BobSoul
-
Posts
145 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by BobSoul
-
-
Appears to be still blocking in the last update 2.3.2 of the browser guard.. Kept in expections list for the time being
-
Yeah that was my thought exactly - The endpoints are working etc its just slow for the updates to come back -- and of course the main irritation is the groups reverting back after I moved and seperating them.... at least only one days moved back even though when you look at groups it says the count is correct so its probably a reporting issue or log server delay
-
I summitted a request was hoping maybe someone knew if it was a " oh we know are are working on this " Type issue.. It appears to be on the nebula side since it doesnt matter what machine or network I connect from and well not much is under my control on the user side of the portal :)
-
It appears that the entire cloud nebula interface isnt updating correctly since around 1pm eastern -- even tasks I created and know executed show as pending. I am assuming something is going on server side ... Even scheduled tasks and scans aren't updating results in scan history but show in events etc- its as if the system is not updating but still executing the task and schedules
-
Hello
I have been moving endpoints into different groups etc which was working fine ... The about an hour ago some moved all back to default group and now dont seem to be moving to other groups - I have tried on 3 different pc's. Is there something on the nebula side acting weird?
-
Thank you - and the inconvenience was no big deal - I just don't want to see others that don't understand how this works etc to have to worry -- I use Malwarebytes exclusively at home and at all my locations at work. You guys are great :)
- 1
-
I just wanted to add a few more pieces of info that maybe helpful to the research team if you go to discover.com ( works fine no block) then choose home loans - home equity ( takes you here) https://www.discover.com/home-equity-loans/?sc=HC515&ICMPGN=PUB_HNAV_LOANS_DHL then select login at the top choose my loan has been funded ( it takes you to the blocked portion of discover ) if you choose my application is in process it takes you here https://homeloans.discover.com/accountcenter/ no block the next link for the application process is https://dmimtg.com/UserLogin.aspx?Conn=T85{37843404-4237-4EC7-8451-0C682794D6D4} which doesnt get blocked its only the link for logging in to my loan is funded which takes you to https://discoverhomeloans.mtgsvc.com/Account/UserLogin?conn=085{0a6e118f-71b2-4e0f-80d6-dc28680a6e60} so from what I have gathered its got to be something with there redirects and which systems they are directing you to maybe site certs or something ... I just wanted to give a detailed view of the site and how its a legit site ( discover.com and there various services).. If you go to the main page at discover.com select login login in choose home loan it takes you to this https://discoverhomeloans.mtgsvc.com/Account/UserLogin?conn=085{0a6e118f-71b2-4e0f-80d6-dc28680a6e60} and it doesnt get blocked -- so the redirects or direct linking gets blocked.
-
Its installed in edge and working just thought it was odd edge didnt block it Ill try again and hopefully research will find something --
-
Just noticed something that may be helpful -- It seems to be specific to chrome -- Edge doesnt block it only the chrome browser guard does -- ( I did clean out cache etc and did scans etc to make sure chrome was clean )
-
Thanks - the something fishy may be on there end like I said I use this every month and logging in everything is up to snuff etc as far as the account. I did call discover and they have said they are looking into why this is being detected. Since the address etc is the same one for years and same book mark as before etc.
-
Thats what I did for now -- just a bit annoying and I do know its a vaild company Discover and that the loan does get paid etc from this site it may be something in there set up. I have emsisoft as well on another pc and it doesnt block this site. Nor does their broswer guard
-
The website is discover home loans this the company phone 1-855-295-2193
Once I click go to it browser guard says its fine after Unless its something with there site certificate and redirect - from www.discover.com/helogin in my original I accidently had HE capitialized. It is not down for me when I access it
-
I can access it and it works fine if I allow in exceptions and click go to anyways ... I have used this mortgage company ( Discover card ) for years and this is recently happening. This would be the full url once the page loads
Once again its Discover cards Home equity loans Website. Unsure why you cannot access unless its region specific
-
Not sure If post here or False Positives cause both Browser Guard Plug in and Malwarebytes Web protection as of just today think the website is a phishing site or a malware site.. It is neither since its discovers home mortgage site for paying your mortgage from discover.
discoverhomeloans.mtgsvc.com
The other way to get to the site is which directs you to the above site. I had to turn of the protection and such just to make my monthly payment and it is the same site etc I go to each month. Called Discover and they are aware this is happening.
www.discover.com/HElogin
-
I got the same - scan ran at 9am eastern got notice 10:50 Am -- So I assume we can restore the quarantined items after the fix and rerun scan
-
So I can restore if needed and carry on ? :) And just treat as a false ID etc
-
The latest Diag I uploaded should be complete - file size matches normal diag downloads from other workstations
-
I may have grabbed them off the console before they where done -- Here is a new run of the diagfiles
-
I havent restored any othe files as of yet - If you need me to let me know -
-
Attached the log filesMalwarebytes Diagnostics (1).zip
-
One machine last night came up with this positive detection. The IETABHELPER is an old chome addon. The first one not sure about but assume its part of the same package. I havent restored the c:windows\installer file as of yet, just incase, since this machine basically only does network copies of files and nothing else
Malware.AI.3495686957 File Malware Quarantined C:\WINDOWS\INSTALLER\4D9A029D.MSI Malware.AI.3495686957 File Malware Quarantined C:\USERS\ADMIN\DOWNLOADS\IETABHELPER.MSI Malware.AI.3495686957 File Malware Quarantined C:\USERS\ADMIN\DOWNLOADS\IETABHELPER (1).MSI -
-
-
OK - got the file - I scanned with Emsisoft after transferring and it says the file is clean -- and I noted that even thlough malwarebytes says its quarantining the file its still there. Do you need the logs as well ?
Have the console creating now
Possible False detection XAMPP LIBPQ.DLL (Apache php server)
in File Detections
Posted
Hello -
I am guessing the following is a false detection
Malware.AI.36671320 ModuleMalwareQuarantined C:\XAMPP\PHP\LIBPQ.DLL
Malware.AI.36671320ModuleMalwareQuarantinedC:\XAMPP\PHP\LIBPQ.DLL
Malware.AI.36671320FileMalwareQuarantinedC:\XAMPP\PHP\LIBPQ.DLL
This version of XAMPP has been installed for a year or more just last scan flagged it previous nights didnt.
Malwarebytes Diagnostics.zip