Jump to content

knguyen1

Staff
  • Posts

    70
  • Joined

  • Last visited

Reputation

5 Neutral

About knguyen1

Contact Methods

  • Website URL
    https://www.malwarebytes.com

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. No problem, thank you for confirming @joocetil
  2. Thanks for letting me know. Have a good weekend!
  3. Hi @joocetil This should be resolved now. The number on your dashboard for suspicious activity should be properly reflected. Please let us know if you need anything else. Thank you,
  4. Hi @joocetil I've reached out to my engineering team to fix this for you. Appreciate the patience! Thank you,
  5. Hi @zgerber08 Thank you for contacting Malwarebytes Business Support. The Office 365 issue is actually unrelated to the Protection Service Version update 4.3.2.106 that released on 3/25. The issue was occurring before that update and appears to be related to Engine Versions instead. We have pushed out a couple hotfixes as of yesterday, so as long as your machines are on Engine Version 1.2.0.860, then the hotfix should be applied while we continue to investigate the issue further. If you need to bypass the metered download and installs of these updates, you can select the machines and go to Actions -> Check for Software Updates. Otherwise, it should be happening automatically shortly. Did you have any instances of this particular issue? Or were you just taking precautions to updating? I checked your account and pretty much all but ~20 machines have updated to the latest engine version. About ~10 of those haven't been seen in the last day and the hotfix did just release yesterday, so it should be automatically installing on those machines shortly as they continue to communicate with our servers. Thank you!
  6. Hi @mlonabaugh Thank you for confirming, you have a great weekend as well!
  7. Hi @mlonabaugh, Thank you for reporting this issue to me. I have reached out to my team to get this fixed on the back end. I'll follow up with you when it is resolved. Apologies for the inconvenience! Thank you,
  8. Hi @leobando Thank you for the logs. I've confirmed that all 3 detections were false positives. Since no action was taken or no file was quarantined, you don't need to do anything else. You shouldn't be seeing these detections anymore. Thank you,
  9. Hi @nestrada and @leobando, My research team confirmed that C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 12.0.0.1039\AppleMobileDeviceSupport64.msi was a false positive that is already resolved. You should be able to restore the file from quarantine and you shouldn't get anymore detections on it Now I'm just waiting on logs from @leobando to confirm if C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1.nupkg was also a false positive.
  10. Hi @nestrada I also sent you an e-mail with instructions to get us logs and where to upload them. Please check your e-mail and reply there when it's been done. It looks like you have a machine with the same detection C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 12.0.0.1039\AppleMobileDeviceSupport64.msi Thank you,
  11. Hello @leobando Please follow these instructions on the endpoint that had the detection to gather logs - https://support.malwarebytes.com/hc/en-us/articles/360039023853 I'm also opening a ticket for you and sending you an e-mail with these instructions and a link where you can provide us with the logs. It appears that based off of this, csc.exe is a false positive - https://forums.malwarebytes.com/topic/267280-false-positive-cscexe-visual-studio/ I can get verification on the other items with the logs. Please check your e-mail for log upload instructions.
  12. Hello @RamuduV Above the process graph you'll see it says "This activity triggered x rules accross x items. Show Details". Click on that, and then you can click on the colored text below. It gives a little more insight as to why these were detected. Severity is low and in your instance, it looks like the cmd.exe detection is because you run a script to kill tasks. With powershell, a command to clear cache is being run. They appear suspicious to us but you can disregard these detections. Please let us know if you have more questions. Thank you,
  13. Hello @REGITDept Thank you for opening up a forum post. If threat scans are failing immediately, that is usually indicative of the scanning module not being ready, possibly because of a pending update that requires reboots to finish. I can see in your portal that the machine does still say Reboot Required in order to finish Malwarebytes Installation. These issues are typically on a machine by machine basis though so it is difficult to pinpoint these right off the bat. I do see that you ran a restart command on the machine which succeeded before trying the scan, but the restart required icon is still there. You may need to try another reboot. I was already able to grab logs from this machine and do see a potential issue. Please first try another reboot and if that doesn't work, then please uninstall the Malwarebytes Endpoint Agent through control panel. Then follow the instructions on this page to use our support tool and clean our the Malwarebytes directories - https://support.malwarebytes.com/hc/en-us/articles/360038524734 Afterwards, please go back to cloud.malwarebytes.com -> Downloads -> MSI Endpoint Agent Installer. Download and install that. I just updated the version in your portal so this installer will be slightly different than the one you installed with previously, which should hopefully help the product get installed properly. As Porthos mentioned, you do have a business support line you can use. You can open your cloud portal -> Click on your username at the top right -> Contact us and use the most convenient phone number from there. Thank you,
  14. Glad to hear you were ale to get that sorted! Thank you,
  15. Unfortunately since I support our business/enterprise products, I can't say I've worked on troubleshooting removing our consumer product from servers. The Business Support Tool is what I wanted you to use the first time but it now may be too late since you have the consumer version installed. You can close and re-attempt the business support tool, but it's possible cmd prompt isn't doing anything because of the current status it is in. Were you able to open the icon in the system tray so that you could disable real-time protection? What is your experience when trying to use the consumer support tool again to clean it up? It just hangs and does nothing? Do you find anything in C:\Program Files, C:\Program Files (x86)\ or C:\ProgramData with Malwarebytes that can be deleted?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.