Jump to content

FoolishIT

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Agree on the a new thread, regardless I'm glad you posted here, if not just for our involvement because we wouldn't have seen a new thread otherwise. If anyone has any other information relating to CryptoPrevent we'd be glad to hear it, and if not applicable to this thread please PM us a link after you start a new thread, if we should be aware of it. Thank you! Before we close the books on this one ourselves, I wanted to offer one other bit of info, which is NOT advice and may or may not even be applicable. I didn't see the mention of mbam_clean in this thread. I may have missed it, but a quick google search turns up a lot of results from 2013/2014 on a very similar error condition with the same wording. These did involve MBAM v2, and I think I saw a v3 BETA thread somewhere; depending on your search methods at least one front page result should be on these own forums. The issue was resolved here and in one other 3rd party forum I looked at after the simple process of uninstall MBAM, run the mbam_clean utility, then reinstall MBAM. Understand I CANNOT actually offer this as any direct advice. For one, I am not familiar with it. Also, while the download link from the thread here still works, I have no clue if this is current and fitting for usage with MBAM v3. Since the downloaded file has a modified date/time stamp as if generated at the point of download, I cannot even tell how recent it is without further research and/or actual usage to examine the executables inside, and it would be pointless since the staff/forum mods here would know far better than I. This is why I didn't repost the download or thread link here; quite possibly this is not at all relevant to this case, and I would advise you NOT to take this as advice until reviewed by one involved with Malwarebytes and these forums! Just throwing the mention out there since I didn't see it mentioned earlier, so perhaps a forum admin or support staff could advise further. I plan to wrap this one up in our own ticket queue, but I wanted to wish you the best of luck with a quick resolution. Let us know if we can be of any further service.
  2. Hi, In my testing, performing the exact same steps on Win7 x64 exhibits the same result as described on Win10 x64, in that Malwarebytes has no issues. To be clear, I have enabled all features/maximum settings in CryptoPrevent, and in Malwarebytes I enabled (in addition to the default installation settings) the "Scan for Rootkits" "Enable self-protection module early start" features as well as "Collect enhanced log data for support (not recommended)" so I can provide any additional details as necessary. Hope this helps,
  3. Hi! I looked into it, and nothing on the Malwarebytes exclusion list that was referenced would be affected by CryptoPrevent settings. The .SYS files (drivers) are never affected in any way, as only executable files are blocked by any setting, and .SYS are non-executable driver files. While all .EXE files can be blocked with user-customized CryptoPrevent rules (such as those in the \Program Files\Malwarebytes\Anti-Malware\ directory) there are no issues with these as stated in our default path/filename rules that would be affected by any Software Restriction Polices set through CryptoPrevent. The only possible issue I can see with built-in CryptoPrevent settings, at maximum or customized protection levels, is the "Prevent File Types > Program Filtering > .EXE/.COM files" protection. When enabled, the .EXE files in the Malwarebytes directory would not be allowed to launch until examined for additional internal logic and file signature matching with known malicious programs. I have verified NONE of this would be an issue with the Malwarebytes exclusions, but the issue itself would be an error with launching the .EXE file after it was scanned and determined as non-malicious, but failed to run after being allowed by CryptoPrevent (FYI to our knowledge, this was a bug with CryptoPrevent v7.x and the Microsoft Office "Click to Run" style launcher, for which no program functions quite like it, a Microsoft thing...) You could disable this setting for your own testing, although it did not cause an issue in our testing. The confirmation/testing: I've installed the Malwarebytes v3 trial with real-time protections on top of an already installed copy of CryptoPrevent v9 with maximum protections enabled. In Malwarebytes > Settings > Protection and noticed the "Scan for Rootkits" option was not enabled, so I enabled that since it looks a bit related to your error message, as well as "Enable self-protection module early start" which was not enabled by default, and it sounded good. I rebooted a few times, performed a scan with Malwarebytes as recommended by the software, and have not experienced any issues or errors with either product whatsoever. FYI, the testing is on a pre-creator's update Windows 10 64bit in a virtual machine, which is updating to the creator's update with all protections of both applications enabled as I type this, just for giggles... (success, installing subsequent updates now...) I should also mention I enabled "Collect enhanced log data for support (not recommended)" in Malwarebytes > Settings > Application in anticipation of an issue and working to resolve it, so if it helps we will be happy to provide any information collected, or perform any additional testing as may be directed by Malwarebytes support staff on this issue. If working with Malwarebytes devs for any discovered issues, we could offer some proprietary information regarding the internal logic of CryptoPrevent's .EXE/.COM Program Filtering if necessary, but I wouldn't make the information public for obvious reasons so I cannot offer that here; I would rather the customer simply disable this setting for confirmation that it isn't an issue, although it did not cause issue in our own testing. Should we need to install a paid edition of Malwarebytes for testing (if the current 14-day trial capabilities are not sufficient for this issue) I have a few of the older "lifetime" licenses and (yes) Malwarebytes (as well as CryptoPrevent) should be on my mom's PC as well, assuming these licenses are still valid in Malwarebytes v3. Final thoughts on CryptoPrevent settings: Any potential conflict with CryptoPrevent would come from user-customized program blocking rules that you yourself would have created with CryptoPrevent's "Policy Editor" which allows customized blacklist rules and user hash definitions to be created. If you have created any customized block rules, you should remember this instantly but you can visit user areas in the "Policy Editor" to verify. You can also see ALL blocked events by CryptoPrevent (including Windows Software Restriction Policies set by CryptoPrevent rules) through CryptoPrevent's "History - Detections and Events" area, where you have the option to view blocked events since the "Previous Startup" or "The Beginning of Time" ... The only thing not appearing here would be the afore mentioned bug from CryptoPrevent v7's .EXE/.COM protection (then dubbed "BETA") although this was resolved in v8; again simply disable that setting (or any/all CryptoPrevent settings) to confirm it isn't an issue.. Let us know if we can be of any further assistance regarding this issue.
  4. miekiemoes, thanks again for the assistance in getting this matter resolved!
  5. Thanks for your prompt response! I look forward to getting this resolved.
  6. Thanks for being a contributor! But I'm Nick, not Kevin -- I believe Kevin Berg is the physically challenged tech that an article was written about on Technibble a year or two back. Very inspiring article! That's the only source I can think of where you would see the name mentioned with my software..
  7. Hi, my name is Nick and I am the developer of CryptoPrevent. I had assumed that Malwarebytes would fix this issue by now, but I see it hasn't happened, so allow me to jump in here. Two reasons why this is a false positive: 1. Please explain to me how is this detection "correct" because I fail to understand.. it is your detection, so it is only "correct" to you, but it is quite INCORRECT to me. It implies that the open command is broken, although this is a false statement as well as it is not broken at all! It is merely modified... but it still works, hence it is not "broken." Further, I did not realize that MBAM was a utility to scan for and repair registry "errors," rather I was under the assumption it was strictly an anti-malware utility... At the VERY least, if you want to alert your users to non-standard registry settings that aren't malicious or "broken" then the least you could do is not disguise them as malware detections, and default your action to ignore or whitelist the detection, not remove it ... but the problem with alerting your users to begin with is that obviously the vast majority of your user base does not have any idea what those settings are or what program put them there, much less what to do about it -- so they take your advice and "quarantine" them as it is the default action. This is very bad form.. 2. Most importantly when you throw the technical "broken" excuse aside, CryptoPrevent's settings are indeed detected as malicious, see pic where it specifically says "Malware Detected" in a popup. But there are other things that indicate it is treated as malicious by your software. I have circled the false warnings displayed by your software, and how it defaults to "fix" the false issue and disrupt the functionality of other legitimate software. This is causing a lot of confusion and outright panic among my customers. If it were any other company falsely detecting Malwarebytes software and affecting Malwarebytes business, then I am positive that Malwarebytes would seek immediate legal action as a recourse if the software vendor refused to acknowledge and resolve the problem in a timely fashion. Realize that I do not have the financial backing to protect my own company and reputation, so I am relying on your decision makers to do the right thing. So I would really appreciate you passing this up the ranks to someone responsible for false detections. Thank you for your time and consideration, and also for an otherwise fine product you have.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.