MwarebytesUser

Exploit blocked

4 posts in this topic

I have a Server 2008 R2 VM Host with LSI MegaRAID SAS 9260-8i & MegaRAID Storage Manager. I have been scanning entire network looking for threats and on this machine Malwarebytes Ver 3.0.6.1469, CompoPag Ver 1.0.75 (FREE ED.) has reported an “Exploit blocked” for Java App behavior, malicious inbound socket. This is in the Reports view, I have attached the export data.

 

I ran 3 scans on this machine over a week or so found nothing. I believe this event was automatically found. The MegaRAID Manager requires Java, I have noted in past Java.exe connecting to public IPs. I made an inquiry with the card manufacturer but never got anything but a “Ticket Closed Notice” so I gave up.

 

MegaRAID Manager will not connect to the host now. It has been working fine. I have not restarted the machine yet as it’s a production VM Host.

 

I wonder…

 

How Malwarebytes blocked this java process, was it a one time block or did it change windows firewall or does the free Malwarebytes have one of it’s own. Did it just kill the Java process and a restart is required to start it up again.

 

Is Malwarebytes wrongly detecting the Java actions or do I have a sick server?

Log.txt

Share this post


Link to post
Share on other sites

Hello @MwarebytesUser and :welcome:

Reference: System Requirements and OS support for Malwarebytes 3.0

Unfortunately, the Consumer/Home edition of Malwarebytes 3.0 does not support any Microsoft Server including Microsoft's Windows Server 2008 R2.  You may wish to contact a business product representative through the Malwarebytes' business unit at their URL: https://www.malwarebytes.com/business/

Thank you for your continued interest in Malwarebytes' products.

Share this post


Link to post
Share on other sites

ID: 3   Posted

I'm having this same issue. I'm on a dell precisiion t7400 workstation with a 9260-8i raid card using megaraid storage manager

& windows 10 pro. I need to exempt or exclude this somehow, below is export of malwarebytes report in log.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/18/17
Protection Event Time: 8:26 AM
Logfile: javablock.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1964
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Java malicious inbound socket detected
File Name: 
URL: 

(end)

Share this post


Link to post
Share on other sites

ID: 4   Posted

You may be able to exclude this by going to Malwarebytes -> Settings -> Exclusions -> Add Exclusion and exclude a previously detected exploit. However this may open you to vulnerabilities so be careful.

Also, as mentioned, MB3 is not fully compatible with servers at this point. There could be issues running MB3 on unsupported operating systems.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.