Efrain
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Efrain
-
-
9 minutes ago, AndrewPP said:
A hash identifies the file uniquely, independent of user.
Downloading EXE via browser and running from temp is what many attackers do!
Reporting a False Positive and supplying some background will get you added to 'white list'
Please submit a Support Case, stating you are a Developer and ask about process going forward.
Digitally signing your program allows more 'trust' in your program and traceability in a world where attacks are increasing.
I'm going to try the hash tomorrow.
I'm not a fan of the application but that's what we're stuck with for now.
I'm not a developer of this product. We purchased it from a company called L3 (Safe Fleet Mobile Vision).
Thanks!
-
1 hour ago, AdvancedSetup said:
Ah.. my apology. I thought you were running a Consumer desktop client.
I've posted in your other topic, but why can't the application be copied to the local computer into a folder that is already in the path?
Were you able to get the MD5 hash? That will not change regardless of where the file is located. Though excluding it from Anti Exploit may or may not work.
I got the hash but haven't tried it yet. I will tomorrow. Again, thank you so much.
-
1 minute ago, AdvancedSetup said:
The issues "appears" to be due to it running from the Temp folder.
Can the organization copy the program to a location that is already in the path. Not my favorite location but if push comes to shove even the C:\Windows folder?
I could be wrong but if run from there I would think it would not be triggered
I've thought of contacting the organization but my experience with them hasn't been great. I thought having an exclusion would be the easier route.
Thanks!
4 minutes ago, Porthos said:i suppose they are not allowed to download the video from the site so they can run it locally?
No, they can NOT.
-
@AdvancedSetupThe officers log into a website, browse for the video then click on a thumbnail to see the video. They never see this app. Somewhere in the process a Java script runs and the player is installed for them (if not already installed) then the video starts to play within the browser (Edge or Chrome). The problem is that Malwarebytes thinks this is a malicious app and stops it from working so the video never plays. It's a horrible, stupid system that we are stuck with for now.
As for the logs, we have an Endpoint agent running on the PCs. There's no app to click on to see and download logs. If you point me to the folder/files that you need I can upload.
Thank you very much for you help!
-
1 minute ago, Porthos said:
I am thinking that you might need to have that player on each officers computers and guessing the video is on a server somewhere they have access to.
And have them open the player on the computer and use the file open command and browse to the video on the server.
@Porthos The officers log into a website, browse for the video then click on a thumbnail to see the video. They never see this app. Somewhere in the process a Java script runs and the player is installed for them (if not already installed) then the video starts to play within the browser (Edge or Chrome). The problem is that Malwarebytes thinks this is a malicious app and stops it from working so the video never plays. It's a horrible, stupid system that we are stuck with for now.
-
9 minutes ago, AdvancedSetup said:
Hello @Efrain
Can you please post the log showing the detection. I just scanned the file and it was not detected on my system.
For reference
Thanks
Where is this log located? Thanks.
-
42 minutes ago, Porthos said:
I have not seen a post in the False positive section from you yet. Please zip and attach the following in that section. C:\Users\dalonso\AppData\Local\Temp\FlashbackPlayer.exe
File uploaded in False Positive section. Thanks.
-
This file keeps getting detected as a exploit. It's used by our police department to view video from their car and body cams. Please advise on what can be done about this. Thank you.
-
52 minutes ago, AdvancedSetup said:
You can do the following from the command line @Efrain
CertUtil -hashfile <path to file> MD5
Example:
certutil -hashfile notepad.exe MD5Would that work even if the user name is always different? For example:
C:\Users\AJOHNSON\AppData\Local\Temp\FlashbackPlayer.exe
C:\Users\DSMITH\AppData\Local\Temp\FlashbackPlayer.exe
Notice the folder after C:\Users is different.
Thanks!
-
13 hours ago, AndrewPP said:
Temporary workaround whilst awaiting False Positive processing, Exploits are excluded by HASH value, not by file name.
Alternatively raise a Support Ticket
So how to I determine what the HASH value is? Thanks.
-
I keep getting the attached detection (see attached). Following is the full path: C:\Users\dalonso\AppData\Local\Temp\FlashbackPlayer.exe. The user name changes, depending on the user that's logged in.
How do I add an exclusion for this? Thanks!
-
I use Malwarebytes Nebula. How do I determine how many items have been quarantined during the past year? Thank you!
-
Hi. I already opened a case with Malwarebytes but have not gotten a response. Again, thanks for all the help!
-
Thanks for the replies thus far. We'll planning on re-installing Malwarebytes on our Exchange server tonight with the exclusions in the Microsoft article I mentioned above. However, it would be greatly appreciated if Malwarebytes provided better guidance on this. Particularly, I'd like to know:
1. Is Malwarebytes Endpoint Protection recommended and safe to run on a Windows server used for Exchange.
2. What does Malwarebytes recommend (if any) as far as exclusions, policy configurations, etc. for Exchange.
Thank you!
-
Thanks for the info! I also ran into this document but there are so many exclusions I wonder if it's even worth installing Malwarebytes.
Anti-virus software in the operating system on Exchange servers | Microsoft Docs
-
We are running Exchange 2013 on Windows Server 2012 R2. Malwarebytes Endpoint Protection was installed on the server about two months ago. Recently Microsoft pushed out KB5000871 (security update for Exchange). The update failed several times and eventually several services on the server were disabled. We had to remove Malwarebytes Endpoint Protection to get Exchange working again. Afterwards we were able to install KB5000871.
Is Malwarebytes aware of any conflict between it's software and this patch (or any other patch)? What are Malwarebytes recommendations for installing Malwarebytes on an Exchange server?
Thanks!
-
I use the Management Console to connect and install Malwarebytes on workstations and servers within my organization. However, there is one server that I cannot connect to via the Console. I have search for it by IP address to push the client but it cannot be found. The only difference with this server is that it's located in a DMZ. We have opened up ports 443 and 18457 (I think TCP) but that doesn't helps. Is there anything else I should be doing? Thanks.
-
On the Management Console I have configured a policy for the clients to download signature updates from the Management Server (see photo). I have pushed out the new policy to the clients and according to the Management Console the clients have the new policy. However, my clients do NOT update from the Management Console. Instead they update from the Internet. How can be this fixed? Thank you!
FlashbackPlayer
in File Detections
Posted
Windows 10.
I don't believe it's flash. These are actual videos stored on a server. The officers log into a website, browse for the video then click on a thumbnail to see the video. They never see this app. Somewhere in the process a Java script runs and the player is installed for them (if not already installed) then the video starts to play within the browser (Edge or Chrome).