Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About knguyen1

  • Rank

Contact Methods

  • Website URL

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi @leobando Thank you for the logs. I've confirmed that all 3 detections were false positives. Since no action was taken or no file was quarantined, you don't need to do anything else. You shouldn't be seeing these detections anymore. Thank you,
  2. Hi @nestrada and @leobando, My research team confirmed that C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support\AppleMobileDeviceSupport64.msi was a false positive that is already resolved. You should be able to restore the file from quarantine and you shouldn't get anymore detections on it Now I'm just waiting on logs from @leobando to confirm if C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1.nupkg was also a false positive.
  3. Hi @nestrada I also sent you an e-mail with instructions to get us logs and where to upload them. Please check your e-mail and reply there when it's been done. It looks like you have a machine with the same detection C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support\AppleMobileDeviceSupport64.msi Thank you,
  4. Hello @leobando Please follow these instructions on the endpoint that had the detection to gather logs - https://support.malwarebytes.com/hc/en-us/articles/360039023853 I'm also opening a ticket for you and sending you an e-mail with these instructions and a link where you can provide us with the logs. It appears that based off of this, csc.exe is a false positive - https://forums.malwarebytes.com/topic/267280-false-positive-cscexe-visual-studio/ I can get verification on the other items with the logs. Please check your e-mail for log upload instructions.
  5. Hello @RamuduV Above the process graph you'll see it says "This activity triggered x rules accross x items. Show Details". Click on that, and then you can click on the colored text below. It gives a little more insight as to why these were detected. Severity is low and in your instance, it looks like the cmd.exe detection is because you run a script to kill tasks. With powershell, a command to clear cache is being run. They appear suspicious to us but you can disregard these detections. Please let us know if you have more questions. Thank you,
  6. Hello @REGITDept Thank you for opening up a forum post. If threat scans are failing immediately, that is usually indicative of the scanning module not being ready, possibly because of a pending update that requires reboots to finish. I can see in your portal that the machine does still say Reboot Required in order to finish Malwarebytes Installation. These issues are typically on a machine by machine basis though so it is difficult to pinpoint these right off the bat. I do see that you ran a restart command on the machine which succeeded before trying the scan, but the restart requir
  7. Glad to hear you were ale to get that sorted! Thank you,
  8. Unfortunately since I support our business/enterprise products, I can't say I've worked on troubleshooting removing our consumer product from servers. The Business Support Tool is what I wanted you to use the first time but it now may be too late since you have the consumer version installed. You can close and re-attempt the business support tool, but it's possible cmd prompt isn't doing anything because of the current status it is in. Were you able to open the icon in the system tray so that you could disable real-time protection? What is your experience when trying to use the consumer s
  9. Hi @IMRAN It sounds like you may have stumbled across the support tool for our consumer build, which does offer you to reinstall Malwarebytes, but our consumer product. The consumer product is not supported on Servers, so you may need to get your server into Safe Mode if that will help you uninstall Malwarebytes. If you are able to double click on the Malwarebytes icon in the system tray, you may also be able to disable any of the real-time protection layers from there to let you have control back of your machine. The support tool I provided above is to be used with cmd prompt and do
  10. Hi @IMRAN As Porthos said, pretty much the only two things we can try now are either reboot, or uninstall and reinstall after making sure that the Installation Package does have the checkbox checked for installing Anti-Malware. If it does have the checkbox checked, then the installation of Anti-Malware might not be happening properly because the previous installation may be stuck. You may have to use this support tool to clean it up, which we also suggest you do a reboot for - https://support.malwarebytes.com/hc/en-us/articles/360038524734 Thank you,
  11. Hi @Wilcox Can you open a new forum post or open a ticket here? https://support.malwarebytes.com/hc/en-us/requests/new The installer being refreshed is a different issue and an issue like yours may require additional time to research as well as some logs. You can also log into cloud.malwarebytes.com -> Click your username at the top right -> Contact Us and use the appropriate phone number to give us a call. Thank you,
  12. Hi @AlexLeadingEdge Without reinstalling, this is the way to move machines from Nebula to OneView. https://support.malwarebytes.com/hc/en-us/articles/360039018233-Move-an-endpoint-between-Nebula-accounts-or-OneView-sites Hope that helps! Thank you,
  13. Hello @LGM Thank you for contacting Malwarebytes Business Support. The only supported web browser for cloud.malwarebytes.com is Chrome. Thank you,
  14. Hello @AGrima For me at least, I'm on Windows 10 Build 1909 and my Nebula setting is set to default. It should register with Windows Security Center and Windows Defender typically automatically disables itself when another AV is detected. Though I'm not too familiar with what Windows may be changing on their end between 1909 and 2004, but I can confirm on my system is still works the way it has been. You can go to iptest.malwarebytes.com as a test to ensure Malwarebytes is protecting the machine. Unfortunately in Nebula we don't have much we can change other than that Windows Action
  15. Hi LGM, That just means that Malwarebytes shouldn't need to be modified for servers of that role. You can keep all layers of real-time protection enabled for those types of roles. Malwarebytes should be fully deployed within your environment if you wish to be protected, as one unprotected endpoint could be the entry point that attackers use to get in. Thank you,
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.