Jump to content

Help Unpacking/Understanding "Detections Found and Cleaned" Alerts/Notices


Recommended Posts

Hey all! New to this forum. Hopefully I'm in the right place to ask these questions and also browse and learn from other posts here. I'm the new IT Admin for my company (I'm the entire IT department lol). Never worked with Malwarebytes before, but it's what we use here for all the protection it's intended to offer. It's a small company with 20-30 employees maybe, so not too many devices with Malwarebytes. Obviously all endpoint machines have them, and the necessary servers. I haven't checked to see what rules or policies were in place by the prior IT guy with regard to what would trigger a "detect"... outside of whatever default rules or policies Malwarebytes does "out of the box" in a stock configuration. But AFAIK, we don't restrict much here. Like, employees aren't restricted when it comes to web browsing, for example. 

Today, I got a few email alerts/notifications of these Detections Found thingys.... trying to make sense of it, and hope someone can help or point me in the right direction. First, I got about 5 total separate alerts total on their respective machines. Most of them came in with the "Policy Name" in the alert as: Default Policy. There was one that came in with a more specific Policy Name: Unrestricted Web Browsing. All the Googling in the world hasn't helped me narrow down either of these. Second, how "serious" of an alert are these? In the name of cybersecurity lol. Just wonder where they're at in terms of, "holy crap good thing that got caught" to, "yeah no big deal, those come in all the time".

So as far as the details are concerned, I can pretty easily figure out what machines and who they belong to. I understand the alerts tell me the date/time, machine name/ID, IP address(es) etc. But the Policy ID and Policy Name have me lost. What's triggering these alerts, outside of the obvious "You're being alerted because that's how you have your MWbytes rules configured"? I probably could care less about the Default Policy notifications, but the Unrestricted Web Browsing one has me at least curious. What gives?

Any help is greatly appreciated!

Here's one of the Default Policy ones followed up with one of the Unrestricted Web Browsing ones:

image.png.5c5a80b105c728ee1dbd33c381164a52.png

image.png.7b9ace7f1221ba0cb350d85b7732e3fe.png

Link to post
Share on other sites

FWIW, one of the Default Policy scan/alerts Quarantined two reg edits, it looks like on one of the machines: 

image.thumb.png.8ef49a01e4a0ff97f70d831e3ad44f28.png

HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION

 

Now I'm going down a rabbit hole reading information upon Googling for: "HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION" 

HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION
Link to post
Share on other sites

Just now, David H. Lipman said:

What product(s) is this related to?

Good question... It's Malwarebytes Nebula... I access the Admin console via cloud.malwarebytes.com 

Do I need to be looking for a product version or name that's more specific? Sorry and thanks for your help in advance!

Link to post
Share on other sites

  • Root Admin

Please see the following for Self-Help on Nebula

https://service.malwarebytes.com/hc/en-us/categories/4413798473491

 

You may want to create a support ticket if you're unable to resolve your concerns.

Business Support
https://service.malwarebytes.com/hc/en-us/requests/new

Thank you @elcolin85

 

Link to post
Share on other sites

  • 2 weeks later...
On 1/24/2023 at 2:15 PM, AdvancedSetup said:

Please see the following for Self-Help on Nebula

https://service.malwarebytes.com/hc/en-us/categories/4413798473491

 

You may want to create a support ticket if you're unable to resolve your concerns.

Business Support
https://service.malwarebytes.com/hc/en-us/requests/new

Thank you @elcolin85

 

Thanks. That sorta helped, sorta didn't lol it's OK. I'll fumble my way through :) 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.