Jump to content

Malwarebytes ransomware protection/blocking malicious scripts


Recommended Posts

Hello Malwarebytes team,

I would like the Malwarebytes to know that there is an issue with their ransomware protection.

I have been doing lots of real-time protection tests. While Malwarebytes' malware protection is good, with a 96.36% detection rate. However, a lot of the time the VM's data has been encrypted by ransomware. Can the devs at Malwarebytes please upgrade Ransomware protection issues. 

Malwarebytes should also add malicious script blocking:

.bat

.vbs

.cmd

.js

... and more.

I am begging for Malwarebytes to truly fix the Ransomware issues and maybe add script blocking.

Yours sincerely,

rbsuoyfebvrufyvweyvf

Link to post
Share on other sites

18 hours ago, rbsuoyfebvrufyvweyvf said:

However, a lot of the time the VM's data has been encrypted by ransomware.

How did you introduce the file that ransomed the computer? How many files were on the computer/VM that would be encrypted by ransomware?

The Ransomware Protection component is the least proactive in Malwarebytes because it relies entirely on active application behavior in memory to make detections, meaning your system would first need to actually be infected by a live ransomware threat for Ransomware Protection to detect anything.  This is extremely unlikely since you still have the other more proactive components active which should prevent any infection from infiltrating your system in the first place, including ransomware

18 hours ago, rbsuoyfebvrufyvweyvf said:

Malwarebytes should also add malicious script blocking:

.bat

.vbs

.cmd

.js

In an ordinary chain of events (user coming across the threats organically not pre-downloaded scripts) The exploit protection is responsible for script blocking.

Link to post
Share on other sites

@Porthos

Thank you for your help.

I will do some script-based tests testing exploit protection.

Regarding your question: 

How did you introduce the file that ransomed the computer? How many files were on the computer/VM that would be encrypted by ransomware?

I usually use a script to automate the execution of the malware.

About the encryption question, usually all the files in pictures, desktop, documents and downloads usually are encrypted.

I do testing from the desktop, so usually all the malware samples were encrypted + my test pictures and documents.

From rbsuoyfebvrufyvweyvf

Link to post
Share on other sites

8 minutes ago, rbsuoyfebvrufyvweyvf said:

I usually use a script to automate the execution of the malware.

That is a non-organic (not real-world) test of the product. No actual user is going to throw a pre-configured most likely pre-downloaded batch at their computer.

Not saying things won't get by but it won't happen in the real world like your tests.

15 minutes ago, rbsuoyfebvrufyvweyvf said:

usually all the files in pictures, desktop, documents and downloads usually are encrypted.

I already said that some encryption will happen due to how ransomware protection works.

18 minutes ago, rbsuoyfebvrufyvweyvf said:

I will do some script-based tests testing exploit protection.

Sounds like you are going to run some pre-downloaded scripts or create your own for your test.

Again, it is not real world.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.