Jump to content

Amaroq_Starwind

Members
  • Content Count

    508
  • Joined

  • Last visited

Everything posted by Amaroq_Starwind

  1. You really ought to watch Person of Interest. AI doesn't have to be a crapshoot. The future is already here, whether we want it to be or not, so all we can do now is make the most of it. Or pray that we get hit by a solar flare which sends us back to the dark age.
  2. @kenzolicious I'm with Exile on this one. Please show some more respect to the Malwarebytes team.
  3. What I meant by implementing Case-sensitivity was to implement the ability to detect Case-sensitive filenames and folders that normally wouldn't be accessible otherwise, not to make the scanning itself Case-sensitive >.<
  4. After reading some threads by AdvancedSetup (here, and here), I've been messing around with Windows services, both through the Services Manager (Services.msc) snap-in, and through the Registry Editor, and an idea struck me. I would like to configure the Malwarebytes Support Tool to automatically launch whenever a Malwarebytes-related service fails, but I can't seem to locate the directory of the installed support tool executable on my computer, nor do I know which specific command line parameters and arguments (if any) that I should use when specifying the Failurecommand registry value (data type: REG_SZ) or the "Run a program" option in the Services Manager. Could somebody give me a place to start, @dcollins perhaps?
  5. Hey, Malwarebytes Community! 🦊 In my neverending pursuit to be more helpful to other members of this community, I've taken to trying to call attention to specific staff members whenever a problem arises that I'm not able to help with. However, I'm still fairly unfamiliar with which members of the forum specialize in what, and for the ones currently employed by Malwarebytes, which departments those members happen to be in. As such, I'd like to request some kind of cheatsheet for the usernames of staff members in different departments so that I have a quick reference for redirecting other users when they need assistance. I do not require any legal names, just usernames. Sincerely, Amaroq
  6. Good afternoon, Malwarebytes community! 🦊 I am delighted to inform you on this exciting day that I am now officially enrolled at Lone Star College in Houston, Texas. I will be working towards my Associate of Science degree in Computer Science, and my Associate of Applied Science degree in Cybersecurity, both of which will help me on my way to seeking employment. It is my hope that I will also one day be able to get a Microsoft certification as an Information Technology and/or Networking specialist, and if I'm especially lucky, perhaps even an enrollment in the Malwarebytes Academy and/or an enrollment at Rice University. A small disclaimer: My username on this forum is not my legal name, since I generally do not feel too comfortable using my legal name online in most cases, and when I first joined the Malwarebytes community I had wanted to use a name that my friends would easily recognize whenever I referred them here to get help. However, for the purposes of more official business, I am not afraid to share my legal name with trusted members of this community via private messages, along with other information such as my recently obtained college email address. Before I was thrust into the world of cybersecurity, I always thought I'd go into either Game Development, Fiction Writing, Computer Hardware Design, Electronic Music or Higher Physics as a career path. It's always funny how these things all turn out, but perhaps a degree in Cybersecurity could still mesh well with these (especially higher physics, once Quantum Computers are more prevalent). Godspeed, everyone!
  7. Good afternoon, Arsenal! I forget who on this forum is in the Sales department, but maybe @Porthos or @exile360 can be of some help to you in verifying the legitimacy of this offer.
  8. There's a typo in the file. ::--------------------------------------------------------------------------------------- :MBAMSIZE ::--------------------------------------------------------------------------------------- REM %windir%\system32\wbem\WMIC.exe path win32_process WHERE Name=^"MBAMService.exe^" get Caption^,HandleCount^,PrivatePageCount^,WorkingSetSize SETLOCAL EnableDelayedExpansion FOR /F "usebackq skip=1 tokens=1-5*" %%a IN (`CMD /S /C "WMIC path win32_process WHERE Name="MBAMService.exe" get Caption^,HandleCount^,PrivatePageCount^,WorkingSetSize"`) DO ( IF [%%a] EQU [MBAMService.exe] ( REM ECHO %%c %%d b:%%b SET /A pps= %%c / 1000000 SET /A wss= %%d / 1000000 ECHO. MBAMService.resource. PrivatePageCount !pps! Mgb WorkingSetSize !wss! Mgb HandleCount %%b IF !pps! GTR 1000 (ECHO *WARNING* Memory usage is high) IF %%b GTR 5000 (ECHO *WARNING* Handle cound is high) ) ) GOTO :EOF It should say "Handle count" instead of "Handle cound"
  9. Slightly inconvenient for the less tinker-happy users, but as it's for the sake of user privacy... Go Mozilla! 🦊
  10. Actually in Windows 10, you can use Powershell to set a flag on certain folders to enable their contents to be case-sensitive. Linux programs running on Windows (through the WSL) always ignore this flag and treat everything as case-sensitive, but in the registry you can also set Windows programs to either: 1. Treat everything as Case-sensitive regardless of the folder properties 2. Set them to disallow case-sensitive names regardless of folder properties, or... 3. The default behavior, just respect the folder properties. In @alhazred's case, though, he doesn't have to worry about it because he's unlikely to run into any case-sensitive folders. However, I would still like to see case-sensitive file scanning implemented in MBAM, especially the enterprise version, due to the much higher likelihood that WSL would be used, the frequent mingling of Windows-based and Linux-based servers, and the ever increasing prominence of Linux-based threats.
  11. Editing posts is disabled for normal users because of spamners abusing it. This is also why you need to contact an Admin to set your profile image. Hopefully in the future, there will be better systems in place.
  12. This is one of those rare moments where I actually want a Mac. Maybe I'll build a Hackintosh one of these days.
  13. Welcome to the forum, Yespat. I look forward to helping you if the need arises.
  14. I received a similar email once, which is actually what prompted me to start taking cybersecurity more seriously. However, it was appended with some spiel about saying that the email had been edited in transit and translated by somebody else, and that it was safe, even recommended, to report to the authorities, and that if I did so then no harm would be done. I didn't respond to the email at all, though, and I do not recommend responding either. It's not only a bitcoin ransom scam, but also a phishing/data harvesting attempt to trick people into sending sensitive information in an encryptionless reply.
  15. My hypothesis: It records whenever a user proceeds to a website that is/was a false positive, detects when web elements hosted by malicious domains try to appear on a web page, or when exploit prevention detects and prevents an exploit. This way, it can upload information to the Malwarebytes servers and say "Hey boss, this website looks clean!" or "Hey boss, this website looks infected!", thus reducing the risk of false positives and increasing the detection rate of malicious websites and domains. However, as the Web Protection module is primarily database-drivem rather than heuristics-driven, your guess is as good as mine. If a clean website is hosted on the same IP Address as an infected website however, then it will usually produce a false positive. Similarly, some VPNs and TOR connections could also produce false positives.
  16. Actually, I just found out about the MalwareBytes Academy thing, which is apparently exclusive to Endpoint Protection customers. Since I'm trying to get a Computer Science (Associate of Science) degree as my minor and a Cybersecurity (Associate of Applied Science) degree as my major, this Malwarebytes Academy thing is particularly enticing, and I now have renewed interest in MalwareBytes Endpoint Protection / Malwarebytes for Business. The Cloud Management Console could also help me troubleshoot protected computers regardless od where I am, and there are a lot of computers in my family that are currently protected by Malwarebytes.
  17. The status of the MalwareBytes Windows Firewall Control Service needs to be added as well. You can get MalwareBytes Windows Firewall Control from the Binisoft website.
  18. True, true... Can I PM you an RTF document I wrote?
  19. @6yearuser Besides databases, MalwareBytes will primarily use machine learning to determine whether or not something is hostile, including scanning websites. As with everything based on machine learning, false positives are bound to happen, and yes while some tools that produce false-positives do have a political or socioeconomic motivation (just look at Google), not all do. MalwareBytes (as both a company and a product line) does not care about politics or choosing sides, only about maintaining your privacy and protecting your computer from threats. This is especially true with the software itself, which is literally incapable of caring about sides or politics. Welcome to the forum, by the way!
  20. Wait, Memory Patch Hijack Protection causes problems?
  21. That's... Not what I'm trying to do... I'm actually against Patent/Copyright Law normally (if it were up to me, everything would be Creative Commons), but cybersecurity is a pretty big deal. There are a lot of technological innovations that could change everything, but the patents for them are being sat on by companies who aren't doing anything with them. In this particular case, though, I kind of don't want the open internet to know about my designs because... Well... What if Malware developers start using the techniques I've come up with?
  22. So what Gonzo is saying... Is that if I had a really good idea (a security technique) that could cause a lot of trouble if the information got into the wrong hands (ie, Malware devs), I could trust them to keep it safe from prying eyes (other companies, rogue governments, and Malware devs) and/or put it into use in some form (because they have the engineers, researchers and developers, while I'm just one person).
  23. Does this mean my laptop will finally get an Intel graphics driver for Windows 10?
  24. I still feel like MalwareBytes should compile a version of MB3 for ARM64 builds of Windows 10, as ARM devices running Windows 10 are becoming increasingly popular. Even before threats specifically targeting the ARM64 version become a thing, it could help protect against common exploits that don't care which version of Windows you're running. If you're running Windows 10 for ARM, you won't be able to run the current x64 version of MalwareBytes, and you'd have to do icky workarounds to install the 32-bit version which probably wouldn't work too well.
  25. Before your response, I felt accomplished. Now, I feel like a talentless hack. Maybe I should just wait for the professionals... I wasn't completely ignoring your advice; I'm fully aware that what I am doing is at my own risk. My only intention in running it multiple times was to provide that self-healing-ness I was looking for, due to inevitable corruptions that can occur between restarts if the computer goes for a long period of time without restarting. However, "1 hour" is the longest I could specify in the GUI, and I didn't realize that you were specifically trying to get me to use the command-line; I can see now why the command-line is the better option, though. Using the Task Scheduler GUI, due to the limited amount of control and information that it gave me; I was hoping that by specifying the order of DISM first and SFC second, that it would respect that order and not run SFC until DISM stopped running. But rather than going entirely off of assumption, my intention is to test my hypothesis and see what happens when I run the task in its current state. Since I didn't see SFC in the process list in task manager upon running the task, this has led me to the belief that maybe it will actually perform the actions in serious rather than in parallel. I still intend to figure out how to make it actually wait until DISM actually reports a successful operation before running SFC, so what I just uploaded could be considered a prototype of sorts. That specifically is what I'd like to figure out. So, I still learned some important lessons here: The Task Scheduler GUI is far too limited to do any real work. Command-line tools are better for anything involving automation, remote administration or headless operation. Though I have "good" ideas (like a DIY setup for self-healing OS components), I don't listen to instruction, and if I am not explicitly told that I have to do something the hard way, then I instead just do it with whatever tools immediately come to mind.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.