MB evidentially does not intercept and check SMB read/writes

[pcmatt]

Yes, in an ideal world every machine would be running Malwarebytes, however, until then, your SMB shares are at risk if a laptop or other computer gets infected and has access to shares.  It's normal to buy a new laptop and bring it home and start working with your machines but it appears your computers with shares open are at risk even if you have Malwarebytes running on them all.

Wouldn't it be nice if MB had SMB intelligence and an option to protect shared folders?

-pcmatt

[pcmatt]

Sorry, this post should have been in the Suggestions topic.  Feel free to move.

[exile360]

Greetings,

Thank you for the suggestion.  I will forward your request to the Product team for review and consideration.  I too would like to see more done with regards to ancillary functions and connections in the Windows OS and networking stack, especially with the recent increase in their use in malicious attacks through worms and SMB exploits and the like such as the EternalBlue exploit which was used for disseminating the Wannacry/WanaCrypt0r ransomware.  With that said, there are thankfully many layers and components in Malwarebytes that do guard against a wide range of threats and attack types, including the ones that were able to detect and block Wannacry at 0-hour when it first started to spread and infect users, however I do believe network based exploits are one area where things could be improved.  This may happen once/if the recently acquired WFP based Binisoft Windows Firewall Control technology is integrated into Malwarebytes, but I am not certain.

Anyway, thank you for this suggestion and feedback and if you have any other ideas on how Malwarebytes might improve their offerings please don't hesitate to post.

Thanks

[pcmatt]

Thanks for your reply.  I had a client that I suggested they buy Malwarebytes and they installed on all of their systems.  One user came in through VPN infected with ransomware and encrypted all of their machines including all company data on several boxes.  Malwarebytes did not protect any of the machines. All the machines had Malwarebytes running and up to date and all had all of their data encrypted. Malwarebytes did not protect the machines it was running and licensed on.

This is how important it is to check SMB reads and writes. The client is still running Malwarebytes but I had to negotiate with the ransomware guys to get a decent price for several machines and for about $1500 bitcoin they were back in business.  Hard to pay for more Malwarebytes when Malwarebytes allows ransomware to trash all your data.  

Thanks!

 

 

 

[exile360]

Yeah, that's not good.  I agree this area could definitely be improved.  I've been pushing for some kind of network exploit protection/shielding for a while now and I think such a solution would help in events like the one you describe.  While ideally the Ransomware Protection component should protect against such attacks, it isn't flawless and unfortunately doesn't always detect every ransomware variant that comes up, especially with ransomware being so popular these days that new variants and morphs show up daily sometimes.  If there were something on the network stack that was as proactive and effective as the Exploit Protection component is against web and document based exploits, that would be a real game changer I believe, and that's what I'm hoping will come soon for Malwarebytes as I believe it would be a huge leap forward in providing more comprehensive protection, especially against attacks like the one you described.