Jump to content

Xord

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

984 profile views
  1. FYI: I'm not waiting... I have excluded this file from scanning on all clients (and un-quarantined it to all). Gee... this is the third false positive this month! Whatthehell?!? Does Malwarebytes not have QA on their signatures? ... losing faith here. 2016-09-15 Ransom.Petya - C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe 2016-09-15 Ransom.Petya - C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe 2016-09-02 Ransom.Crysis - C:\Program Files\Microsoft Office\Office12\ORGCHART.EXE
  2. Getting these same alerts right now - exact issue as on Tuesday.... Clients are running signatures v2016-09-15.09 It's gotta be a false positive! Anyone else?
  3. Notification Catalog: Client Description: Malware threat detected, see details below: 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\CLSID\{FFD7B771-8ECA-45DE-A944-7B013C6C2DF5} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\IPW.User.1 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\IPW.User 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\TYPELIB\{6F8CDC9E-DB60-4935-A7ED-A7BE8EB2941B} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{093FB88F-A6A3-4999-897F-56F40B4CFCAD} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{1E512A8C-7375-4F79-9260-11B1F476F3A8} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{2CA491F2-DB7D-4A35-88B2-A00961598BB5} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{31B499B0-B759-44E2-8A98-5D8CE56CE20F} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{33618277-58AF-4F80-A6DD-2716F6146F9A} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{352F743D-092B-4FC5-BABF-BCF5443EBCEA} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{5FC196B5-34D2-4D23-B59E-4FA93C229564} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{663256A7-466C-4023-BD46-4DD6DF8B2F90} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{6E7D9436-492E-4290-A935-7D1A6B0D8BEA} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{74C46962-AC20-460E-B824-F8B9A67EB2F2} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{7B3B6B6D-9FC7-4CFA-8020-C3AD61B27F55} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{A2B0FEA2-C453-41F7-9E00-EF1F198DDA68} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{A4FAB52E-45B1-4A62-A85F-9E20567F5CC6} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A51663-014C-4038-A996-5B98A89B15C4} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{C9D3A246-13AD-4CD6-8C3F-ED2BFE13CA72} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{CBF70AF9-A780-4527-93FA-0E98699D1415} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{D58FBBF8-3EC3-477C-8706-5C6C9AC8B3D4} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{DB3E9637-17D2-4E12-8F5C-A9D94E8703C2} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{E5A1C1F1-4493-41D6-BB44-1C050E702381} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{F9AD61BA-AEC0-4217-8311-C0A2ABC3FE7E} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{FB6C5D96-A3D2-4DAA-A518-A7164916B005} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{FBFBB5AE-3CE2-482B-9CDB-DA67F7078007} 8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IUser8.dll Total count: 27. -------------------------------------------- Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message.
  4. FYI: We had a few hundred alerts of exactly this too in our environment this past day.
  5. Hey all, I activated my 30-day trial license for MBAE, however I am not able to deploy it from the console: (I have around 1200 workstations with MBAM pushed and happily managed BTW): While waiting for my next communication, does anyone have any suggestions - I've included my support communication below (with added comments): FYI: Pushing MBAM from the console (using WMI) works perfectlyFYI: Pushing MBAE from the console (using WMI) results in a never-ending "Installing..." result that only ends if cancelled.... and ends up with a non-communicating agent on the workstation.FYI: Running mbae-setup-1.06.2.1020.exe as a stand-alone from my workstations works just fine.FROM THE CONSOLE (v1.5.0.2701): I attempted to install it on my own workstation (pushed from the admin console), and it (the console) returns: “Installed successfully, but registration failed. The installation procedure has ended before the client registered.”SUPPORT RESPONSE: This error is due to firewall setting pre-reqss which are not configured properly or there is another security product in place needing our EXE’s input in their ignore list. It means the client did not check back in during a certain timeframe although the install is successful. COMMENT: Anyone know what these pre-reqs are? In my tests, I have REMOVED both my AntiVirus (TrendMicro OfficeScan) as well as MBAM (and NO firewall is enabled on the computer, nor on my management server, nor between the server and workstation, AND I am a domain admin). Even trying to push out MBAE (with WMI) by itself (with MBAM not checked) fails. (FYI: pushing out MBAM (with WMI) by itself works perfectly!) FYI: If I re-scan (and detect client software) my IP from the admin console, it returns: “Client software has been installed and registered to this server” – and it displays Anti-Malware Version 1.75.0.1300 and Anti-Exploit Version 1.05.2.1017 SUPPORT RESPONSE: MBAE is now on version 1.06.2.1020, download it here – *edited*SUPPORT RESPONSE: Follow this link for how to replace the package to deploy – https://forums.malwarebytes.org/index.php?/topic/161133-how-to-upgrade-console-managed-mbae-clients-to-a-newer-version/COMMENT: Done and done! The problem did not resolve.HOWEVER, on the admin console CLIENT tab, it shows both items as being (installed, but) turned OFF… SUPPORT RESPONSE: Did you check your policy to make sure the protection modules are enabled? See the attached screenshots highlighted red.COMMENT: Yes, both modules are enabled and should be visible on the client workstation. ON THE CLIENT (my workstation) I ONLY see the anti-malware icon… NO anti-exploit icon. SUPPORT RESPONSE: See the MBAE screenshot highlighted in blue. You need to enable the icon if you wish to see it. This also will not show if you have enabled limited user or silent mode. COMMENT: Yes (sigh) it's enabled and not silent... On the client, when I right-click the MBAM icon and say “check for updates”, it returns: An error has occurred. Please report this issue to our support team… etc… PROGRAM_ERROR_UPDATING (5,0,MBAMFileIO::WriteFile)… Access is denied. SUPPORT RESPONSE: This is most likely a permission error or security product conflict. We can gather logs to help identify what is happening. COMMENT: Please advise which logs to gatherWhen trying to uninstall the client from the admin console, first there is NO option to uninstall the anti-malware add-on, and second, it returns: “Uninstallation failed. Malwarebytes Anti-Exploit uninstallation failed.” SUPPORT RESPONSE: The push uninstall removes ALL pieces, MBAM and MBAE. Also try the push uninstall option with WMI enabled. Your account may not have privileges despite being an Admin if your pre-reqs are incomplete, it happens frequently and is the reason the WMI option is in place.COMMENT: WMI is used for all installs and uninstalls. It works fine when used with MBAM... I am a domain admin with full admin privileges on all workstations. Please clarify pre-reqs! At this point, the folder on my workstation “C:\Program Files (x86)\Malwarebytes Anti-Exploit” is still populated, and there is NO entry in in Control Panel/Programs to uninstall SUPPORT RESPONSE: Because this must be done through the console, you’ll only see any entry for “Malwarebytes Managed Client”. COMMENT: Smashing.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.