Jump to content

QuickBooks PayRoll Update failing


Recommended Posts

Adding the exclusions for the Malware scans and adding the mapped network drives to the exclusions seems to have helped. That leaves the server to scan the local folders though the end user machines won't scan the excluded folders except for watching for ransomware, which is a bit concerning.
Does adding the folders as exclusions keep MalwareBytes from scanning the folders on a full system scan?
I just need MalwareBytes to not lock files and not actively scan the QBs files.

Link to post
Share on other sites

Network drives are not scanned by the end-user workstation with the MBEP software, they are also no longer available to be scanned via the context menu option. This is something MBAM 1.x was able to do and if you are familiar with that older option, you may notice that MBEP's context menu option goes grey when attempting to right click network drives and engage the option. Drives like these should be scanned using an MB install on the hosting server where the drives are local and can be scanned as normal.

As far as ransomware, if a workstation is hit it wouldn't matter what drive the ransomware is encrypting, or if that location happened to be ignored. We are looking at the malware's behavior itself, things like this are not running from your drive share in the QB folders, they are running in memory to attack the file system. The exclusions relieve whichever particular real-time engines that the exclusions can be, or are, applied to within the extra "Exclusion applied To" option set. The exclusions are for MBEP to ignore the excluded items, and what they are doing, not what is happening to them via something else. 

The main consequence and concern around what's been brought up in the previous paragraphs, is to be aware that an attack on an unprotected workstation can reach anything to which that workstation has access. Say there's an unprotected workstation, and it got ransomware and began to encrypt the system. When the attack is finished with the local drives and moves on to the network drives/shares, even if the server hosting the share has MBEP installed, the share is in danger in this scenario. The attack is in the unprotected workstation's memory, and the protected server's MBEP real-time cannot see that. It is vital to protect your servers by protecting all your workstations.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.