Jump to content

gchq

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This customer has two versions of our software. One (the older one) is being reported as containing Malware.AI.2510281446. I just ran both versions against the Virus Total engine and nothing is detected. Any ideas? Version 5.1 https://www.virustotal.com/gui/file/9957a57bf8a4865566f860c6315da2dea20be98907f8d87f9942cf271f84b6a2/detection Version 5.2 https://www.virustotal.com/gui/file/dbf3da8889a2b9d95c35224571abca278133bda573c7c6bbb59ea73469265106/detection
  2. We do have a slightly unusual setup in that nearly all our hardware is server based with only a few workstations
  3. Couple of things. 1. There is conflicting information about running MBAM on servers (both on this forum, your site and googling in general). 2. Your download site at CNET (thought I once read that a lot of PUPS come from there??) quite clearly states that Server 2008 is a supported OS for version 2.0.2.1012, both paid and free flavours. As I am totally unable to copy and paste (nothing happens) or insert a link or image (the dialogue freezes and refuses to do anything, even close) I have attached a pdf instead and hope that works. It is really frustrating. The end-shot is this - MBAM works well in our environment. We're not out to break the terms of your licence (the CNET statement notwithstanding) and would like to resolve this.
  4. Thanks for your prompt response. I did read the pdf, and to me it looks like the endpoint software is designed to run on workstations with a management console that resides on a server and is used by an administrator to set up and monitor the software on the workstations. What I can't determine is what malware product is used on the servers?
  5. Can anti-malware for business be installed and run independently on MS Servers (2008 R2 and 2012) without installing/using the management console? Are there any known issues uninstalling the consumer version and then installing the business version (like reboot as an example)? Because of security issues we have SQL Server Express disabled on most servers, and use a Sybase SQL for our DB requirements. If it is possible to run the clients without the management console, is this an issue? Thanks
  6. Looking at the logs for the last three days that is the only outbound incident, all the rest are inbound. I have run scans with MalwareBytes, Hitman Pro and TDS Killer and they all came up zero, so I'm inclined to think that one outbound was a false-positive. It's not unusual for our website to get hits from Europe, Russia and China trying to run SQL injection scripts and I get email notifications at each attempt, and all 404 not found errors that could indicate a storm brewing - persistent offenders just get that IP range (.0/24) blocked. If this (MalwareBytes) is blocking additional incoming known bad boys from hitting our servers then it's really helpful :-)
  7. IP address above should be 195.3.144.84 (copy and paste will not work) Time started 18 Jul 22:43:36 (UTC) Time ended 18 Jul 22:44:56 (UTC) Last line (Outbound) 22:56:39
  8. Protection, Malicious Website Protection, IP, 195.3.144.85, 80, Inbound Repeats 10 ten times over the space of just over a minute then Protection, Malicious Website Protection, IP, 195.3.144.85, 8, Outbound
  9. Just wanted to confirm that I am reading this correctly - does it mean that connection to a website on that (local) machine was prevented if the IP shows as malicious?
  10. It's here in a text file VirusTotal.txt
  11. It won't let me post the link - if I open the link dialogue box it just freezes and I have to close IE. Any ideas?
  12. On a 2008 R2 Server some old software for producing a boot CD has been sleeping contentedly since at least 2010 - the lasted scan picked one of the files FC.EX_ as containing Trojan.FakeMS. As best as I can remember this file was created from a W2K OS dated 1999 Uploaded the same to VirusTotal and only one hit, Malwarebytes - 'Probably harmless - there are strong indicators to suggest this file is safe' If you want a copy of the file let me know where to send it :-)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.