Jump to content

Sn3akyP3t3

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by Sn3akyP3t3

  1. Looks like MWB is picking up false positives around AutoIt again after recent a recent update. I can't provide the offending .exe, but it can be acquired from here: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe Also, I don't know how to un-quarantine something with MWB. I don't see any option to release something from its grasp. 20201221_MWB_Report.zip
  2. Oops, apparently I forgot I had already posted this and recreated it in another new thread...
  3. When the User Access feature is enabled the password is prompted when trying to access any of the protected sections it is applied to which is desired, but it does it for EVERY movement between sections (tabs) that are protected. There should be some notion of a session where you are prompted only once for the credentials at which time they are cached for the duration of your activity with the MWB UI opened and as soon as the MWB UI is closed the session expires and the password prompt is enabled once again. Providing the password multiple time when reviewing or changing settings is a huge irritation!
  4. I believe that when the user access feature is enabled the application fails to successfully upgrade. I don't know this for sure, but its happened to me twice where the installer requested a restart and upon restart notified me that the upgrade failed to complete with no reason given. Please add a requirement for future versions to either fix this as a bug or add a new feature that informs the user of the need to remove the User Access password PRIOR to the installation attempt, not afterwards when a restart interrupted the user's daily workflow only to run into a known pending failure.
  5. MWB doesn't seem to have any notion of a session when it comes to prompting for User Access Password. This can be annoying when the location of a particular feature is not known and the password is prompted for every different subsection that is accessed, no matter if that subsection has been accessed previously or not. If a session variable is set for a timeout then the prompting can be enabled after X minutes with no activity. If you want a software title that does this fairly well as an example check out Keepass. The password database will lock in X seconds where the value X is user customizable. The lock can also be re-enabled when the user logs out, locks the screen, or perhaps with some other triggers useful for presence detection (perhaps Android phone Windows stuffs that I'm not familiar with).
  6. I'm a long time MWB user and I speak highly of it to pretty much anyone, but its not all butterflies and rainbows at times. Reporting false positives for instance is a pain! This post may belong elsewhere, but I feel its necessary to mention that its highly inconvenient for the end user to run a full scan to get the output desired by the Malwarebytes development team to figure out the false positive(s) cause and fix it. Secondly, its also inconvenient to harvest them and then place them into this forum. All that should be doable straight from within Malwarebytes and not left to the end user to be burdened with! Extra scans are time consuming, why should the end user be demanded to give up so much time and put in all the extra effort to perform all these steps requested? Some users may not even know how to perform some of the steps that are asked of them. Not everyone is knowledgeable of the command line or even understands what rar and zip archive formats are. I've helped plenty of elders that would throw the towel in at something like this almost immediately. Others would find a workaround like forcing MWB to exclude those false positives from the scan with works, but isn't ideal. My suggestion is that a new false positive reporting module be created directly in MWB accessible within the Quarantine section which will isolate the re-scaning to just the items in question and then wrap all them up in the desired archiving format that MWB demands and deliver them to MWB's desired location. If a forum account must be required for follow-up then maybe a communication module to login from MWB directly to the forum can be included or fire up the default user preferred browser and lead the user to the forum post that would be created on their behalf.
  7. I realize that an active license isn't required for manual scanning. I'm really just trying to activate my license to make use of active protection to make use of safer web surfing for the most part. The difficulty is the proxy server is in the way and MWB doesn't seem to make use of the settings provided for the update process during the activation process. Still interested in a solution for this.
  8. I see MWB can do updates through an authenticated proxy server, but for some reason activation does not work that way. Is there any way within MWB where activation can occur through a proxy server? My machine is not infected. I'm really curious how someone that could have an infected machine would get the trial of this software kicked off when it too also fails when a proxy is in use.
  9. Java 1.6 and now 1.7 both have some pretty serious vulnerabilities. I'm curious if Malwarebytes Pro protects against the those as well as the 1.7 recently realized exploit. Does it? Here is some dirt on the 1.7 vulnerability: https://isc.sans.edu/diary.html?storyid=13984&rss http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html Below was copied from deependresearch.org: 6. If the exploit is successful, it downloads and executes a malicious binary, which calls to another IP address/domain hello.icon.pk / 223.25.233.244 Malware behavior and indicators Payload: : hi.exe Size: 16896 MD5: 4A55BF1448262BF71707EEF7FC168F7D (Virustotal 26/42) Legitimate Portable Media Serial Number Service MsPMSNSv.dll is deleted from C\WINDOWS\system32 (Virustotal 0/42) Malicious mspmsnsv.dll is copied to C\WINDOWS\system32 (Virustotal 21/42) "Portable Media Serial Number Service" (WmdmPmSN in the registry) is running. https://www.virustotal.com/file/09d10ae0f763e91982e1c276aad0b26a575840ad986b8f53553a4ea0a948200f/analysis/
  10. Just installed yesterday Acunetix and met with fierce opposition! protection-log-2011-07-07.zip
  11. Didn't notice an update pending. Updated from version 6395 to 6400.
  12. I've never seen an application to date falsely raised as malicious by Malwarebytes. I hope this isn't a trait that is now programmed into Malwarebytes and must be dealt with daily or weekly. Whatever happens, it is necessary to report them. I'm running Windows XP Pro SP3. First false positive was for an open source program written in .NET called "Net Profiles". I am using the modified version of the executable due to VM related issues by members ivan.hrehor and potofcoffee as seen in this forum: https://code.google.com/p/netprofiles/issues/detail?id=1 with this download link to the modded exe: http://netprofiles.googlecode.com/svn/trunk/bin/Debug/Net%20Profiles.exe Second false positive was strangely for CD Burner XP. Found here: http://cdburnerxp.se/en/home I didn't notice any change in the logs generated for auto protection mode between developer mode and not. I attached the most recent for each false positive. protection-log-2011-04-19.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.