Bastionpoint Technology
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Bastionpoint Technology
-
-
We are seeing this too. It is affecting about 200 of our endpoints and we have been unsuccessful in pushing a new policy to our endpoints via the MBAM console to affect that change. We are having to manually touch each computer to work around this issue. We have 20+ man hours into dealing with this so far. I'm attempting to escalate this issue with support.
-
We had Anti-Exploit block it today. Version 1.09.2.1384.
5/16/2017 12:35:10 Exploit payload process blocked BLOCKC:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe \C copy \Y C:\ProgramData\HP\HP ENVY 5540 series\HPUDC\TH6AL2T0G70671_USB\UDC_device.json C:\ProgramData\HP\HP ENVY 5540 series\HPUDC\TH6AL2T0G70671_USB\UDC_device_2.json
-
Hi. We are seeing MBAM 1.8 with definitions v2016.01.27.01 - v2016.01.27.04 detecting C:\ProgramData\Labtech and subfolders and files as PUP.Optional.Linkury. I'm not uploading individual files because it appears to be triggered by the existence folder.
Thanks!
-
Ditto here. I've scanned my PC with multiple scanners and it is clean. Appears to be a bug in the latest update.
Database version: v2014.01.15.07
2014/01/15 11:35:07 -0500 TEMP-PC temp MESSAGE Executing scheduled update: Hourly | Silent
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Scheduled update executed successfully: database updated from version v2014.01.15.06 to version v2014.01.15.07
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Starting database refresh
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Stopping IP protection
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE IP Protection stopped successfully
2014/01/15 11:35:14 -0500 TEMP-PC temp MESSAGE Database refreshed successfully
2014/01/15 11:35:14 -0500 TEMP-PC temp MESSAGE Starting IP protection
2014/01/15 11:35:16 -0500 TEMP-PC temp MESSAGE IP Protection started successfully
2014/01/15 11:36:02 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:02 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:42 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137) -
As of midnight, the fix tool fixed a 2008 R2 Remote Desktop Server that restoring "All" from the MBAM GUI did not. The symptom was that I could not login to the server in normal mode until running the fix tool.
Thanks for addressing the problem so fast, but I'm not looking forward to tomorrow morning with the Pro version installed on 200 machines.
-
Malwarebytes 1.7 corporate, Windows 7 and Windows 2008 R2 virtual machines on Microsoft Hyper-V platform
We are seeing latency caused by the website blocking module, which is to be expected to a degree, but it seems to be pronounced on virtualized machines running under Microsoft Hyper-V 2.0 and 3.0.
On a physical machine, we have seen pings go from 1 ms to 3 ms, but on a virtualized machine we are seeing an increase from 1 ms to 10 ms for a workstation used by a single user.
-
I had a false positive on the Java Updater this morning. Scan log attached.
-
MBAM quarantined pfussmon.exe which is the Fujitsu "ScanSnap Manager" TSR that monitors the scanner for a button press and launches the scanning software. Running a scan in developer mode also found two instances of chksti.dll, which had not been quarantined (yet?). After looking at the file details, chksti.dll appears to be legit, and also part of the ScanSnap software.
Anti Exploit Flagging Office 365 Programs
in Malwarebytes Anti-Exploit for Business
Posted
The fix that Rbuck117 posted appears to be the official fix. Support reported back to us that the issue was resolved, but no details on what that resolution/fix was. On the new installs of Anti-Exploit that we have done, the Memory patch hijack protection setting for Microsoft Office is unchecked by default. So we have disabled that setting in our MBAM Console. Our issue with applying the policy to our endpoints via the MBAM Console appears to have been us making too many policy changes in a short period of time.