Jump to content

Ninehundred

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. We've been using the dependency checker depends.exe (from the site https://dependencywalker.com/) for years. Today, Malwarebytes identified it as a potential thread - Malware.AI.4131440719. I believe this is a false positive. Here's the report from the scan Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/27/21 Scan Time: 12:22 PM Log File: 9e46d420-8f18-11eb-9808-00fff5cf9eb8.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38785 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 650438 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 15 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4131440719, C:\USERS\JIMC\DESKTOP\APPS\INFREQUENT\DEPENDS.EXE, No Action By User, 1000000, 0, 1.0.38785, 2700027185ACAEB7F640C84F, dds, 01175774, FC9015FC4596D90BFE0547AB96CB21B3, 57C483DC985A9757501993E969C2A7043C26517F97FD49A42B33D2D6A4193D8B Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  2. I appreciate you taking the time to reply, but I'm afraid this answer will not do. We've looked over the materials you referenced and even read the entire chapter on Endpoint Protection, pages 18 - 24. Those settings address controlling applications that run and perform actions. A File Server does not RUN programs. It stores files. I can't see how 'behavior-based' protection can be applied to a File Server which acts as a repository of files. Most of the files on a File Server are data. There are virtually no executables. My reading of Malwarebytes materials suggests it focuses it's attention on executable analysis and does not concern itself with data files. I could be wrong, but I assume it will not attempt to scan Word or Excel files for malware in the form of scripts and macros?
  3. We've been long-time users of Malwarebytes. Our typical usage has been to deploy to desktops and laptops. This past weekend we purchased another license and deployed it onto a corporate File Server. This morning during a staff meeting the question was raised about whether or not the product is suitable for use on a File Server? Can someone confirm or deny this use case? If it is deemed appropriate to protect a File Server, we'd appreciate a reference to the technical materials that describe the benefits. We've been reading various blogs an articles on the Malwarebytes website, and it seems they are distinguishing anti-virus and anti-malware. That anti-virus is signature-based, whereas anti-malware is behavior-based. But we cannot find details about what specific behaviors the software watches for and catches. This makes it challenging to evaluate whether or not it is suitable to protect a File Server. The Malwarebytes description of the differences between anti-virus and anti-malware is also somewhat confusing. If Malwarebytes is strictly behavior-based, why does it perform a whole disk scan? Wouldn't scanning files at rest imply it is signature-based as well? The deeper we dig into this topic, the more questions we seem to uncover. Most of them revolve around a more precise explanation of exactly what Malwarebytes is doing. What is it looking for, and what is it protecting against? I understand there is a reluctance to reveal too much information for fear of arming the criminals and protecting Malwarebytes' corporate advantage, but without more technical details I can't see how a system administrator can evaluate the product use cases.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.