Jump to content

Recommended Posts

Just installed Firefox 79 (downloaded from Mozilla's website).  The install file checks OK with Norton AntiVirus and MWB Premium.  Firefox installed without any issue.  It was the real-time ransomware protection in MWB that shut the program down.

What log file would you like to look at?

Many thanks.

Link to post
Share on other sites

I ran the support tool, but it produces logs that either don't deal with the ransomware alert and/or contain confidential data.

I'll post the ArwDetections log that is referenced in MWB.  I think that's what you need to see.  Please let me know if there is another log you want to look at.

DCC6E120A0CA9AF0D229517A065D815E0F0D4DA603EE491DA81A0E9771C83B12
{
   "applicationVersion" : "4.1.2.73",
   "chromeSyncResetQueryRequested" : false,
   "chromeSyncResetQueryResult" : false,
   "clientID" : "",
   "clientType" : "other",
   "componentsUpdatePackageVersion" : "1.0.972",
   "cpu" : "x64",
   "dbSDKUpdatePackageVersion" : "1.0.26363",
   "detectionDateTime" : "2020-07-03T18:13:43Z",
   "fileSystem" : "NTFS",
   "id" : "ee09d2a6-bd58-11ea-998a-ac675d351b09",
   "isUserAdmin" : true,
   "licenseState" : "licensed",
   "linkagePhaseComplete" : false,
   "loggedOnUserName" : "System",
   "machineID" : "",
   "os" : "Windows 10 (Build 18362.900)",
   "schemaVersion" : 16,
   "sourceDetails" : {
      "type" : "arw"
   },
   "threats" : [
      {
         "ddsSigFileVersion" : "",
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "archiveMember" : "",
            "archiveMemberMD5" : "",
            "cleanAction" : "block",
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "",
            "generatedByPostCleanupAction" : false,
            "id" : "ee2d929c-bd58-11ea-81bd-ac675d351b09",
            "isPEFile" : false,
            "linkType" : "none",
            "objectMD5" : "0e5fe8b00c8bbbb30a31a33d717d85f7",
            "objectPath" : "C:\\Firefox\\firefox.exe",
            "objectSha256" : "65e894c299090483b25cee110d679d278360a24f98e2ccc30ad7e9f5636e1af1",
            "objectType" : "file",
            "resolvedPath" : "",
            "suggestedAction" : {
               "archiveDir" : false,
               "chromeExtensionOther" : false,
               "chromeExtensionPreferences" : false,
               "chromeExtensionSecurePreferences" : false,
               "chromeExtensionSyncData" : false,
               "chromeUrlOther" : false,
               "chromeUrlSecurePreferences" : false,
               "chromeUrlSyncData" : false,
               "chromeUrlWebData" : false,
               "disableHubbleWhiteListing" : false,
               "disableSignatureWhiteListing" : false,
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "isChromeObject" : false,
               "isDDS" : false,
               "isDoppleganging" : false,
               "isExternalDetection" : false,
               "isPUP" : false,
               "isShuriken" : false,
               "isWMIEventConsumer" : false,
               "killProcess" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "shortcutReplace" : false,
               "silentMode" : false,
               "singleDelete" : false,
               "treatAsRootkit" : false,
               "useDDA" : false,
               "verifyResolvedPath" : false,
               "whitelistCheckError" : false
            }
         },
         "ruleID" : 392685,
         "ruleString" : "",
         "rulesVersion" : "0.0.0",
         "srcEngineComponent" : "unknown",
         "srcEngineThreatNames" : [

         ],
         "threatID" : 0,
         "threatName" : "Malware.Ransom.Agent.Generic"
      }
   ],
   "threatsDetected" : 1
}

I uninstalled Firefox before I read your reply, so I can't upload the installed program's .exe file.  Sorry.

Many thanks for your help.

 

Link to post
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.