Jump to content

muciqi

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by muciqi

  1. Hi LiquidTension The issue is repeated again to the same Clients a few more times. Currently I am out of Office. I will come back to you on Monday and I will provide the logs you requiered.
  2. Hallo LiquidTension, that's encountered two machines till now. Attached you can find the logs you required. Thank you for your help! Logs1.zip
  3. Thats happend serveral times to our clients since tomorrow even though the file direction (C:\Windows\System32\userinit.exe) is included to Anti-Malware and Anti-Ransomware Exclusion List Any help? Thanks in advance Malwarebytes Management Server Notification -------------------------------------------- Alert Time: 12.02.2020 16:01:30 Server Hostname: Server Domain/Workgroup: Description: Ransomware threat detected, see details below: Time HostName IPAddress ThreatName Operation Clean Result ObjectScanned 12.02.2020 16:01:23 Malware.Ransom.Agent.Generic QUARANTINE SUCCESSFUL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit 12.02.2020 16:00:49 Malware.Ransom.Agent.Generic QUARANTINE WHITELISTED userinit.exe Total count: 3. ------------------------------------------- Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message. logs.zip
  4. We just rolled out the last Anti-Exploit Version: 1.12.2.147 to our test Endpoints One of the Clients (windows-10 virtual machine) got this alert-message as soon as he tries to open Internet Explorer. Malwarebytes management server emailed over a notice about this alert every times the client tries to open IE. Below is the alert-message from Server and attached are the MBAE Logs from that VM. Malwarebytes Management Server Notification -------------------------------------------- Alert Time: 22.05.2019 10:29:46 Server Hostname: ***** Server Domain/Workgroup: **** Description: Exploit threat detected, see details below: 22.05.2019 10:28:02 VM**** 161.110.7.139 Exploit memory HeapSpray attempt blocked BLOCK user Internet Explorer C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Attacked application: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE; Parent process name: iexplore.exe; Layer: Application Hardening; API ID: 900; Address: 0x0D0D78D0; Module: ; AddressType: ; StackTop: 0x0B200000; StackBottom: 0x0B1F2000; StackPointer: ; Extra: Total count: 1. Could someone tell me what the anti-exploit took exception to? Thanks in advance for your help. logs.7z
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.