Jump to content

Recommended Posts

Posted (edited)

the block/unblock URL issue is also occur on both Window 10 version 1903 and windows 10 version 1809 and maybe on windows version 1803 (not sure for windows version 1803) but I’ve been noticing this many time and still goes on 

Malwarebytes version 3 is not block the download of the exe file and nor the PUP website / leading page but however it only block of an executable when you have to double clicking on it.

for Malwarebytes extension version 1.0.44 it has an issue too .  is to block of the exe file even before you  to download it and this is a good for all but however it only block of an executable when you trying to download it but it leave the PUP website / leading page to not be blocked

@Erix

https://www.virustotal.com/gui/url/007be183615765568970482f3224c0a1f83c43fc362e40c9882bfcc6eae99e4c/detection

https://www.virustotal.com/gui/file/c169e57a3b4a4417df306d7dd180a5dba966e877d9551a5b2277ad5637f48c7d/detection

https://www.virustotal.com/gui/url/6f1b2e7a0a5593400997d32e613e6d850cd20ee7194fdae251a61a3c7de8b95c/detection

 

Edited by Gt-truth
better wording and typo

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Greetings,

I just visited the first URL (which wasn't blocked as you mentioned), however when I tried to download the file I using the download button on that page I got the following:

block.png.db9f89193498e6366f6eb2cd6ad68a4a.png

Please keep in mind that it can be pretty common for the bad guys as well as PUP vendors to create new sites to advertise and host their files, not to mention affiliates trying to make money promoting them.  It is also quite possible that the installer/file itself is actually new and simply contains or is a variant of a known threat so the Malwarebytes Research team may not have ever seen this particular file or website before.  In fact, this is one of the very reasons that Malwarebytes includes multiple protection components because a layered approach is superior since you are not forced to rely on any one component or area of research focus to discover and block all threats.  Since the file was detected/blocked when you tried to execute it, this means it was most likely the Malware Protection component that detected it as this module checks any process that tries to enter memory (Malwarebytes avoids scanning files while they are being downloaded or as they are copied to or created on disk as those are methods common to AVs so Malwarebytes uses different methods to help avoid conflicts with AVs).

If you wish, you may report any website that is not blocked by Malwarebytes that you believe should be here; just be sure to follow the instructions provided in this pinned topic.

Share this post


Link to post
Share on other sites
Posted (edited)

@exile360 MY OS here is windows 10 using the Firefox web browser with MB browser add-on . and for me the two links for the PUP above isn’t blocked  by both MB software or MB add-on on my windows 10 (file is only blocked by the add-on and not by Malwarebytes software) , I’m sure  and I have this problem  before with MB programv3 with previous /earlier version of windows 10 (1809) and I’ve just check again with the 2 URLS and they still not blocked either by Malwarebytes or even by the extension .

so I think this has not really been fixed yet and the problem or the issue is with the web protection module in the Malwarebytes .

I have test this with other reported URLS to me through a gaming website

also , been using windows security side-by-side with MB3 and Zemana anti-malware premium  .

Yes I got the block on the executable file as in your screenshot which it show that "the downloadable file which have been blocked" but "not the PUP site itself" , however when Malwarebytes have to detect something as a PUP software then the real-time web protection should to block the PUP’s its own website not just the "PUP software" here . and yes I know a new websites /leading webpage are to be created everyday and thank to MB team for their hardworking :)

if the file was not been seen and to be a  newly created then why the virustotal has shows a detection for this file which is by "Malwarebytes" but not to shows any detection for the PUP URL by all others vendors as well !

sure! I will report this if both of the PUP and the website have not been seen by the MB scanner .

 

 

Edited by Gt-truth
more words added to avoid confusion

Share this post


Link to post
Share on other sites

Hello,

Just to clarify, the issue you're having with Malwarebytes for Windows is the following:

  • Visiting a website that you believe should be blocked is not blocked by Malwarebytes Web Protection.
  • However, once a file is downloaded from the website and executed, it is detected by Malwarebytes Malware Protection.


If this is indeed the issue, then it is likely a case we do not have the website blacklisted in our Web Protection database. As mentioned, the website(s) in question will need to be reported to our Research team for analysis.

Share this post


Link to post
Share on other sites
Posted (edited)
9 minutes ago, LiquidTension said:

Hello,

Just to clarify, the issue you're having with Malwarebytes for Windows is the following:

  • Visiting a website that you believe should be blocked is not blocked by Malwarebytes Web Protection.
  • However, once a file is downloaded from the website and executed, it is detected by Malwarebytes Malware Protection.


If this is indeed the issue, then it is likely a case we do not have the website blacklisted in our Web Protection database. As mentioned, the website(s) in question will need to be reported to our Research team for analysis.

Hello @LiquidTension

yes this is correct as in your reply . but how do I know if this is in your MB web protection database or not !

I’m not sure but an question here . does each components has its own database ?

thanks

Edited by Gt-truth

Share this post


Link to post
Share on other sites
Posted (edited)
9 minutes ago, Gt-truth said:

Hello @LiquidTension

yes this is correct as in your reply . but how do I know if this is in your MB web protection database or not !

I’m not sure but an question here . does each components has its own database ?

thanks

If a website isn't being blocked, you can assume it's not in the database. To confirm, use the steps provided earlier to report the website.
 

Quote

I’m not sure but an question here . does each components has its own database ?

For the components that utilise a form of an updatable database - yes.

Edited by LiquidTension

Share this post


Link to post
Share on other sites
2 minutes ago, LiquidTension said:

If a website isn't being blocked, you can assume it's not in the database. To confirm, use the steps provided earlier to report the website.
 

For the components that utilise a form of an updatable database - yes.

OK . thanks to you @LiquidTension for great answers to my question ! :) this topic can be mark as answered !

@exile360 thanks to you for all great information on this matter . :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.