SecGuru
Honorary Members-
Posts
51 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
I'm also a real Malwarebytes fan, but what they do with Endpoint Protection is really not good. There are too many errors and problems, so we have switched to another product. I really hope that they will improve this, as it seems like a beta program, which costs a lot of money to customers.
-
Hi, It seems that the anti ransomware in EP does not work well. I tested a powerhell ransomware sample on Windows 10 x64 Enterprise. The PC was fully operational with EP, all modules were included in the policy. However, the files are encrypted. The strange thing is that Malwarebytes 3 (home) and the Anti Ransomware 0.9 module in Entpoint Security, block the script, with these products, the files were not encrypted ?? Please find attached the prinscreens, the file(pw=infected) and the policy settings. https://virustotal.com/en/file/7a6d5ae7d7bc2849ea40907912a27e8aa6c83fafd952168f9e2d43f76881300c/analysis/1500146992/ Has anybody else the same issues? I have tested some other ransomware samples, these were blocked, but not this sample. Readable Msg-j8k5b798d4.zip
-
With Endpoint Security you cannot central manage, deploy and report everything regarding to the Anti-Ransomware module. So basically not an option for large organizations. In addition, the anti-ransomware module within Endpoint Security is still the 0.9 version. Also, Endpoint Security does not have an Anomaly Detection Engine, (if I have to believe the information and communication on the website).
-
https://www.alienvault.com/documentation/usm-anywhere/deployment-guide/plugin-management/supported-plugins/configuring-malwarebytes-endpoint-sec.htm
- 2 replies
-
- siem
- alienvault
-
(and 1 more)
Tagged with:
-
Cannot be added into exclusion list
SecGuru replied to esherret's topic in Malwarebytes Anti-Exploit for Business
Any update on this? I have the same issue but cannot find the "Allow insecure java Operation on internal pages" setting. I'm using Anti Exploit for Business 1.08.2.2572 with Management console. -
Atom Bombing uses return oriented programming (ROP). From MBAE 1.08, Malwarebytes protects against ROP.
- 9 replies
-
- code injection
- windows atom tables
-
(and 3 more)
Tagged with:
-
Atom Bombing uses return oriented programming (ROP). From MBAE 1.08, Malwarebytes protects against ROP.
- 3 replies
-
- code injection
- windows atom tables
-
(and 3 more)
Tagged with: