Jump to content

Suspicious Download FP: MBST


1PW

Recommended Posts

https://downloads.malwarebytes.com/file/mbst   --->   https://cdn.mwbsys.com/packages/mbst.app/e/6/c/5/e6c51177a27d48098d691fe2661bb41d/72c77a5b-42ca-4d49-aed3-0c035e5f6709.exe

https://www.virustotal.com/gui/url/4c3259007b0ae6043668fb5490fe3c16fd3a45c222d86f30b6469f29c71059cb/detection

https://www.virustotal.com/gui/url/c5334338be86ecb15086ad31a9c95ee8801ddef97b79c5564044b1b97c6291d6/detection

https://www.virustotal.com/gui/file/feda6036ac0df81dffaeb00583e23ad9cd1b1a08b2b0821fcde96c8187138601/detection

Using macOS Catalina 10.15.6 (19G2021) & Firefox 79.0 with MBG 2.2.9

Thank you.

Screen Shot 2020-08-18 at 02.57.24.png

Edited by 1PW
Link to post

@1PW Could you elaborate on where you were leading to that block?  The download site is good, but maybe the pathway was not.  I'm trying to determine the referring site if possible.

Link to post
Posted (edited)

@adas @gonzo

Hello Mike:

Please excuse my most tardy response.  I had temporarily surrendered to the Greek god Morpheus.

For me, this issue is quickly reproduced at will:

  1. I start by pasting this forum's generic download server's common MBST URL in the Firefox address bar. (Documented in my post #1's code box.)
  2. That action immediately redirects to the CDN server's URL for the current executable (right portion of the code box in my post #1) where a notification box (attached below) then appears and asks if I want to open or save the MBST executable file.
  3. I allow the Save File radio button to remain selected.
  4. After clicking the OK button, probably only a few hundred milliseconds pass and the executable's download is blocked and replaced by the MBG suspicious screen. (Attached in my #1 post)

The issue is not present with Chrome or Edge.  If you believe another set of fresh MBG Debug Logs might be helpful, please let me know who to send them to.  To me this is merely an avoidable annoyance.  I truly apologize for the staffer time and energy being spent.

HTH

Screen Shot 2020-08-18 at 20.13.17.png

Edited by 1PW
Link to post

Thanks. I am passing this on to the Browser Guard PM to determine if further investigation is merited, or if it possibly has been resolved through efforts taken yesterday.  Thanks for this!

 

Link to post

Unfortunately, we don't have an answer here.  A few days have passed, so the logs have definitely grown since then.  We would be interested in seeing if there is a rational reason for a block on a known good site. Please send the logs...a ZIP would probably compress those puppies by 95%.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.