tzetter
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by tzetter
-
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
V09 still blocking pages -
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
V08 still blocking pages -
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
V07 released.still seeing blocked pages.. -
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
V05 still throwing up pop-ups constantly.... -
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
v05 just released but still seeing things blocked. -
bunch of stuff blocked all of a sudden such as all of google
tzetter replied to mbates14's topic in Website Blocking
We are still seeing issues as well with the newest update on our Corp Edition. Even access to our own systems is being impacted. -
We did the same thing after speaking with Microsoft engineers. Not a day's trouble since. They knew instantly what it was.
-
....crickets.... Awesome to see such responsiveness! The silence speaks loudly. About 900 licenses about to be thrown overboard in favor of something that doesn't break user's email. BUYER BEWARE.
-
Any idea why MB would be interfering with DNS requests to outlook.office365.com? We have quite a few users all of whom are seeing this disruption however they get no alert or warning MB is causing it. And it 100% IS MB causing it. If we turn off Malicious Website Protection they are automatically re-connected and working within 20 seconds consistently across all affected systems. The issue is the same as those reported here: https://forums.malwarebytes.org/index.php?/topic/171204-malwarebytes-stopping-outlook-2013-from-connecting-to-exchange-hosted-by-microsoft-office-365/ https://forums.malwarebytes.org/index.php?/topic/161172-issues-with-mbam/ If we remove MB completely all issues also disappear. We will likely open a ticket with MB but I'd like a public forum explanation of the role it is playing in these DNS requests and why it would even be involved with such a well-known address. TTL for outlook.office365.com is 5 min per Microsoft Support in case that matters. Strangely not all folks who have this same version suffer the issue so it's very puzzling why it's so inconsistent in terms of who it affects yet so consistent in the symptoms and resolution. (Outlook disconnected until system reboot, no access to the web Outlook client either until the reboot. Symptoms ALWAYS return to those affected).
-
False positive on Acrobat.exe
tzetter replied to fmfcd's topic in Malwarebytes Anti-Malware for Business
I posted this in the False Positive forum section just now. -
Auto Protect is detecting Acrobat.exe at launch and quarantining it as Tronjan.downloader.BD. This BREAKING pc's ALL OVER our company (AGAIN!). Log file: 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting protection 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Protection started successfully 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting IP protection 2013/11/01 06:10:04 -0400 BEDROOM (null) MESSAGE IP Protection started successfully 2013/11/01 06:47:06 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.10.31.08 to version v2013.11.01.02 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 06:47:25 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 07:56:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 07:56:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 09:11:37 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.02 to version v2013.11.01.03 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 09:11:43 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 09:11:53 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 10:04:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:04:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 10:57:09 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:57:10 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 11:45:38 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.03 to version v2013.11.01.04 2013/11/01 11:45:44 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 11:45:49 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 13:01:43 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 13:01:44 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 14:13:17 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.04 to version v2013.11.01.05 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 14:13:34 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 15:13:00 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 15:13:01 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 16:09:22 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.05 to version v2013.11.01.06 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 16:09:40 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:09:31 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.06 to version v2013.11.01.07 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 17:09:42 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:52:21 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:52:22 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 18:06:22 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE 2013/11/01 18:08:18 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE Acrobat.zip
-
False positive on Acrobat.exe
tzetter replied to fmfcd's topic in Malwarebytes Anti-Malware for Business
Same here. -
File did not attach the first time. _ISDel.zip
-
MBAM auto protect quarantined this file from this location: D:\Apps\Symantec Ghost Suite 2_5\Symantec Ghost Installer\Extras\3Com Boot Services\Install on my system. File attached.
-
File in question is attached. Artinsoft.VB6.DB.zip
-
Possible False Positive within the UPS WorldShip shipping software. File Artinsoft.VB6.DB.dll detected as a Trojan.inject Scan Log: Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.27.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ups :: SEDISTUPS [administrator] Protection: Enabled 2/27/2012 3:14:47 PM mbam-log-2012-02-27 (15-18-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP Scan options disabled: PUM | P2P Objects scanned: 199194 Time elapsed: 3 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\UPS\WSTD\Artinsoft.VB6.DB.dll (Trojan.Inject) -> No action taken. [5c54e27ab6a6b97d732feca39e622cd4] Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\UPS\WSTD\Artinsoft.VB6.DB.dll (Trojan.Inject) -> No action taken. [5c54e27ab6a6b97d732feca39e622cd4] (end)
-
False Posiitve: KeyHook.dll (Backdoor.Bredavi)
tzetter replied to tzetter's topic in File Detections
Attached is the actual file as well. KeyHook.zip -
Detecting the file c:\program files (x86)\jmesoft\KeyHook.dll as a threat(Backdoor.Bredavi)as of tonight. Software came pre-loaded on a Lenovo desktop and no updates or additions have been made to the system since unboxing it. It has been up and running for a couple of months now without incident. mbam-log-2011-11-28 (19-59-01).zip
-
Fujitsu ScanSnap software false positives
tzetter replied to Bastionpoint Technology's topic in File Detections
We are seeing detections for this same issue in my company on all PC's connected to ScanSnap scanners as of today as well. -
Malwarebytes registered version is blocking IP# 74.55.131.50 www.georgiayoungfarmers.org. I need help determining if this is a legit blocking or a false positive. Thanks Travis
-
PM Sent! Thanks! Having the same issue here. Tough trying to spend money when no one wants to take it!