Jump to content

v836

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yet others are equally adamant that these are false positives, affecting wimgtool.exe and wimgtool-os9.exe etc. https://github.com/VCCE/VCC/releases The source appears to be commercial software http://www.cococommunity.net/product/rainbow-ide/ and the author is well identified and is on linkedin. While it may be that it's a trojan, on balance it's more likely that this small handful of antivirus companies has made a wrong identification. The links you pointed to do not actually contain any useful information justifying the positive identification. Adding to that nobody seems to have had issues stemming from use of the single binary in question.
  2. It appears this may be a false positive: hxxps://www.colorcomputerarchive.com colorcomputerarchivecom_blocked.txt
  3. Thanks, that's interesting about the MS blacklist capability I'd assumed the CA would need to revoke. As I understand it the root certificate allows malwarebytes or anyone that infiltrates malwarebytes to MITM all your encrypted communications, which makes it relatively attractive to target that one thing (injecting something malicious into the malwarebytes product) in order to spy on all traffic for every customer of Malwarebytes. You'd think that if it was really that trustworthy, that they could have convinced MS to add them to the list of trusted root certs. MITM through voluntarily allowed root certs is absolutely routine (almost every company, school, etc. does this for deep inspection of SSL traffic) but also not something I want on my own network when it's someone else holding the keys to the castle.
  4. Maybe I missed it but it looked self-signed by Malwarebytes.
  5. Thanks, looks like Malwarebytes does remove the cert when I disable Web Protection. It's unfortunate that it would be necessary to install such a powerful certificate for this functionality, it really needs to be for ALL purposes? How would we ever detect if Malwarebytes was itself infected and an exploit was able to use this cert?
  6. Malwarebytes appears to install a root certificate for all purposes in windows. The certificate is "Malwarebytes Web Protection" and isn't on Microsoft's trusted list. It's good through 2060(!), and when I reboot it reenables it for all purposes if I edit properties to disable for all purposes. Anyone know why Malwarebytes is doing this?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.