gchq
Honorary Members-
Posts
25 -
Joined
-
Last visited
Reputation
0 Neutral-
Customer reports one of our files 'Malware Blocked' on Malwarebytes Premium
gchq replied to gchq's topic in File Detections
Thank you 🙂 Keep up the good work -
This customer has two versions of our software. One (the older one) is being reported as containing Malware.AI.2510281446. I just ran both versions against the Virus Total engine and nothing is detected. Any ideas? Version 5.1 https://www.virustotal.com/gui/file/9957a57bf8a4865566f860c6315da2dea20be98907f8d87f9942cf271f84b6a2/detection Version 5.2 https://www.virustotal.com/gui/file/dbf3da8889a2b9d95c35224571abca278133bda573c7c6bbb59ea73469265106/detection
-
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
We do have a slightly unusual setup in that nearly all our hardware is server based with only a few workstations -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
Couple of things. 1. There is conflicting information about running MBAM on servers (both on this forum, your site and googling in general). 2. Your download site at CNET (thought I once read that a lot of PUPS come from there??) quite clearly states that Server 2008 is a supported OS for version 2.0.2.1012, both paid and free flavours. As I am totally unable to copy and paste (nothing happens) or insert a link or image (the dialogue freezes and refuses to do anything, even close) I have attached a pdf instead and hope that works. It is really frustrating. The end-shot is this - MBAM works well in our environment. We're not out to break the terms of your licence (the CNET statement notwithstanding) and would like to resolve this. -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
Thanks for your prompt response. I did read the pdf, and to me it looks like the endpoint software is designed to run on workstations with a management console that resides on a server and is used by an administrator to set up and monitor the software on the workstations. What I can't determine is what malware product is used on the servers? -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
Can anti-malware for business be installed and run independently on MS Servers (2008 R2 and 2012) without installing/using the management console? Are there any known issues uninstalling the consumer version and then installing the business version (like reboot as an example)? Because of security issues we have SQL Server Express disabled on most servers, and use a Sybase SQL for our DB requirements. If it is possible to run the clients without the management console, is this an issue? Thanks -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
2.0.2.1012 - DB 2014.07.20.04 Server 2008 R2 -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
Looking at the logs for the last three days that is the only outbound incident, all the rest are inbound. I have run scans with MalwareBytes, Hitman Pro and TDS Killer and they all came up zero, so I'm inclined to think that one outbound was a false-positive. It's not unusual for our website to get hits from Europe, Russia and China trying to run SQL injection scripts and I get email notifications at each attempt, and all 404 not found errors that could indicate a storm brewing - persistent offenders just get that IP range (.0/24) blocked. If this (MalwareBytes) is blocking additional incoming known bad boys from hitting our servers then it's really helpful :-) -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
IP address above should be 195.3.144.84 (copy and paste will not work) Time started 18 Jul 22:43:36 (UTC) Time ended 18 Jul 22:44:56 (UTC) Last line (Outbound) 22:56:39 -
Malicious Website Protection - port 80 - Inbound
gchq replied to gchq's topic in Malwarebytes for Windows Support Forum
Protection, Malicious Website Protection, IP, 195.3.144.85, 80, Inbound Repeats 10 ten times over the space of just over a minute then Protection, Malicious Website Protection, IP, 195.3.144.85, 8, Outbound -
It's here in a text file VirusTotal.txt
-
It won't let me post the link - if I open the link dialogue box it just freezes and I have to close IE. Any ideas?
-
On a 2008 R2 Server some old software for producing a boot CD has been sleeping contentedly since at least 2010 - the lasted scan picked one of the files FC.EX_ as containing Trojan.FakeMS. As best as I can remember this file was created from a W2K OS dated 1999 Uploaded the same to VirusTotal and only one hit, Malwarebytes - 'Probably harmless - there are strong indicators to suggest this file is safe' If you want a copy of the file let me know where to send it :-)