Jump to content

Lesyk009

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Lesyk009

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. C:\Windows\System32\AppHostRegistrationVerifier.exe is calling out to wbd.ms which appears to be microsoft whiteboard. Looks to be totally normal. If not let me know.
  2. think this might be a false positive, all of our endpoints are sending this alert: Type:OutboundConnection IP Address:52.190.28.19 Domain:wbd.ms Port:443 Process Name:C:\Windows\System32\AppHostRegistrationVerifier.exeThis email was automatically generated by Malwarebytes Bot, please do not reply.
  3. Have you tried the fix above? You may want to start a new thread or contact support, as this was resolved for us over a year ago. Also last I checked I thought the on prem solution was getting dropped. We've switched to the cloud platform and their most recent update broke a ton of stuff. Good luck!
  4. Hello, Just had a dozen or so of my network PCs throw off the following alert during their nightly full scan. Looks like it might be related to Microsoft office, anyone else having this happen?: Name Type Category Status Path RiskWare.IFEOHijack Reg, Key Malware Quarantined HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS
  5. Detection Name: Malicious Website Action Taken: Blocked Category: Website Scanned At: 02/10/2020 11:20:40 AM Reported At: 02/10/2020 11:20:41 AM Type: Outbound Connection Endpoint: CUSTSRVC-03-102.brimar.com Domain: login.live.com Group Name: Customer Service IP Address: 40.90.137.124 Port: 64213
  6. Sorry, IP address 40.90.137.124 and 40.90.23.154
  7. Throwing off blocked malicious website alerts, all for login.live.com with different ports. Coming from multiple endpoints.
  8. I unfortunately am remote at the moment and have shut down the computers that these were caught on. One of these was caught in a windows.old folder so it seems like this should have been caught before if it was a legit issue.
  9. Got a few computers reporting the following two files as malicious and quarantining them. \Windows\SysWOW64\winver.exe \Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\winver.exe Anyone have the same issues?
  10. That has resolved the issue. After turning off those triggers, then restarting the exploit service and then testing with excel the issue did not occur.
  11. Tested, did not resolve the issue. Check off both of those settings locally on my machine, opened an excel docuement went to view updates and exploit immediately closed the program and sent out an alert. The only positive from all of this is I know my Malwarebyte alert settings are on point.
  12. Response from support this morning- "I am just follow up with you to let you know that our team is working to fix this issue on our end. I will keep you update soon I have any update from our development team."
  13. No fix so far. They responded twice, first they assumed I was using cloud version of malwarebytes which I am not, and they should have known since they asked me for specific logs from my management console. Then they asked me to add an exception in the form of an MD5 hash to one of my policies, and that did not work. Haven't heard back since. =/
  14. Sent them logs yesterday haven't heard back yet. We got an alert from Acrobat this morning, exploit just out right blocked acrobat's main process - AcroRd32.exe.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.