Malwarebytes Anti-Ransomware Beta

Thanks. It is an early beta, of course. So if the offending process/component has been quarantined while also having been subject to removal prior to a user's Restore or Delete choice, that's an issue needing resolution.

We'll see what pbust might reveal.

 

The reason why actions have to be automated is because Ransomware often also blocks desktop access so you can't even see protection dialogs. In case if screen goes "blank" but this program still protects you from actual data encryption.

 

Do we know at this point that MBARW functionality won't eventually be rolled into MBAM? You may remember that anti-rootkit functionality (MBAR) was added to MBAM.

 

Wouldn't incorporating it into MBAE make more sense?

 

I guess they will integrate, but there are some known issues and some more bugs in MBARW.

So it's wise to make it final first and integrate later.

 

I gotta keep remembering to use MBARW. MBAR is/was Anti-Rootkit. We should put in an RFQ for a change to MBARK. This technical stuff is soooooo demanding.

 

^^^ Correct, I believe this is what there doing.

 

Another excellent product for Malwarebytes?

Of course it would be nice if MBAM, MBAE and MBARW we combined into 1 product, however I don't think makes good business sense, nice for us not so nice for the Malwarebytes crew.

Seeing this is an early beta I may wait awhile to try it out as I do not have a VM installed now. Lots of bugs on their forum, to be expected though for the first day. Could give it a quick whirl with Shadowdefender I guess.

 

Just maybe they want to:

Looks like it to me.

 

Nathan Scott as Decrypterfixer is running the gauntlet over there. He'll be working some overtime, I think.

 

Its possible to keep one product and sell 3 licenses to unlock each feature. Do you think its a bad idea ?

 

To be fair I imagine MB has lost a fortune in revenue with the pirating of MBAM..They're running a business and offering more products is a sound way to create more income..They may well incorporate it into MBAM as an extra feature but at a higher cost than the "standard" MBAM.

 

This

 

Either it gave me a false positive, or all my files are about to be encrypted.

I installed FossaMail, connected to the internet and downloaded emails with it, no problem. I then moved my Thunderbird profiles to it, worked great. Then I installed the Lightning calendar extension, FossaMail then required a restart, but when it attempted to restart MBAR gave a warning that fossamail.exe was ransomware and quarantined it and said that I needed to restart the computer to delete it. I went to the quarantined file in MBAR and clicked "Restore". It told me I couldn't restore a file marked for deletion, and I couldn't find anyway to unmark it or send it to the exclusion folder. So I had to stop MBAR from auto starting with the computer, reboot the computer, and reinstall FossaMail.

So I'm a little nervous about it if I can't override it when it decides to delete a file. Maybe it's wise not to let the user decide, maybe people will be dumb and just assume it's a false positive, like me. But so far I don't see any signs of my files being encrypted. (I do have recent backups.)

 

Please follow these steps to report an FP:
https://forums.malwarebytes.org/index.php?/topic/177810-how-to-report-a-false-positive/

 

I just tried it with Thunderbird. I removed the Lightning add on and clicked restart now in Thunderbird. Now MBAR is going to remove both Thunderbird and FossaMail.

 

Thanks. It looks like the instructions may be helpful how to restore the file there also.

 

Yes, for now it is not very intuitive as it requires a reboot before you are able to restore. We need to improve this in the UI.

 

"Malwarebytes believes in a layered approach to security. Each layer has a specific objective and a unique technology to achieve that objective.



In the case of ransomware, we are able to block it in four different layers:



Most ransomware infects using exploit-based delivery mechanisms. In those cases the best protection is to have MBAE in order to proactively prevent the exploit from ever triggering, thereby blocking the infection chain at the earliest step possible before the malware even downloads to the victim computer.Some ransomware infect using non-exploit based social engineering tactics. For these types of infection vectors MBAM's behavioral patterns, heuristics and signatures is able to detect and block most known (and some zero-day) ransomware from every executing, thereby preventing the infection.If a ransomware is delivered via social engineering (or if the user does not have MBAE installed) and MBAM is not able to detect it via behavioral patterns, the MBAM Web Blocker most of the times will block the ransomware from downloading the encryption keys from its Command and Control (C&C) server, thereby preventing the encryption of the users' files.Finally, with Malwarebytes Anti-Ransomware we now have a fourth and extremely last line of defense. If (a) the ransomware is delivered via social engineering tactics or the user does not have MBAE,(b) the MBAM behavioral rules do not detect it and © the Web Blocker does not block access to the C&C, then the new Malwarebytes Anti-Ransomware will detect the ransomware activity on the system and block and quarantine it before it is able to encrypt the users' files.

With the above four layers of protection ransomware doesn't stand a chance now against Malwarebytes users. Please make sure you are running all MBAM + MBAE + MBARW alongside each other.



In the future once MBARW comes out of beta we will roll the technology into our consumer and corporate products so that you won't have to deal with multiple separate clients.



In the meantime thank you for your help during this technology beta testing period."

 

Done.

 

I currently run MBAM Premium. MBAE conflicts with Sandboxie, last I heard, and Sandboxie stays on my machines no matter what. MBARW is beta and I'm not a beta tester. TY

 

I don't expected another answer...but conotations to CM are obvious.
BTW...there are/will some advantages of MBAR in comparison to CM?

 

Yes, MANY advantages of MBARW over CM.

 

Don't tell me this requires yet another license...