Zeus_Dog Posted January 23, 2021 ID:1434199 Share Posted January 23, 2021 I wanted to point out that I tried to download this tool https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe to check it out and a second or two after it finishes download Browser Guard pops up and flags it then deletes the file from my downloads folder. Not sure if anyone else is having the problem. So I had to disable it to get it then ran checks with MBAM, Kaspersky, Emsisoft, and Bitdefender and they say it is clean but on Virus Total Malwarebytes and two others are flagging it. I attached the screen shot. Just thought you might want to know. Link to post
Root Admin AdvancedSetup Posted January 23, 2021 Root Admin ID:1434200 Share Posted January 23, 2021 Can you please check and verify what version of Malwarebytes Browser Guard you're using and let us know. Link to post
Zeus_Dog Posted January 23, 2021 Author ID:1434202 Share Posted January 23, 2021 In case you want to know I'm on wi7x64 Sp1 using Firefox 84.0.2 Link to post
Root Admin AdvancedSetup Posted January 24, 2021 Root Admin ID:1434204 Share Posted January 24, 2021 I've reported it, but I'm on the same version but on Windows 10 and cannot duplicate the block. Hopefully by Monday someone can take a further look into it. Thank you Link to post
gonzo Posted January 25, 2021 ID:1434504 Share Posted January 25, 2021 I have not been able to duplicate this in Chrome or Firefox on Windows 10. Knowing that suspicious downloads are sometimes the result of a block on a referring domain, could you please tell us the steps you took to end up with this problem? We need to be able to reproduce it before we can know exactly how to fix it. Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434764 Share Posted January 27, 2021 Hey Gonzo, I find it very inconsistent myself, but I would just either click on the link that Advanced setup had given or copy and paste it into a new tab and it would present a little Windows window "OpeningSecurityChec,exe" and ask to save or cancel. I would save, it would download, and then sometimes after the download was complete, it would then popup the Browser Guard window and delete the file from the downloads folder. Now I run Kaspersky Total Security as my main av, not sure if there is something there causing Browser Guard to randomly trigger on it?? Link to post
gonzo Posted January 27, 2021 ID:1434779 Share Posted January 27, 2021 safezone.cc is in my whitelist. That should also take care of subdomains. Theoretically, that should also take care of suspicious downloads. Theoretically, we should not have pandemics either. I just tried to trigger it five times with Firefox. It successfully downloaded each time. Not being able to reproduce the problem, the best I can offer is to ask you to send me a debug log should it happen to you again. At least then, I will have something to look at that may yield a clue. Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434783 Share Posted January 27, 2021 Where would I be finding the debug log? Also curios about the Virus Total flags from Malwarebytes, Palo Alto Networks, and Sentinal One, I'm assuming FP's? Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434784 Share Posted January 27, 2021 Granted I realize Security Check is not a Malwarebytes product, but since it is recommended by staff, just making sure it is safe for customers they recommend it for. Link to post
Root Admin AdvancedSetup Posted January 27, 2021 Root Admin ID:1434786 Share Posted January 27, 2021 The file is from 2017 and simply reads data from your computer and compares it to a list of program updates available via an XML file within the program. You can open it with WinZip, 7-Zip, etc and look at it. https://www.virustotal.com/gui/file/6fbd17dc86e44b0a3fa4ab8d4d5cadd541bb67cc1dc505cc3c5b495eadd2946e/detection Link to post
gonzo Posted January 27, 2021 ID:1434787 Share Posted January 27, 2021 Debug log is created in your \Downloads directory. Look for a file with a "jsonl" extension. WARNING: This puppy grows faster than the national debt. A new log is started every time a new browser session starts (browser, not browser tab), but multiple tabs and long sessions create huge logs. Ron beat me to the punch on the other part. Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434790 Share Posted January 27, 2021 I'm assuming you mean open up Browser Guard when this warning pops up and and click the three dots in upper right and click on support, and click download debug logs? If so do I have to do it when that warning is up? I did download the log a few minutes ago, I had received the error twice tonight, the browser has not been closed since this happened, but the tab it was in has. Not sure if that will have it in it? Link to post
gonzo Posted January 27, 2021 ID:1434800 Share Posted January 27, 2021 Your assumption is correct. If you have not exited your browser, evidence may still be in the logs. It also has a maximum size so the oldest data gets discarded to make way for new data. With only a few minutes run time, you should be okay. Download it, zip it up and send it over. The ZIP file will be fairly small (comparably). Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434814 Share Posted January 27, 2021 Here you go BG-Logs_v2.2.17_2021-01-27_20941474.zip Link to post
gonzo Posted January 27, 2021 ID:1434834 Share Posted January 27, 2021 Could you see if you can determine the identity of this Firefox extension: 6d0326e4-7a4a-475a-a805-1830dd84caaf It is causing a scam detection (only once) associated with a download of the file in question. It is in the logfile at line 901. Are you using a download manager? I'm at about 10.5 hours in for the day, and I can hear a pizza off in the distance calling my name. With what I have found and what further you may be able to tell me, I will talk to the developer in the morning. Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434838 Share Posted January 27, 2021 That extension is uMatrix made by Raymond Hill (uBlock Origin creator). I don not use a download manager. Link to post
Solution gonzo Posted January 27, 2021 Solution ID:1434957 Share Posted January 27, 2021 It appears there is an interaction between uMatrix and Browser Guard that is causing the issue. It appears in line 901 of the log file, but only appears once in the file overall. Because there is not a external URL that can be added to an Allow list, I would look to see if something could be done from the uMatrix side to allow Browser Guard operation. From reading about uMatrix, it appears that it is doing the same thing as Browser Guard, but being able to go after scripts which Browser Guard may use during operation my also cause uMatrix to target Browser Guard. I don't think either product or the file you are trying to download are problems on their own, but the interactions between them can be. Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1434985 Share Posted January 27, 2021 Just so you know, at this time it appears that uMatrix is not being developed anymore, so it won't get fixed on that side. But at least we know the issue and if someone has to temporarily disable one to get it, it is what it is. It is simple enough, and as long as the file seems safe, (thoughts of the Solarwinds supply chain attack is what prompted me to wonder with the virustotal hits) then it is all we can do. Glad I could help. Link to post
gonzo Posted January 27, 2021 ID:1434986 Share Posted January 27, 2021 As am I. Not enough hair left on this head to do much serious head scratching! Link to post
Porthos Posted January 27, 2021 ID:1434991 Share Posted January 27, 2021 31 minutes ago, Zeus_Dog said: at this time it appears that uMatrix is not being developed anymore I personally use UBlock Origin and Browser guard together on all of my supported browsers. No issues.🙂 Link to post
Zeus_Dog Posted January 27, 2021 Author ID:1435001 Share Posted January 27, 2021 I do to, but umatrix has some nice abilities as well with script, xhr, frame and other blockings that noscript and ublock don't cover. There is overlap, but also things each one can do that the other ones can't. I have found these to be a great one, two, three punch. Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now