Ralph_Edington

Hey I see my Nebula console is now showing: "Malwarebytes is investigating reports of some customers encountering a false-positive for detection Malware.AI.4263214107 with file C:\Program Files\Malwarebytes Endpoint Agent\Microsoft.Win32.TaskScheduler.dll. If you are affected, please restore this file from quarantine immediately. For additional details and instructions, please see this article or contact support for assistance." However, on the laptop of ours that had this problem, restore from quarantine DID NOT WORK, I had to remove and reinstall the whole client, so I think your guidance above is wrong? Hope that helps,

Thank you for reaching out. No more AI detections this morning since the ones I already posted. Thank you for fixing that, I will be sure to let you know if I see any more :) Cheers, Ralph Edington

Oh and while you're at it, could you please add a one-step action for "Add Exclusion AND Unquarantine" ??? Right now the process of adding an exclusion and unquarantining is extremely cumbersome. Thanks, Me

OK, this is crazy, now Malwarebytes AI module is quarantining its own programs. See below. And quarantining on old version of Windows' own CMD.EXE ???? Really!?!?!?! Please for the love of everything, would you give us a chance to REPORT ONLY on "AI Detections" rather than stripping needed, legitimate programs from our computers without asking???????? I am so, SO tired of dealing with this nonsense. Thank you, Me (once again)

Thanks. Actually I see from the timestamps that that quarantine was actually in the wee hours, before I set up quarantine. I was confused because the email about the quarantine for the PC came in two hours after I set up the exclusion. What I would love to see: (1) Better control over whether "AI" category stuff is handled drastically, or only Warned on. (2) A button I can click on each thing quarantined, which says "Restore from Quarantine and Add Exclusion for this incident?" -- all in one click. Then I almost couldn't complain about false quarantines. Right now it's a major pain. For instance -- that PC in my post, I've been trying to "Restore from Quarantine" for hours but it's still showing in the console as quarantined. what's up with that??? Thanks, R

Oh and by the way, the registry setting that just got quarantined was ALSO already on my exclusions list. HELP PLEASE, MAKE IT STOP

OK, this is just too much. This AI module is continuing to quarantine files, even though have have clearly set up a directory exclusion. Here's what JUST got quarantined: Here's the exclusion I set up two hours ago: Not sure about the registry setting, but there's no way that file under C:\SPEA\ should have been quarantined, when I have an exclusion now... Right???? HELP PLEASE, MAKE IT STOP R

Once again, the "AI" protection subsystem went on a rampage on my network, deleting files and registry keys that it had no business deleting. At most, these should have been flagged as a "suspicious" but not deleted. ALL of these detections -- REMOVALS, actually -- are known good programs, needed programs, that have been there forever. Now I have to spend the morning restoring and creating exclusions, which the Nebula console does not make easy. Please, AI subsystem, could you PLEASE stop attacking my computers and deleting files that you suspect might be bad?????? This is just OUT OF CONTROL. We really, REALLY need a way to disable this "AI" nonsense. Here are the detections: Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.856630452 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.856630452 Malware.AI.856630452 Malware.AI.856630452 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.4180017738 Malware.AI.2701700371 Signed, Sick of this!!!!

AUGH!!!!!!!!!! MORE FALSE POSITIVES JUST TODAY!!!!!!!!!!!! This is stuff for standard Zebra label printer software and drivers. WHAT THE HECK!?!?!?! THIS MUST STOP!!!!!!!!!!! PLEASE!!!!!!!!!!!!!!!!!!!!!!!! YOU ARE BREAKING OUR COMPANY!!!!!!!!!!!!!!!!

HELP!!!!! I need a way to disable the "Malware.AI" category of detections and/or quarantines. I can get up to a dozen false-positive "Malware.AI" detections/quarantines that I have to go (a) Unquarantine; and (b) Create an exclusion for. (Side note: Please, when I am un-quarantining something, can you PLEASE ask me if I want to create an exclusion at the same time????) These "Malware.AI" detections are catching things, that in many cases, are fairly well-known Microsoft or Windows components (see below or attached for an AI quarantine of a Microsoft Silverlight component). Or they are just simply quarantining things because they don't recognize it, which is unacceptable. We are a software testing house, among other things, and we use A LOT of programs that are "rare" and that keep getting captured by "Malware.AI" simply because they are not recognized as safe. I am getting so tired of this multi-step process to unquarantine and exclude things that should have never been "detected" in the first place. I have to stay on top of this CONSTANTLY or it could wind up crippling a key component of our business. So I repeat: HELP!!!! How can I disable "Malware.AI" quarantines? Can't I configure it to just WARN on "Malware.AI" detections but never quarantine? Something -- please give me something, it's driving me crazy! Thanks, Ralph

Just upgraded to Endpoint Detection and Response, using Nebula platform. Love it a lot, great work guys. Have some concerns about 2-factor authentication -- I'm leery of using an app on a phone, I never heard of those 2FA apps, also I need to make sure my IT cover person can also log in using the same email address. Why not just use standard send-a-code-to-phone-or-email 2FA? Can we please add this? Another great option would be, in lieu of setting up 2FA at all, have an email Event Notification for LOGINs.... That way if I got a notification someone logged onto the Nebula console and it wasn't me, I could jump on and at least change the password? How is it, that this Notification is missing in a product that is otherwise incredibly well thought out? Thanks, Ralph