Malwarebytes Anti-Ransomware Beta

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Jan 25, 2016.

  1. haakon

    haakon Guest

    Thanks. It is an early beta, of course. So if the offending process/component has been quarantined while also having been subject to removal prior to a user's Restore or Delete choice, that's an issue needing resolution.

    We'll see what pbust might reveal.
     
  2. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    The reason why actions have to be automated is because Ransomware often also blocks desktop access so you can't even see protection dialogs. In case if screen goes "blank" but this program still protects you from actual data encryption.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Do we know at this point that MBARW functionality won't eventually be rolled into MBAM? You may remember that anti-rootkit functionality (MBAR) was added to MBAM.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,211
    Location:
    Among the gum trees
    Wouldn't incorporating it into MBAE make more sense?
     
    Last edited: Jan 26, 2016
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hmm. If the regular Malwarebytes is so good, why is this needed?
     
  6. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I guess they will integrate, but there are some known issues and some more bugs in MBARW.

    So it's wise to make it final first and integrate later.
     
  7. haakon

    haakon Guest

    I gotta keep remembering to use MBARW. MBAR is/was Anti-Rootkit. We should put in an RFQ for a change to MBARK. This technical stuff is soooooo demanding. :D
     
  8. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    ^^^ Correct, I believe this is what there doing.
     
  9. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Another excellent product for Malwarebytes?

    Of course it would be nice if MBAM, MBAE and MBARW we combined into 1 product, however I don't think makes good business sense, nice for us not so nice for the Malwarebytes crew.

    Seeing this is an early beta I may wait awhile to try it out as I do not have a VM installed now. Lots of bugs on their forum, to be expected though for the first day. Could give it a quick whirl with Shadowdefender I guess.
     
  10. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    Just maybe they want to:
    Looks like it to me.
     
  11. haakon

    haakon Guest

    Nathan Scott as Decrypterfixer is running the gauntlet over there. He'll be working some overtime, I think. ;)
     
  12. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Its possible to keep one product and sell 3 licenses to unlock each feature. Do you think its a bad idea ?
     
  13. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    To be fair I imagine MB has lost a fortune in revenue with the pirating of MBAM..They're running a business and offering more products is a sound way to create more income..They may well incorporate it into MBAM as an extra feature but at a higher cost than the "standard" MBAM.
     
  14. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    This:thumb:
     
  15. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    Either it gave me a false positive, or all my files are about to be encrypted.:(

    I installed FossaMail, connected to the internet and downloaded emails with it, no problem. I then moved my Thunderbird profiles to it, worked great. Then I installed the Lightning calendar extension, FossaMail then required a restart, but when it attempted to restart MBAR gave a warning that fossamail.exe was ransomware and quarantined it and said that I needed to restart the computer to delete it. I went to the quarantined file in MBAR and clicked "Restore". It told me I couldn't restore a file marked for deletion, and I couldn't find anyway to unmark it or send it to the exclusion folder. So I had to stop MBAR from auto starting with the computer, reboot the computer, and reinstall FossaMail.

    So I'm a little nervous about it if I can't override it when it decides to delete a file. Maybe it's wise not to let the user decide, maybe people will be dumb and just assume it's a false positive, like me. But so far I don't see any signs of my files being encrypted. (I do have recent backups.:thumb:)
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  17. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    I just tried it with Thunderbird. I removed the Lightning add on and clicked restart now in Thunderbird. Now MBAR is going to remove both Thunderbird and FossaMail.
     
  18. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, for now it is not very intuitive as it requires a reboot before you are able to restore. We need to improve this in the UI.
     
  20. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    "Malwarebytes believes in a layered approach to security. Each layer has a specific objective and a unique technology to achieve that objective.



    In the case of ransomware, we are able to block it in four different layers:



    Most ransomware infects using exploit-based delivery mechanisms. In those cases the best protection is to have MBAE in order to proactively prevent the exploit from ever triggering, thereby blocking the infection chain at the earliest step possible before the malware even downloads to the victim computer.Some ransomware infect using non-exploit based social engineering tactics. For these types of infection vectors MBAM's behavioral patterns, heuristics and signatures is able to detect and block most known (and some zero-day) ransomware from every executing, thereby preventing the infection.If a ransomware is delivered via social engineering (or if the user does not have MBAE installed) and MBAM is not able to detect it via behavioral patterns, the MBAM Web Blocker most of the times will block the ransomware from downloading the encryption keys from its Command and Control (C&C) server, thereby preventing the encryption of the users' files.Finally, with Malwarebytes Anti-Ransomware we now have a fourth and extremely last line of defense. If (a) the ransomware is delivered via social engineering tactics or the user does not have MBAE,(b) the MBAM behavioral rules do not detect it and © the Web Blocker does not block access to the C&C, then the new Malwarebytes Anti-Ransomware will detect the ransomware activity on the system and block and quarantine it before it is able to encrypt the users' files.

    With the above four layers of protection ransomware doesn't stand a chance now against Malwarebytes users. Please make sure you are running all MBAM + MBAE + MBARW alongside each other.



    In the future once MBARW comes out of beta we will roll the technology into our consumer and corporate products so that you won't have to deal with multiple separate clients.



    In the meantime thank you for your help during this technology beta testing period."
     
  21. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I currently run MBAM Premium. MBAE conflicts with Sandboxie, last I heard, and Sandboxie stays on my machines no matter what. MBARW is beta and I'm not a beta tester. TY
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I don't expected another answer...but conotations to CM are obvious.
    BTW...there are/will some advantages of MBAR in comparison to CM?
     
  24. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, MANY advantages of MBARW over CM.
     
  25. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Don't tell me this requires yet another license...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.