECHO *WARNING* Handle cound is high) ) ) GOTO :EOF It should say "Handle count" instead of "Handle cound"
  18. Slightly inconvenient for the less tinker-happy users, but as it's for the sake of user privacy... Go Mozilla! 🦊
  19. Actually in Windows 10, you can use Powershell to set a flag on certain folders to enable their contents to be case-sensitive. Linux programs running on Windows (through the WSL) always ignore this flag and treat everything as case-sensitive, but in the registry you can also set Windows programs to either: 1. Treat everything as Case-sensitive regardless of the folder properties 2. Set them to disallow case-sensitive names regardless of folder properties, or... 3. The default behavior, just respect the folder properties. In @alhazred's case, though, he doesn't have to worry about it because he's unlikely to run into any case-sensitive folders. However, I would still like to see case-sensitive file scanning implemented in MBAM, especially the enterprise version, due to the much higher likelihood that WSL would be used, the frequent mingling of Windows-based and Linux-based servers, and the ever increasing prominence of Linux-based threats.
  20. Editing posts is disabled for normal users because of spamners abusing it. This is also why you need to contact an Admin to set your profile image. Hopefully in the future, there will be better systems in place.
  21. This is one of those rare moments where I actually want a Mac. Maybe I'll build a Hackintosh one of these days.
  22. Welcome to the forum, Yespat. I look forward to helping you if the need arises.
  23. I received a similar email once, which is actually what prompted me to start taking cybersecurity more seriously. However, it was appended with some spiel about saying that the email had been edited in transit and translated by somebody else, and that it was safe, even recommended, to report to the authorities, and that if I did so then no harm would be done. I didn't respond to the email at all, though, and I do not recommend responding either. It's not only a bitcoin ransom scam, but also a phishing/data harvesting attempt to trick people into sending sensitive information in an encryptionless reply.
  24. My hypothesis: It records whenever a user proceeds to a website that is/was a false positive, detects when web elements hosted by malicious domains try to appear on a web page, or when exploit prevention detects and prevents an exploit. This way, it can upload information to the Malwarebytes servers and say "Hey boss, this website looks clean!" or "Hey boss, this website looks infected!", thus reducing the risk of false positives and increasing the detection rate of malicious websites and domains. However, as the Web Protection module is primarily database-drivem rather than heuristics-driven, your guess is as good as mine. If a clean website is hosted on the same IP Address as an infected website however, then it will usually produce a false positive. Similarly, some VPNs and TOR connections could also produce false positives.
  25. Actually, I just found out about the MalwareBytes Academy thing, which is apparently exclusive to Endpoint Protection customers. Since I'm trying to get a Computer Science (Associate of Science) degree as my minor and a Cybersecurity (Associate of Applied Science) degree as my major, this Malwarebytes Academy thing is particularly enticing, and I now have renewed interest in MalwareBytes Endpoint Protection / Malwarebytes for Business. The Cloud Management Console could also help me troubleshoot protected computers regardless od where I am, and there are a lot of computers in my family that are currently protected by Malwarebytes.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.