Jump to content
alhazred

MBAM Exploit Protection question

Recommended Posts

Greetings,

Under protected applications Adobe Reader's filename is acrord32.exe, but when I run Acrobat Reader DC the process is acroRd32.exe.  Does it matter that the R is uppercase or does the filename/process have to be exact?

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Greetings,

No, the case makes no difference at all.  By default in Windows, it doesn't differentiate between upper case and lowercase so for example, if you tried to create a file by the name acrord32.exe in the same location as acroRd32.exe Windows wouldn't allow it because the two files share the same name.  In the same way, Malwarebytes sees any process named acroRd32.exe the same way that it sees acrord32.exe (or even ACRORD32.EXE).

I hope that helps clear things up.  If there's anything else we might assist you with please let us know.

Thanks

Share this post


Link to post
Share on other sites

Actually in Windows 10, you can use Powershell to set a flag on certain folders to enable their contents to be case-sensitive. Linux programs running on Windows (through the WSL) always ignore this flag and treat everything as case-sensitive, but in the registry you can also set Windows programs to either:

1. Treat everything as Case-sensitive regardless of the folder properties

2. Set them to disallow case-sensitive names regardless of folder properties, or...

3. The default behavior, just respect the folder properties.

 

In @alhazred's case, though, he doesn't have to worry about it because he's unlikely to run into any case-sensitive folders.

However, I would still like to see case-sensitive file scanning implemented in MBAM, especially the enterprise version, due to the much higher likelihood that WSL would be used, the frequent mingling of Windows-based and Linux-based servers, and the ever increasing prominence of Linux-based threats.

Share this post


Link to post
Share on other sites

Actually, because Malwarebytes is not case sensitive, it doesn't matter, and that's the point.  It will protect the process regardless.  Implementing case sensitivity in Malwarebytes would actually break this functionality and then the user would have something to worry about with the process name using a different case, but because Malwarebytes disregards case it is able to protect the process as it should without any changes regardless of how it is spelled.

Share this post


Link to post
Share on other sites
11 hours ago, exile360 said:

Actually, because Malwarebytes is not case sensitive, it doesn't matter, and that's the point.  It will protect the process regardless.  Implementing case sensitivity in Malwarebytes would actually break this functionality and then the user would have something to worry about with the process name using a different case, but because Malwarebytes disregards case it is able to protect the process as it should without any changes regardless of how it is spelled.

Thanks for the reply exile360.  Helpful as usual, chap!

Share this post


Link to post
Share on other sites
19 hours ago, exile360 said:

Actually, because Malwarebytes is not case sensitive, it doesn't matter, and that's the point.  It will protect the process regardless.  Implementing case sensitivity in Malwarebytes would actually break this functionality and then the user would have something to worry about with the process name using a different case, but because Malwarebytes disregards case it is able to protect the process as it should without any changes regardless of how it is spelled.

What I meant by implementing Case-sensitivity was to implement the ability to detect Case-sensitive filenames and folders that normally wouldn't be accessible otherwise, not to make the scanning itself Case-sensitive >.<

Share this post


Link to post
Share on other sites

Right, but in the context of this topic, that has nothing to do with Exploit Protection's ability to shield the default list of protected/shielded applications, right?  That would just be for compatibility with Linux filesystem components on Windows 10 and wouldn't apply to Exploit Protection anyway.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.