Peter2150 Posted December 21, 2016 ID:1082645 Share Posted December 21, 2016 I am curious as to how the Ramsomware modules notifies about detection as opposed to the regular malware module. I ask as I have been testing with some real malware about which 60% is ransomware. I specific piece was detected as ransomware and quarantined as such. Then a reboot was required to complete quarantine. That piece was not detected by MB2. With all the other malware only 2 were missed. The rest were not only caught by MB3 but MB2. This leaves me a bit puzzled about the Ransomeware module in MB3. Would love clarifaction. Pete Link to post Share on other sites More sharing options...
Domina Posted December 21, 2016 ID:1082654 Share Posted December 21, 2016 Same as the Malware detection but tells you it got detected by the ransomware module and that it's ransomware Link to post Share on other sites More sharing options...
Peter2150 Posted December 21, 2016 Author ID:1082676 Share Posted December 21, 2016 Where does the reboot to clear quarantine come in, and why one exception for one sample??? Link to post Share on other sites More sharing options...
Peter2150 Posted December 22, 2016 Author ID:1082832 Share Posted December 22, 2016 I wonder if I can get a "real" answer to the questions I have? Link to post Share on other sites More sharing options...
dcollins Posted December 22, 2016 ID:1082986 Share Posted December 22, 2016 Just to clarify, you're saying that a piece of ransomware was not detected by MB3 and you want want to know why? As far as rebooting for quarantine, this is a necessary step with a lot of infections as a reboot makes sure they aren't running and can safely be quarantined Link to post Share on other sites More sharing options...
Peter2150 Posted December 22, 2016 Author ID:1083034 Share Posted December 22, 2016 Couple of things. 1. Do all items detected by the ransomware module need a reboot. 2. If any ransomware was detected by both MB3 and MB2 does that mean it wasn't the ransomware module in 3. Thanks for answering Link to post Share on other sites More sharing options...
dcollins Posted December 22, 2016 ID:1083039 Share Posted December 22, 2016 Do all items detected by the ransomware module need a reboot? I do not believe so, but new threats come out all the time and because they use different attack vectors, there's no easy way to say which ones will and won't need a reboot. If any ransomware was detected by both MB3 and MB2 does that mean it wasn't the ransomware module in 3. The ransomware module in MB3 has the same functionality of the ransomware module in MB2, plus the extra benefits provided by MB3. You can read up on those benefits in the release notes for Malwarebytes 3 (https://www.malwarebytes.com/support/releasehistory/). If you're running MB3, the ransomware module in MB3 should detect anything that was detected in our Anti-ransomware Product. Link to post Share on other sites More sharing options...
Peter2150 Posted December 22, 2016 Author ID:1083045 Share Posted December 22, 2016 On the second question. Now that makes sense. It wasn't clear that there weren't ransomware protections in mb2. Thanks for clearing that up. BTW These question were not theoretical but based on testing with live malware. Pete Link to post Share on other sites More sharing options...
dcollins Posted December 22, 2016 ID:1083047 Share Posted December 22, 2016 MBAM2.x did not have anti-ransomware built-in like MB3 does, but the standalone Anti-Ransomware product was able to be ran alongside MBAM2.x Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now