Jump to content

elcolin85

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by elcolin85

  1. Thanks. That sorta helped, sorta didn't lol it's OK. I'll fumble my way through :)
  2. OK thank you for the correction. Hopefully, it gets more visibility there.
  3. Good question... It's Malwarebytes Nebula... I access the Admin console via cloud.malwarebytes.com Do I need to be looking for a product version or name that's more specific? Sorry and thanks for your help in advance!
  4. FWIW, one of the Default Policy scan/alerts Quarantined two reg edits, it looks like on one of the machines: HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION Now I'm going down a rabbit hole reading information upon Googling for: "HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION" HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION
  5. I should add that I did click into the "see more details" part of the notifications, but it's not telling me much more information specifically on our MWbytes admin console center.
  6. Hey all! New to this forum. Hopefully I'm in the right place to ask these questions and also browse and learn from other posts here. I'm the new IT Admin for my company (I'm the entire IT department lol). Never worked with Malwarebytes before, but it's what we use here for all the protection it's intended to offer. It's a small company with 20-30 employees maybe, so not too many devices with Malwarebytes. Obviously all endpoint machines have them, and the necessary servers. I haven't checked to see what rules or policies were in place by the prior IT guy with regard to what would trigger a "detect"... outside of whatever default rules or policies Malwarebytes does "out of the box" in a stock configuration. But AFAIK, we don't restrict much here. Like, employees aren't restricted when it comes to web browsing, for example. Today, I got a few email alerts/notifications of these Detections Found thingys.... trying to make sense of it, and hope someone can help or point me in the right direction. First, I got about 5 total separate alerts total on their respective machines. Most of them came in with the "Policy Name" in the alert as: Default Policy. There was one that came in with a more specific Policy Name: Unrestricted Web Browsing. All the Googling in the world hasn't helped me narrow down either of these. Second, how "serious" of an alert are these? In the name of cybersecurity lol. Just wonder where they're at in terms of, "holy crap good thing that got caught" to, "yeah no big deal, those come in all the time". So as far as the details are concerned, I can pretty easily figure out what machines and who they belong to. I understand the alerts tell me the date/time, machine name/ID, IP address(es) etc. But the Policy ID and Policy Name have me lost. What's triggering these alerts, outside of the obvious "You're being alerted because that's how you have your MWbytes rules configured"? I probably could care less about the Default Policy notifications, but the Unrestricted Web Browsing one has me at least curious. What gives? Any help is greatly appreciated! Here's one of the Default Policy ones followed up with one of the Unrestricted Web Browsing ones:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.