0x0A0D

I've for a path rule Xilinx apps on all my dev systems now, but there's other systems I don't manage that are probably at risk for being hit in the same way. One one hand I get that allow-listing on software dev systems generally makes things easier for developers with regards to FPs & performance hits, but I'm really not a fan of the soft target it can create if an attacker pivots through other lines of defense.

MWB dropped the main binary for the Xilinx Vividao FPGA/SoC design suite as ransomware today. Happened right as I was about to demo an FPGA project during an online meeting. That's about the worst time it could've happened... FP_Vivado_2021.2.txt

Sorry for not getting back to you sooner, It appears I don't have email topic notifications enabled. I have found anecdotal evidence both online and in other departments where I work that the application can work normally on Windows Server, despite it not being officially supported. As long as a user is logged on in an interactive session and left in the locked state when not in use, the non-business client can function normally as it does on a desktop-grade OS. I'm thinking the user will need to be added to the local Administrators group to perform scheduled tasks normally, but I wanted to ask around here as well as at work before going that far. For an older example of what I mean, try looking here: http://forums.malwarebytes.org/index.php?/topic/117220-shoulw-malwarebytes-be-installed-on-servers/. Putting that aside however, I was really just hoping for some useful insight into why it shouldn't work, even if the official answer is still just "no". I'm not here to fight company support policy, just a tech looking for details.

I am running 2.0.2.1012 Premium on a Server 2012 R2 instance and am having problems with the built-in task scheduler. Neither automatic updates or scheduled scans are running as scheduled, but manually running the tasks functions as expected. I have a standard (non-admin) user persistantly logged on in order to run applications that otherwise cannot be run as a background service. I believe this could be part of the reason automated tasks do not run as expected, but I can not grant the user Administrator rights for day-to-day operations. The strange part is that the background services should be able to run scheduled tasks as they are run as NTAUTH\SYSTEM, but I'm guessing there's some dependency on the user's rights running the UI instance (mbam.exe) that causes the tasks to fail.

Files no longer detected as malicious using 2014.03.30.06.

I am recieving 2 FPs on one of the Lenovo system utilities on my system. Virustotal shows no detections on the indicated file: https://www.virustotal.com/en/file/bbbae762fa22ccde6cc8db488b6980aa4bc1249c027c547777ab0db2ebb4465b/analysis/ The scan log and affected files are attached. 0x0A0D_Lenovo_FP.zip

I have a user on my small network unable to access 217.23.11.25 ( hxxp://www.animeshippuuden.com/ ) due to blacklisting: 2012/12/17 22:42:58 -0500 computer username IP-BLOCK 217.23.11.25 (Type: outgoing, Port: 2930, Process: firefox.exe) Initial investigation yields a english-language japanese video streaming website with advertising, but nothing appears overtly malicious. For what reason was this address/domain blacklisted, and might it be reasonably safe to add to the local whitelist? Thank you.