ottchris

I use a little application called zmover which I have had installed for at least a decade. It checks basta.com for updates every seven days. It was blocked a few minuted ago. Begin Quote. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/1/20 Protection Event Time: 7:05 PM Log File: 9f7f879a-5bef-11ea-8652-00ff21366bd3.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.20076 License: Premium -System Information- OS: XXXXXXXXXXXXX CPU: x64 File System: NTFS User: System

Much appreciated.

Many Thanks LiquidTension. Don't think reducing "Advanced Memory Protection" (see quoted workarounds in your reply and my first post) is a sensible idea. I need Copernic at the moment so I shall have to leave Chrome uninstalled until the permanent fix is implemented. So far, the only impact on Firefox appears minimal and avoidable, whereas just running a bare-boned freshly downloaded and installed copy of Chrome triggered the exploit detection. Chris

For the record: 1. I raised the above topic in "Malwarebytes for Windows Support Forum" because the topic I was quoting was from that forum, not this one. 2. It would have been polite to have left a pointer in " Malwarebytes for Windows Support Forum" to let me know it had been moved! Chris

To 'cut to the chase', in topic "[ RESOLVED ] How do I get rid of this Malware.Exploit.Agent.Generic, , Blocked, [0], [39", https://forums.malwarebytes.com/topic/253258-resolved-how-do-i-get-rid-of-this-malwareexploitagentgeneric-blocked-0-39/, the 'workaround is as follows: My question is, has the permanent solution been implemented yet? I'm on Malwarebytes Premium v 4.0.4.49, update package 1.0.17804, component package 1.0.785. Background. I ran into this issue the for the first time on the 22nd November 2019: Unfortunately, although I did check Malwarebytes Forum

Much appreciated. Will see if I can spot the trigger when the issue next occurs.

To muddy the water, for the last few days, I have seen some occasions of ESET (not AVAST) services running at 25% CPU seemingly forever, until I quit Malwarebytes that is. Restart MB and all back to normal again. Just got around to checking here so haven't tried disabling MB web protection or any other workaround apart from quitting/restarting MB. Only offering this as an observation for the moment, i.e. not expecting any assistance as haven't uploaded any logs etc.

About every 15 minutes or so MBAMService.exe sends a couple of MB to an Amazon AWS address e.g ec2-54-69-202-72.us-west-2.compute.amazonaws.com:443. The address varies. I'll try to organise a cumulative log but I don't have an appropriate tool to hand; once upon a time you could access detailed user-friendly logs but everything is dumbed down these days! Assuming this is the same issue, prior to the issue that is the subject of this topic, I had been able to correlate the transmissions with MBAMService log entries reporting re-transmitting whitelisted 'ransomware'. Since the 'multiple error no

Great! While I'm here and this should really be under a separate topic but the evidence should be in the same logs you already have. I've recently noticed periodic outgoing transmit activity associated with MBAMservice.exe. The logs appear to suggest Malwarebytes ransomware component while detecting items that have been whitelisted (by Malwarebytes, not the user) still sends copies back to your servers. In my case, this means the same two whitelisted executables are being sent to your servers multiple times every day. It's an issue because I keep seeing significant transmit activity when ther

X drive is Boxcryptor (. Not familiar with bitlocker apart from the name. I assume it's a product rather than an encryption standard. Boxcryptor Technical Overview https://www.boxcryptor.com/en/technical-overview/

Logs sent via message.

Malwarebytes Version information ================================== "controllers_version" : "1.0.421", "db_version" : "2018.08.21.06", "dbcls_pkg_version" : "1.0.6441", "installer_version" : "3.5.1", I was about to gather information in order to query what appear to be repetitive uploads of whitelisted false positive ransomware (the subject of a future topic) when I discovered the following error messages have been filling the log files. Here is a sample: Begin Quote. 08/21/18 " 14:56:03.144" 7592989 121c 17cc ERROR MBAMProtection Build

Both now scanned negative. Slightly odd as all the version numbers (Components, Update Package etc) are unchanged between the latest scan and the original "Ransomware blocked" report (timestamped 1:07 am). Anyway, many thanks again for the super fast response. Best Regards, Chris PS. It occurs to me that the whitelisting may have been the outcome of the automatic 'post-detection' upload I observed. If that is the case it begs the question of how the whitelisting mechanism is updated?

Thanks for the very quick response. I made a judgement call (as one of the applications is borderline critical) to reboot a basic system, restore the items from quarantine and then temporarily close MB while I posted the report here. I will now run MB, make sure it is up to date, scan the files and report back. Best Regards, Chris

Two unrelated executables (and two associated registry entries) suddenly quarantined in the early hours of this morning. As far as I am aware neither has recently been modified and bth are run every day. Here is the report: -Log Details- Protection Event Date: 7/21/18 Protection Event Time: 1:07 AM Log File: 00bd97f0-8c7a-11e8-919e-00ff21366bd3.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.5993 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System