Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by muciqi

  1. Thats happend serveral times to our clients since tomorrow even though the file direction (C:\Windows\System32\userinit.exe)  is included to Anti-Malware and Anti-Ransomware Exclusion List

    Any help?



    Thanks in advance :)


    Malwarebytes Management Server Notification



    Alert Time: 12.02.2020 16:01:30

    Server Hostname:

    Server Domain/Workgroup: 


    Ransomware threat detected, see details below:

    Time  HostName    IPAddress   ThreatName  Operation   Clean Result      ObjectScanned

    12.02.2020 16:01:23           Malware.Ransom.Agent.Generic      QUARANTINE  SUCCESSFUL  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

    12.02.2020 16:00:49           Malware.Ransom.Agent.Generic      QUARANTINE  WHITELISTED userinit.exe

    Total count: 3.


    Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message.



  2. We just rolled out the last Anti-Exploit Version: to our test Endpoints

    One of the Clients (windows-10 virtual machine) got this alert-message as soon as he tries to open Internet Explorer.



    Malwarebytes management server emailed over a notice about this alert every times the client tries to open IE.

    Below is the alert-message from Server and attached are the MBAE Logs from that VM.


    Malwarebytes Management Server Notification


    Alert Time: 22.05.2019 10:29:46

    Server Hostname: *****

    Server Domain/Workgroup: ****


    Exploit threat detected, see details below:


    22.05.2019 10:28:02     VM****     Exploit memory HeapSpray attempt blocked     BLOCK       user    Internet Explorer C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE   Attacked application: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE; Parent process name: iexplore.exe; Layer: Application Hardening; API ID: 900; Address: 0x0D0D78D0; Module: ; AddressType: ; StackTop: 0x0B200000; StackBottom: 0x0B1F2000; StackPointer: ; Extra:

    Total count: 1.


    Could someone tell me what the anti-exploit took exception to? 

    Thanks in advance for your help.


Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.