Jump to content

Recommended Posts

Hello, could someone help me with this one,  just a question about folder exclusions, in my last experience with antivirus software normally if I excluded a folder it means that all files and folder below it will be automatically excluded from virus scanning. 

Does Malwarebytes do that or I need to add to the Exclusions List all individuals folders and files below a root folder?

Thanks

Bill 

Link to post
Share on other sites
  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    welcome mbst.png
  • Click the Gather Logs button
    gatherlogs.png
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Click "Reveal Hidden Contents" below for details on how to attach a file:
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    _mb_attach.jpg.a0465aaafd6cae688aa38ab16

     

    After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by email when someone has replied to your post.

    _mb_follow.jpg.7868cc281f66ac22e919c2c48

    _mb_follow_options.jpg.dcb79fc10aa35beb0

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
  • Staff

Greetings,

Yes, exclusions for folders are recursive so when a folder is excluded, so is every other file and folder it contains, including sub-folders and their sub-folders etc.  This also means you must be cautious when creating exclusions, making sure you don't accidentally exclude something you shouldn't such as your entire Windows directory, your entire drive or your entire Program Files directory because that would cause Malwarebytes not to check many of the known locations where malware likes to hide.

Link to post
Share on other sites

Well somehow it did not work with the new Malwarebytes Version 3.4.5, even I excluded folder C:\Program Files (x86)\MegaRAID Storage Manager which is the LSI Raid Controller Manager it bump out the executable that resides just below it C:\Program Files (x86)\MegaRAID Storage Manager \JRE\bin\javaw.exe the file was not quarantine it just disable the application that I need to check the Server RAID-5 drives.

In the older MWB version it happened the same but after excluding the directory it let me use the program.

Here is the error which it refers to a Exploit Block and I will like to recovered the application, this is a server and I just cannot shut it down while users are on it for uninstall and reinstall it.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/9/18
Protection Event Time: 8:54 PM
Log File: 183f9ae5-53f5-11e8-821d-001e67e34ec6.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5044
License: Premium

-System Information-
OS: Windows Server 2008 R2 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Java malicious inbound socket detected
File Name: 
URL: 

(end)

If you know what to do please advice me here, I will really appreciate it.

Bill

 

Link to post
Share on other sites
  • Staff

That explains it.  Exclusions for folders and files do not include excluding from Exploit Protection since the anti-exploit component is a signature-less behavior based protection technology which generically analyzes in-memory actions to check for exploit behavior.  In order to exclude an exploit detection you'll need to go to Settings>Exclusions and click Add Exclusion then select Exclude a Previously Detected Exploit then click Select... and find and select the associated exploit detection from the list and then use that to add it to your exclusions list and it should no longer be detected.

Likewise, with Web Protection, if you have an application which is being blocked by Web Protection due to the sites/servers it is connecting to being contained in Malwarebytes IP/domain block lists you'll need to use the Exclude an Application that Connects to the Internet and add the executable for the program that is being blocked (for example, if you use Bittorrent of some other Peer-to-Peer (P2P) application that generates frequent web blocks from Malwarebytes) and it will no longer be subjected to the Web Protection component's block lists and will be able to freely connect to any server.

All of these exclusion types are kept separate for the sake of granular control over what is and is not allowed to happen on the system and to increase security so as not to excessively exclude things in a way that might compromise the level of protection being provided.

Link to post
Share on other sites
  • Staff

Also, in regards to the specific detection you posted, you could instead navigate to Settings>Protection and click Advanced Settings under the Real-Time Protection area beneath where it mentions Exploit Protection and in the Anti-Exploit Settings sub-dialog that opens, select the Java Protection tab (the last one on the right) and uncheck the option Java Malicious Inbound Shell Protection option and then click Apply.

The below image shows the setting I'm referring to:

5af3e638a92b7_JavaInbound.png.c2a01bd3fd812180d7f2ac52226c8707.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.