gchq

Members
  • Content count

    23
  • Joined

  • Last visited

About gchq

  • Rank
    New Member
  1. We do have a slightly unusual setup in that nearly all our hardware is server based with only a few workstations
  2. Couple of things. 1. There is conflicting information about running MBAM on servers (both on this forum, your site and googling in general). 2. Your download site at CNET (thought I once read that a lot of PUPS come from there??) quite clearly states that Server 2008 is a supported OS for version 2.0.2.1012, both paid and free flavours. As I am totally unable to copy and paste (nothing happens) or insert a link or image (the dialogue freezes and refuses to do anything, even close) I have attached a pdf instead and hope that works. It is really frustrating. The end-shot is this - MBAM works well in our environment. We're not out to break the terms of your licence (the CNET statement notwithstanding) and would like to resolve this.
  3. Thanks for your prompt response. I did read the pdf, and to me it looks like the endpoint software is designed to run on workstations with a management console that resides on a server and is used by an administrator to set up and monitor the software on the workstations. What I can't determine is what malware product is used on the servers?
  4. Can anti-malware for business be installed and run independently on MS Servers (2008 R2 and 2012) without installing/using the management console? Are there any known issues uninstalling the consumer version and then installing the business version (like reboot as an example)? Because of security issues we have SQL Server Express disabled on most servers, and use a Sybase SQL for our DB requirements. If it is possible to run the clients without the management console, is this an issue? Thanks
  5. 2.0.2.1012 - DB 2014.07.20.04 Server 2008 R2
  6. Looking at the logs for the last three days that is the only outbound incident, all the rest are inbound. I have run scans with MalwareBytes, Hitman Pro and TDS Killer and they all came up zero, so I'm inclined to think that one outbound was a false-positive. It's not unusual for our website to get hits from Europe, Russia and China trying to run SQL injection scripts and I get email notifications at each attempt, and all 404 not found errors that could indicate a storm brewing - persistent offenders just get that IP range (.0/24) blocked. If this (MalwareBytes) is blocking additional incoming known bad boys from hitting our servers then it's really helpful :-)
  7. IP address above should be 195.3.144.84 (copy and paste will not work) Time started 18 Jul 22:43:36 (UTC) Time ended 18 Jul 22:44:56 (UTC) Last line (Outbound) 22:56:39
  8. Protection, Malicious Website Protection, IP, 195.3.144.85, 80, Inbound Repeats 10 ten times over the space of just over a minute then Protection, Malicious Website Protection, IP, 195.3.144.85, 8, Outbound
  9. Just wanted to confirm that I am reading this correctly - does it mean that connection to a website on that (local) machine was prevented if the IP shows as malicious?
  10. It's here in a text file VirusTotal.txt
  11. It won't let me post the link - if I open the link dialogue box it just freezes and I have to close IE. Any ideas?
  12. On a 2008 R2 Server some old software for producing a boot CD has been sleeping contentedly since at least 2010 - the lasted scan picked one of the files FC.EX_ as containing Trojan.FakeMS. As best as I can remember this file was created from a W2K OS dated 1999 Uploaded the same to VirusTotal and only one hit, Malwarebytes - 'Probably harmless - there are strong indicators to suggest this file is safe' If you want a copy of the file let me know where to send it :-)
  13. Just to throw in my two cents worth... Carried out a scan today and it not only found a file with Trojan.Email.FA sent from 'Wells Fargo' via email that I had already isolated (first red flag was FirstName_Surname@WellsFargo.com not FirstName.Surname@WellsFargo - Sandra Bullock - 'Some people collect string...') but also cited PUP.Optional.AskToolbar included in the Image Burn setup exe that has been there since 2010 and has not been flagged before. I have noticed that Java updates now carry this option and if memory serves me correctly the last few updates from Flash carried this for another unwanted toolbar add-on - we are not talking back-street developers here, but large multinationals.
  14. The problem seems to be they see this... and then this below it I think it is confusing by design - it would be quite easy to change the button text to 'Download Malwarebytes' or 'Download this advertisers product'