Malwarebytes Anti-Ransomware Beta

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Jan 25, 2016.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Congratulations! Felicitaciones!
    :thumb::cool:
     
  3. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I was going to try and test it but as a matter of standard practice on my side I usually test betas or new programs in a VM without an NIC and if nothing is found I 'might' try in on my live system. I suppose I could add an adapter for each OS XP-10 and 'activate' it online then remove the adapter, save a snapshot, etc (for every MBAR version?) but my initial feedback at this point would be that if you really want people to test it, don't require online activation just to enable the protection during the beta period :-/ That being said I understand many ransom softs won't work without being able to connect home and retrieving a key so it's only fair to expect the test machine to be online but I'm stuck in my ways.
     

    Attached Files:

    • MAR.jpg
      MAR.jpg
      File size:
      203.5 KB
      Views:
      159
    Last edited: Jan 25, 2016
  4. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Change the taskbar icon when protection is stopped.
     
  5. haakon

    haakon Guest

    @ pbust
    I read that as MBAM and MBAE Premiums, without MBAR, will not detect and block the most dangerous of ransomware variants like CryptoWall4, CryptoLocker, Tesla, and CTB-Locker.
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Most ransomware today is delivered via exploits. So if you have MBAE it will prevent most ransomware infections that use an exploit or drive-by infection vector.

    Of the ransomware that infects through a social engineering (i.e. non-exploit) vector, MBAM deals with it in two ways:
    1- Via its signatures and behavioral pattern updates, detecting the sample before it is able to run.
    2- Via its web blocking by preventing a running ransomware from contacting its C&C and downloading its encryption key, thereby preventing the damage (i.e. encryption) of the files

    However even with the above three layers there's still a chance that a ransomware might get through which (a) is delivered via social engineering, (b) not detected by MBAM rules and (c) contacting a C&C that's not blocked by the Web Blocker. For those cases MBARW is a proactive approach that will block ransomware without signatures or web blocking.

    Also some people might not have MBAE or MBAM installed but still want proactive protection from ransomware.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Will it work on XP, and can it run in a snapshot that doesn't have MBAE installed on it, either?
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    It does not support XP for now.
    Yes it can run by itself without MBAE or MBAM.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Thanks.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    So...finally we know why CryptoMonitor (EasySync) has been abandoned...now is called Malwarebytes Anti-Ransomware. How MBARW is similar to CM?...has the same fatures or maybe some new?
     
    Last edited: Jan 26, 2016
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Thanks for the info, Pedro. Looks interesting. I think I will also give it a try soon.
     
  12. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    :thumb: :thumb: :thumb:
     
  13. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    +1 :thumb:
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    It's not CryptoMonitor. It's brand new technology from the ground up and we hired Nathan to lead the project due to his experience and knowledge of ransomware.

    For now it's just beta and we still need to finetune the core technology and add more features. We'll announce plans on how the final product format will look like when they are ready to be announced.
     
  15. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    Is it free for beta testers?
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Great news that you're developing an anti-ransomeware product to compliment MBAM and MBAR. Perhaps eventually MBARW could be an optional module plugged into MBAM?

    As for Nathan you got the right man. He deserves a medal after the way he helped people on bleeping.com (or at least a case of Red Bull lol) :thumb:
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    He sure does deserve a medal! We're very honoured and happy that he decided to join Malwarebytes. It's a good match as he has the same ethics and same point of view of helping users above anything else.
     
  18. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    @ZeroVulnLabs
    Two possible errors.
    1. Alerted on process ...........\Eset Smart Security\ekm.exe
    2. Nothing appears in quarantine.
    I will PM you the webpages I visited.
    ... PM sent.
     
  19. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    MBARW in action - even if it is a false positive. Heimdal.SecureDNS must have been scanning the page I was browsing on and triggered MBARW.
     

    Attached Files:

  20. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    +1 :thumb:
     
  21. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
  22. haakon

    haakon Guest

    @ Dark Star 72
    When did the remove/restart dialogue (Capture#26) show up? I don't think you would have selected Delete for Heimdal, did you?

    @ pbust
    The sequence doesn't make sense... A choice to Restore or Delete, but it's been removed?

    Anyhow, if one selects Restore is the item then in Exclusions? Can items be removed from Exclusions should that need materialize?

    Thank you.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Why a stand alone product? It must be part of MBAM. Do you really think people should run half of a dozen software to protect their system.
     
  24. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Capture#24 was the first pop up, I then opened the quarantine via the gui to see what was in there (capture#25). The capture#26 didn't show up for several minutes. As I was running under Shadow Defender there wasn't any point in rebooting to see what happened.
    The strange thing was that although Heimdal.SecureDNS.exe was removed to quarantine it was still shown as running in TaskManager and ProcessExplorero_O
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Too many separate components. Must be market-driven... break the product up into as many smaller, specialized pieces as possible in order to generate more revenue. I don't like it. :thumbd:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.