pbust

Moderators
  • Content count

    3,151
  • Joined

  • Last visited

2 Followers

About pbust

  • Rank
    Staff

Profile Information

  • Location
    Earth

Recent Profile Visitors

105,112 profile views
  1. New 1.09 build 1140: https://malwarebytes.box.com/s/iiiogjrrnv58ynl2n5p6vlqecxgmj8dj
  2. Welcome to the forum Drea. MBAE includes 4 layers of protection, from Layer0 to Layer3. Some detections happen in Layers0 or Layer1 which is very early in the attack chain, way before the malware payload is even delivered from the attacker to the machine. Some detections are Layer3, where we block the malware payload from executing on the machine. Only when there is a malware payload blocked by Layer3 can we add exclusions for these types of payloads.
  3. Hi tonytis. The ForBusiness version asks for license key during the install process. If no valid key is entered, the product installs but doesn't start its UI. In case you missed it, try installing over the top again and look for the license key prompt during installation.
  4. Welcome to the forum Waterdog! Does the problem persist if you reload the page? We've seen one minor issue sometimes during the first installation of Silverlight, but after reloading the page it is resolved. Also as Ron said, try disabling the MBAM Web Blocker during your tests to discard that as a potential source of blocking.
  5. The best approach for these and other kernel level vulnerabilities are to apply the patch. In the case of Duqu kernel exploit for example MBAE will block payloads from executing in the vast majority of the cases, but the kernel exploit itself does execute.
  6. You are correct @daledoc1
  7. Replicated and being fixed. Thanks!
  8. Try a fresh re-install with a fresh download from our website. 1- Uninstall MBAE 2- Reboot 3- Download and re-install
  9. Hi Guy947, please post your MBAE and FRST logs. Instructions can be found in the "readme first" link of my signature.
  10. In this latest build we've added WinRAR and some others (WinZip, 7z, etc.) to the "internal shields". Internal shields are basically apps we hook into to help determine certain logic when applying the Layer3 application behavior detection techniques. So for ex if winword.exe launches cmd.exe which in turn launches wscript.exe, that's a clear giveaway of exploit-like behavior. We added Winrar and others as an internal shield as we've detected some ransomware exploiting application behaviors (i.e. social engineering, not real exploits) which we were not blocking before.
  11. Yes, this is correct and by design. We'll try to add it to the next build.
  12. Thanks for the logs. Unfortunately they are incorrect. You've ZIP'ed C:\Program Files (x86)\Malwarebytes Anti-Exploit\ and the logs directory is C:\ProgramData\Malwarebytes Anti-Exploit\. Try checking for logs from your other security software to see if anything is blocking Malwarebytes Anti-Exploit from running.
  13. Please follow the fresh re-install procedure, including the reboots: https://forums.malwarebytes.org/topic/171634-mbae-fresh-re-install-steps/
  14. Thanks for the logs. Unfortunately I don't see anything out of the ordinary. Have you tried running a few second opinion antivirus and anti-malware scanners to see if there might be some malware infection?