Jump to content

Cause for Google FP


Go to solution Solved by AdvancedSetup,

Recommended Posts

Two of our local machines here, each running Windows 10 Pro, were unable to access any Google site yesterday morning. The issue was noted here and is now marked as "resolved". I resolved both issues by rebooting and then manually updating MWB. At first, I thought all was well.

That, however, is the beginning -- not the end -- of what happened to me.

Chrome logged me out of all my session. When I logged back in, Chrome had reverted my bookmarks folder to its status from years ago. I've spent much of yesterday and today trying to recover. For example, credentials that I use for `auth0` (and that were cached in the browser). Amazon Prime credentials. A year's worth of notes as I find and bookmark valuable sites.

Even though I'm now logged back into the same Google account on Chrome, the earliest entry in my browser history is for 2:32p yesterday.

Is it just coincidence that all this happened within hours of a major failure of Malwarebytes? Did Google push a Chrome update that broke MWB? Did MWB do something beyond just blocking access to anything google?
 

I'd like further clarification of what actually happened yesterday. As anybody who has tried to backup Chrome anything on Windows 10 Pro already knows, there is no good way to backup this information. I do NOT want to "sync" it to Google Cloud -- that makes everything vulnerable if, for example, my account is compromised.

I'd like someone with insight into what happened in yesterday's failure to provide more information about what brought it about. I'd like to know if there are steps I can take to prevent a recurrence.

This has been EXTREMELY painful.

Link to post
Share on other sites

18 minutes ago, SomervilleTom said:

Did Google push a Chrome update that broke MWB? Did MWB

No

18 minutes ago, SomervilleTom said:

Did MWB do something beyond just blocking access to anything google?

No

18 minutes ago, SomervilleTom said:

Even though I'm now logged back into the same Google account on Chrome, the earliest entry in my browser history is for 2:32p yesterday.

Did you have sync enabled in Chrome? If so everything should have been there when you logged back into Chrome.

As little as I use Chrome, I just checked and everything was as I left it.

 

Edited by Porthos
Link to post
Share on other sites

9 hours ago, Porthos said:

No

No

Did you have sync enabled in Chrome? If so everything should have been there when you logged back into Chrome.

As little as I use Chrome, I just checked and everything was as I left it.

 

As I wrote in my thread-starter ... " I do NOT want to "sync" it to Google Cloud -- that makes everything vulnerable if, for example, my account is compromised."

Something caused Chrome clear everything -- it's history, my bookmarks, my cached credentials, everything. The timing of this disaster, coming literally on the heels of the MWB quarantining etc, makes me wonder what MWB did to my system during the failure system.

When the "threat" was identified, what happened when MWB quarantined the false positive? Was there a simultaneous upgrade? Is there a reference that describes what MBW does on my system when a local app is quarantined? My system behaves as though all of Chrome's local state was cleared.

Link to post
Share on other sites

Please reference:

September 21, 2022 - False positive with Google

I alerted @msherwood to the PDF's access Permission issue.

Thank you @SomervilleTom

EDIT:

I extracted JPEGs of the contents of the PDF in the interim.

1126786121_RCA-WebProtectionFalsePositive-Sept222022_Page_1.jpg

1126786121_RCA-WebProtectionFalsePositive-Sept222022_Page_2.jpg

 

Edited by David H. Lipman
  • Like 1
Link to post
Share on other sites

It appears to me that when MWB blocked my attempts to access google, it caused google to nuke its settings on my local machine and revert to a stale version (from months or years ago) that happened to be in my account in Google cloud.

I run my Windows 10 Pro as a guest VM, and I keep frequent snapshots of the entire VM. I loaded a guestVM from a snapshot of 20220905. I then opened Chrome (hoping to find my old bookmarks). No joy -- Chrome automagically updated itself and the bookmarks I wanted are gone.

I've attached a screenshot from the MWB dashboard. It appears to me that this MWB failure caused a ripple effect that has damaged my access to google services. I also suspect I'm not the only one.

I've been a premium customer of MWB for years. I'd like an update from someone at MWB about what happened, what the unintended consequences might have been, and how to recover (if possible).

 

20220923_sites_blocked.png

Link to post
Share on other sites

  • Root Admin

Hello @SomervilleTom

Can we please get some logs from your computer before you reverted the snapshot?

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.