ingber

Why would MBAM block a URL given with a tinyurl.com address, but NOT block the expanded URL (given by a Chroem extension Unshorten.It!)? It seems that MBAM does not bother to see the actual underlying URL?

I've had some problems with CryptoPrevent (paid). It had blocked vssadmin used for backups even when that exe has been unchecked in the CP window. I think it works OK for now, but as they keep adding bells and whistles I think there are going to be more problems ahead.

Would you consider this a "browser" or "other"?

Does anyone have any experience with Cygwin/Cygwin64 running ssh? E.g., is anyone using any custom shields for this?

MBAE CPU climbed to 40%, even woith no browser or other apps active. I turned off protections, and waited about a minute. When I truned MBAE on again, the CPU usage was truly minimal, registering 0% (the dashbaord shows all protections active). I surmise some glitch in the MBAE software causing this problem?

On my Thinkpad Carbon X1 Touch (8MB RAM) running Windows 8.1 Update x64 Pro and MBAM and MBAE (both Premium), today I am seeing MBAM consuming 33-35% of CPU, obviously slowing down my PC. This has been going on for at least an hour or so.

Will MBAE Premium auto-update?

Also see; http://support.microsoft.com/kb/2964759 Lester

Pedro: See http://social.technet.microsoft.com/Forums/security/en-US/fd07e8f1-cd97-42e4-bc22-b40db0f5495b/emet-compatibility-with-chrome-35?forum=emet Lester

Pedro: Thanks for that confirmation. I strongly suggest taking out the line in https://forums.malwa...howtopic=146501 : "even Google has advised against protecting Chrome with EMET" as this just undermines your credibility. That advice was given by Google back in 2010. Even just recently in fact, EMET 4.1 got an update to be sure it remained compatible with Chrome. Lester

I bought MBAE Premium and just verified that with EMET 4.1 Update both Acrobat Pro and MS Word 2013 Pro crash -- they cannot even start. When I uninstalled EMET, they came up fine. We have Thinkpad Carbon X1 Touch PCs running Windows 8.1 Update x64 Pro.

Hi. Does the new MBAE Premium allow EMET 4.1, e.g., as an exclusion?

I think this is a reasonable thread for this query. EMET can have some problems with cygwin: sourceware.org/ml/cygwin/2013-06/msg00092.html due to enforcing ASLR Does MBAE also enforce ASLR, potentially interfering with cygwin?

P.S.: In fact just now I scanned those same files with Malwarebytes (yes, again, but copies their new ingber/folder) Norton Internet Security (NIS) ClamAV No warnings were issued. Lester

My recent quick scan on both of our A31p Thinkpads running XP Pro SP3 also with Cygwin gave these as Trojan files: C:\cygwin\bin\chown.exe C:\cygwin\sbin\init.exe C:\cygwin\bin\sh.exe C:\cygwin\bin\test.exe C:\cygwin\bin\w.exe I set these to be ignored, as I believe these five reports are False Positives. Exiting the scan then shows no problems in our logs. I sent ingber.zip with these files to support. Thanks. Lester

I just did upload the beep.sys file. I have been corresponding with one of your staff, Arthur. Here are some of my comments: (1) Previously, you documented that the additional beep.sys files under dllcache/ should not be there and so I deleted them on both machines. This raised the issue that Malwarebytes did not flag/Quarantine this file on one of the two computers. (2) In this latest email, you seem to suggest that even if there were additional beep.sys files under dllcache, this should not present any problems since these beep.sys files in fact are valid system files? > As I mentioned, I used zdiff under Cygwin (a bit by bit comparison) between > /cygdrive/c/WINDOWS/system32/dllcache/beep.sys > /cygdrive/c/WINDOWS/system32/drivers/beep.sys > before deleting /cygdrive/c/WINDOWS/system32/dllcache/beep.sys; the > files were identical > (on both machines and indentical across machines).

P.S. Both machines have only one user with full Administrator privileges.

We have two a31p Thinkpads running the same currently-updated versions of XP Pro SP3. On both machines we have c:/WINDOWS/system32/dllcache/beep.sys c:/WINDOWS/system32/drivers/beep.sys However, on ONLY one machine we get what I believe is a false positive for ONLY c:/WINDOWS/system32/dllcache/beep.sys which was Quarantined as Fake.Beep.Sys Wasn't this supposed to be fixed back in August? Thanks. Lester

Hi. We've purchased Malwarebytes for our Thinkpads running XP Pro SP3. Similar to other anti-virus (e.g., ESET) and anti-spyware (e.g., SuperAntiSpyWare), it would be useful to see the most updated database and software versions with a right-click on or simply touching the tray icon. Thanks. Lester