Jump to content

[ RESOLVED ] How to test "Malwarebytes remediation map"


Go to solution Solved by dcollins,

Recommended Posts

Hello,

Another user posted a question which disappeared meanwhile...

"How to test "Malwarebytes remediation map""

So, I tried to reproduced what the OP posted and I did not get any reaction on the "Remediation Map"

I was able to zoom on the map the area I live in (no detection)
Now, I disabled my antivirus and my firewall and unzipped a malware and scan it with MBAM.
Sure enough, MBAM detected it and I quarantined.

Repeated several times.

NOT A DOT POPPED UP ON THE MAP.

So, how does it work???

On some other forum somebody posted a funny map:

image.png.0a9108600bb5bcb7bc5e387f422985a5.png

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Staff
Quote

Now, I disabled my antivirus and my firewall and unzipped a malware and scan it with MBAM.

This is why nothing is showing up. There are details under the remediation map that explain how this is tracked. I bolded the part that explains why you're not seeing the block.

Quote

For a dot to appear on the map three things must happen. First, a device has a third party anti-virus registered in the Windows Security Center. Second, the user runs a Malwarebytes remediation scan. Third, our scan must detect malware. We then add a numerical count for each detection next to the respective vendor's name. These three elements represent our real-time global view of the threats detected by our remediation scans. Each dot represents a detection. There can be multiple detections for each dot.

What I would do is exclude your downloads folder from Windows Defender, but leave Windows Defender real-time protection active. Then download a malware sample (I prefer Spycar), and let Malwarebytes detect it. This should cause the blip to show up. I did have issues getting the results to show up during my testing though, so I've reached out to our engineers to see if there's a specific time delay that can be expected.

Link to post
Share on other sites

  • Root Admin
9 hours ago, exile360 said:

Does the remediation map still capture detections when telemetry is disabled or blocked?  I'm just wondering since that may be the reason as well if it was disabled or being blocked by a HOSTS file or firewall.

I'm sorry but we do not test our product for cases where the user has purposefully disabled or blocked features. That is an extreme waste of costly resources. Please ensure that you are not blocking or disabling any features of our product. If you're still having issues after that then please let us know. Our testing shows the product to be working at this time.

 

Link to post
Share on other sites

  • Staff
9 hours ago, exile360 said:

Does the remediation map still capture detections when telemetry is disabled or blocked?  I'm just wondering since that may be the reason as well if it was disabled or being blocked by a HOSTS file or firewall.

Hah, good call! I forgot I have our telemetry servers blocked at my house so I don't flood our servers with my test data, hence why my dot didn't show up.

@lock, based on your previous posts, you also have our telemetry server blocked, so this makes perfect sense why you didn't see the dot

Link to post
Share on other sites

18 minutes ago, dcollins said:

based on your previous posts, you also have our telemetry server blocked, so this makes perfect sense why you didn't see the dot

In my situation, telemetry was blocked at firewall level; as I said,  disabled the firewall prior the test

20 minutes ago, dcollins said:

I have our telemetry servers blocked at my house so I don't flood our servers with my test data

That is  funny explanation why you blocked telemetry....I am quite sure the servers can handle millions of transaction , so data from your house will not "flood" them .

Link to post
Share on other sites

  • Staff

It can handle the telemetry, but since I'm using my machines for lots of testing, it can throw off data and we like to not do that.

As for your why nothing showed up, at this point we would need to get some logs from your system. You can either use the Gather Logs function in our Support Tool or just zip up C:\ProgramData\Malwarebytes\mbamservice\logs and attach that zip file.

Link to post
Share on other sites

1 hour ago, dcollins said:

As for your why nothing showed up

I tried again with "AntiTest.exe" from Spyshelter.  "AntiTest.exe" is not detected by MSE as malicious but it is detected by MBAM.

Tested on 3 different PC , 2 of them without firewall ; triggered MBAM detection 10 times but NO DOT popped up on the map.

I cannot provide logs as I am concerned about privacy (hence blocking all telemetry in normal operation)

However, this is easy to reproduce by anybody , so if you will try it and get a dot on the map, I am OK.

So far, the only conclusion is, that the map has nothing to do with reality.

But I may be wrong (wouldn't be the first time!)

Link to post
Share on other sites

  • Staff
  • Solution

A few people have reported that the information on the map is working as intended, so the issue definitely seems to be with your setup. Without logs though, there's not much we can tell you in terms of why it's not working for your setup. You are welcome to send the logs to me directly if you wish and I can move our conversation to PM to make sure the information isn't released publicly, but at this point, that's our only option.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.