Jump to content

cutting_edgetech

Members
  • Content Count

    93
  • Joined

  • Last visited

About cutting_edgetech

  • Rank
    Regular Member
  • Birthday June 10

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thank you for the response. I will switch back to MBAE from Malwarebytes Antimalware soon to see if I have any issues with the latest build.
  2. Another powershell script that runs in the background on many Windows 10 installations is used to disable Legacy versions of SMB. You can see this script captured below taken from ERP 's log file. This script has also ran over, and over again since it can not complete due to being blocked by AppGuard. I'm curious whether MBAE build 137 was blocking this script as well. I have not checked to see if this is the case since I have been using Malwarebytes Antimalware the last 3 weeks. I hope the log info below is helpful. Date/Time: 2018-11-16 21:51:29.424 Action: Allow/Known Safe Process PID: 5504 Process Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe SHA1: AE8B80AE4D2D3B4AB6A28CC701EB4D888E4EC7AD Signer: Command Line: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" Parent: C:\Windows\System32\svchost.exe Parent SHA1: B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8 Parent Signer: Microsoft Windows Publisher Expression: - Category: - User/Domain: SYSTEM/NT AUTHORITY Integrity Level: System System File: True
  3. Is anyone here having powershell blocked in the background without trying to run powershell? Windows 10 started running a powershell test script in the background a few months back. I believe this script is used by Windows to check to see whether the user is running AppLocker, or not. This script gets blocked many times per day by AppGuard. Here is the script being blocked by AppGuard. This image from AppGuard Activity Report shows a little information about the script.
  4. I don't know how else it could be done unless behavior blocking is used to catch the aftermath after an exploit has already executed. That's not ideal, but better than nothing. May parent child process control will help.
  5. Is it possibly to provide exploit protection with a browser extension, or plugin instead? It may be a lot of work maintaining the extensions, or plugins, but if you only had to do it for a few browsers then it may be an option. Malwarebytes already has a browser extension so maybe additional capabilities could be added to it.
  6. The tray icon sometimes does not load after booting my machine. It happens more often after completely shutting down my machine for a while. Process mbae.exe loads at boot, but the tray icon never shows up in the tray. I believe this is due to another app, or service loading at the same time during boot. What I would like to point out is that if I try to access MBAE tray icon or GUI from Windows Start Menu it does not load, and it it spawns a second instance of mbae.exe. If I try to access it again from the start menu then it spawns a third instance of mbae.exe, and so on. While making this post I discovered that mbae service (mbae-svc.exe) is failing to load at startup. I initially thought it was loading because I saw mbae64.exe, and thought that was the service until taking another look. I can see how that would cause multiple instances of mbae.exe to spawn when attempting to access the GUI without the service running. I think maybe NVT ERP is causing the conflict. They try to load about the same time during boot. I would suggest that if the user tries accessing MBAE without the service running that MBAE notifies the user that the service is not running, and also not allow MBAE from spawning another instance of mbae.exe. I'm using Windows 10 x64 Pro version 1709, and MBAE 1.12.1.129.
  7. Ok, my migraine are starting to go away now or at least at the present time i'm not in much pain so it appears i'm getting better. I'm looking at the box containing the available drives to choose from to expand into a directory tree. You have them marked above. The other day when you pointed them out my memory was just blank from the pounding headache, but now I remember trying to populate that box. There were no drive letters in it, and no directories listed in it. I clicked on the arrows in the box, and they were grayed out. I fiddled around with it for about 15 seconds, and assumed it was for something else. bad news is I uninstalled MBAM already because my machine was showing a pretty big performance hit unlike when I used it a couple of months ago. I made exceptions for MBAM, and Eset. I basically excluded all of MBAM in Program Files from being scanned, or monitored by Eset. I also did the same in MBAM so that it would not scan or monitor Eset as well. It could just be that it's time to reformat. I usually format my machine once at the beginning of the semester, but I didn't get to this semester due to many different issues that arose. I'm not formating now because the new Windows update is coming out next month. I went back to using MBAE, and i'm using MBAM web browser extension at the moment. The only problem is MBAM extension is blocking content of domains that I have whitelisted. I want get into that in this thread, but I did make a thread about it here at Malwarebytes. I can try installing MBAM again soon though to see if the box will populate like yours did above in the screen shot. Thank You for your help! cutting_edgetech
  8. Now it reports to be blocking 7 of something on the same domain, and it's not enforcing it's whitelist policy on other domains also. Sorry, forgot my specs earlier. I'm using Windows 10 X64 Pro Version 1709, Firefox 62.0 64bit, and Malwarebytes plugin version 1.0.27. It just occurred to me that the problem could be a conflict with some other plugin I have installed. I did not have many until yesterday. I'm testing out a few to try to decide which ones I want to keep. I also have Ublock Origin, Ghostery, WOT, ADGuard, and VTZilla installed. I will try disabling them to see if that helps. Hope I don't want to have to uninstall all of them because I will lose my whitlelist with them. I'm definitely keeping UBlock Origin and I have been using it for a long time so my whitelist is quite large with it. Well, I have a thousand things to do today. Let me know what is required to debug Malwarebytes Extension. I have to step out for a while, but I will be back later this evening. regards, cutting_edgetech
  9. Malwarbytes is blocking content of domains whitelisted. I use Pearson Math Lab for College Algebra, and Calculus. Malwarebytes reports to be blocking 5 of something (I don't see any option to find out what) on Pearson Math Lab. I can't show a pic of the screen because it has too much personal info on it. I have both categories of the domain whitelisted. Here is the domain; openvellum.ecollege.com. You can see in the screen shot that I have it whitelisted in both categories. In other domains I have whitelisted Malwarbytes reports to be blocking 1 of something. I don't know why it would be blocking anything unless there is a hidden category that can't be whitelisted. regards, Michael Stidham
  10. Thank you for pointing that out for me! I have obviously overlooked that option which would be quite easy for me at the moment after having a migraine for 10 straight days. Maybe I should just stay off the internet a few days instead of wasting forum resources. I actually am suppose to stay offline for the next 3 days starting today by doctors order (for migraines), but I just broke that rule. I had already made my original post before seeing the doc though. I guess I will not be back on for 3 days. I really need the break though since being offline has not been an option until today because of online classes which typically has me online for 12-16 hours a day. Thank You!
  11. Yeah, I had already checked for that support in scheduled scans, and did not see it unless I overlooked it. I have Malwarebytes Premium. I could give you a list of the paths I scan, but it will be somewhat lengthy. It still eliminates scanning about 1/2 of C drive though. I don't think they will scan all these paths, and I don't think I will have any way of knowing whether ones they are scanning without trying to watch every path being scanned during the scan, and checking it off my list. That's not a solution for me. If they want the list anyway then let me know, and I will post it after I get over these migraines ive been having for several days now. Just know that it will not be a solution for me since I will not know if they have all been added to Malwarebytes Proprietary List., or will I?
  12. I would like to be able to save my Custom Scan Profile when conducting a Custom Scan. I'm aware of the areas that are targeted the most by malware. It takes me about 10 minutes to create the profile of the paths I want to scan. I don't want to have to recreate the profile all over again each time I want to scan my machine. I couldn't find support for this; am I just overlooking it? If this functionality is not supported then I hope you find it worth the effort adding it. I would use it at least 3 times a week. regards, cutting_edgetech
  13. Chrome informed me to remove Eset, and MBAE. I don't think so! I will drop Chrome first.
  14. I've been using version 1.12.1.100 for almost two days now without any problems. I use the latest stable release of Firefox, and Chrome. I'm using Windows 10 x64 Pro version 1709.
  15. Just for informational purposes: I have not ran into any problems yet using build 1.12.1.97, and I have been using it for 2 days now. I have not rebooted since upgrading. Maybe it requires a reboot before problems begin. I'm using Firefox, and Chrome. I'm using Windows 10 X64 Pro version 1709.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.