Jump to content

jkstark

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you! It seems strange that a certificate would make the difference between a reboot or not, but I suppose that is the way it goes. I saw it on at least three different machines, but have not heard more yet, so hopefully that was it. TNX Kris
  2. Just had another user complain about the same thing, though in their case they tell me that the machine rebooted 3 times in a row. The last one that I saw in their Event viewer indicated that it was once again caused by the MBAM updater, though i was unable to spend the time to search for any other occurrences in the logs. However, it appeared that in each case the machine went through a reboot and a log in, and once the interface was fully initialized, the reboot cycle began...
  3. Not entirely sure what this will help with, but here is the file you asked for. For reference, the restart was initiated at 22:53:51 on 4/20... mbst-grab-results.zip
  4. So - after reading some previous messages about forced restarts, and how much they are hated (for good reason) I was hoping that somebody had finally fixed the issue... Unfortunately, the reason I found the topic was that not only is it not apparently fixed, but it has become even more insidious.... I was in the middle of working on my machine when without any warning the Windows "Rebooting" screen came up - not a BSOD, not a prompt to restart - nothing but a rebooting message before the machine shut down and restarted. Again - I was *actively* working on the machine! After the boot, had to go to the even viewer to figure out what might have caused the restart, to find this: The process C:\WINDOWS\TEMP\D23D50~1\MBSetup-119603.119603-4.5.8.191.exe (PETSAMO) has initiated the restart of computer PETSAMO on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found Reason Code: 0x40002 Shutdown Type: restart Comment: Looking at some earlier logged events, this was clearly MBAM that did it, as can further be implied from the actual message too, since I am running 4.5.8... THIS CAN NOT ***EVER*** be allowed!!! I was not aware of any update happening, never gave any consent to a restart, and lost work. Simply stated, NOT ACCEPTABLE I cannot even express in words how angry this makes me, and how it is completely insane, insensitive, uncaring this is. WHY IS THIS AT ALL POSSIBLE????????? Kris
  5. jkstark

    FP site block

    This was listed as a reputation block - what triggered that, I don't know. It is also one of those cases where Sucuri is not always a very good system for verification - they list a whole lot of errors when they receive a 403 response, which is caused by the WAF blocking the direct request that they are running... Oh well...
  6. jkstark

    FP site block

    OK - I get that. However, this is a site that has had 12,000 visits a month on average, with a high of over 70,000. The site has been there for 14 years, though there have been both host changes over the years as well as backend software changes. Seems suspect that it would be considered ligthy-accessed, or new. No idea what the "niche" status would be either... (BTW - radio propagation? Specific bands for general or personal use?) tnx - Kris
  7. jkstark

    FP site block

    This is strange... Browser Guard is blocking https://www.silknaturals.com while MB Premium which is also monitoring traffic does not block. Nothing shows up with Virustotal either... It gets truly frustrating that sites get blocked without any clear indication as to why, and no place to verify what is the cause of the block. As such, there is no way to independently verify if it is safe to bypass the block, or if there should be one there at all. The complete and utter randomness of when and how this happens is truly frustrating - in the time I have used the products, I think it may have blocked 1 malicious site, but probably about 15 false positives. What is going on? What is your criteria for inclusion, and how do you retest and validate the real-time validity of your blocklists? Frustratingly, I suspect that I'll get nothing more than a one-liner response to this one as well - I've tried to get answers similar to this several times now, and every time it gets buried under the rug as if there is no reason for you to burden your paying customers with any information about the validity of the product. I will certainly keep at least one subscription alive at all times only so as to be able to find the blocks when other clients/customers/users ask me why they can't get in to sites here and there, but for our own organization, I am really having to rethink the business case of continuing to purchase subscriptions for our own machines, and rethink my recommending the product for others without some indication of responsibility and transparency...
  8. OK - so the file is on their site... I still question the logic of blocking the entire domain for a single file... Note that I have no affiliation with the site other than trying to go there and get information on a product that I have... Kris
  9. A single file on the domain? Or is that even on that domain? I see where it is referring to a keygen, but I have no idea where that is found - VT does not show the origin site. Even then, I have to question the idea of blocking an entire domain unless the site is a source of a drive-by download, or is comprised mainly of malicious content. For a single file to be the cause of a block seems a tad bit excessive if it requires knowledge of where the file is specifically... This seems like the kind of a situation where informing the domain owner would be ideal to resolving, since it is a hardware manufacturer's site, and the particular domain is a redirect primarily - thus indicating a domain that probably does not always have a whole lot of attention paid to it since there should be nothing directly accessible there - or so it seems from a first glance...
  10. Yet another apparent FP - tecknetonline.com Virustotal: https://www.virustotal.com/gui/url/0cbe5aa2d1e244568479e2e175397db66f984e6aee4cb17927af3de1e26253d3/detection Seems to me that "Riskware" should not block an entire domain even if there is some there - it should block the actual program that is shown to be problematic... This seems like a bit of an overreach... Kris Seem
  11. It appears that Untroubled.org as a whole is being blocked; Virustotal comes up clean on the site: This is a page: https://www.virustotal.com/gui/url/c17885174580a1fd407c1d0523d667d1426e279f5c11341b468f168d0172d6c4/detection And the root of the site: https://www.virustotal.com/gui/url/7afd0a370aa9e98e70d3d5536a3b7c701e9f9cfeed12016b91f52ed350a866d5/detection
  12. Sorry - but this one did not clear with the whitelisting either... Still showing up as blocked in both the app and the browser extension, just as the Cox site is..
  13. https://www.virustotal.com/gui/url/586634761d0c1cd3714d9bddb4cf4e34b86482b801086e706eaddbc35a726112/detection
  14. I can't find any reason for this to be blocked - can you verify please and indicate what kind of riskware is this referencing, or if none, why is the FP there... covid-19supplies.net TNX Kris
  15. Whitelisted? This is 5 hours after your whitelisting:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.