My peace of mind is totally complete - on this subject anyway. I have no intention or interest in doing malware testing.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Me too Patty. I used to 'play' now and then but no longer.

Actually I wrote a sort of virus once as a joke. It was in the early days and there was a game that my roomie LOVED. The system didn't even have a hard drive so the game launched from a floppy disk. I wrote a little addition to the boot sector that used an unused sector on the floppy as a counter. When she booted the floppy for the 13th time it formatted the floppy displaying a message on the screen saying how she could get the game back... I don't think that details are needed... LOL! Of course there were 'clean' backups of the game.

_________________

Ha ha... naughty boy! LOL

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

It was fun. Strange thing is that I later used the same basic routine to keep track of data records access.

_________________

Cool!

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Well I see the need for any further serious posts isn't necessary

Not really. I'm very interested in what you find out about Malwarebytes 3 - I'm just not interested in testing it myself.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Fair enough. Last word I had was that there were indeed some anti Ransom stuff in MB 2 but even more in MB3. I am going to continue to test, to a) test the product and b) find out how it works.

Thank you.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Pete, thanks much for your testing efforts.

_________________
BB
http://barrypatch.net

Yes, it WOULD seem that MBAM 2 now includes anti ransom as I had the seperate anti-ransome installed but it disappeared from my system on the last build update for MBAM. I'm running version 2.2.1.1043.

I will say that Malware Bytes is a bit of a different type company. My lifetime licenses are boxed packages. The CD is the weirdest thing I've ever seen as to an optical. If someone has not seen one of these things I'd be happy to post an image. It is sort of worth seeing and pretty cool. As to weird I'm not talking about the label but rather the data side.

_________________

Well I asked if the actual ransomware module always rebooted to quarantine as have one sample that causes that. The official staff answer translated to I don't know. Apparently it may depend on the sample.

Patty as a different aspect of this testing my curiosity got the best of me. So I have configured my Win 10 x64 Pro vm with just Windows Defender and MB3. So far I have only run the one very nasty sample at it. Windows Def shut it down. Interesting indeed.

Pete, I am just curious. Is your nasty sample a ransomware, a virus, or a combination of both? I'm just trying to understand what Defender shut down.

_________________
BB
http://barrypatch.net

It's ransomware. Left unchecked it will encrypt all data file types on any hard drive it can find.

On Win 7 Emsisoft's EIS was fastest at shutting it down. MB2 missed it, MB3 nailed it and required a reboot.

Note although I don't mention it any of the ransomware I've played with would have been neutered by Sandboxie if run in the sandbox. They do get to encrypt, but the files are written in the sandbox and simply get deleted.

Good for Windows Defender! Glad Microsoft is on the bandwagon with anti-ransomware.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Tested 5 more samples on Win 10. Never got a chance to see what happened with MB3 Defender caught them all.

To all who are interested in MB3 it is buggy. Post rate on the forum there is high. I see some of the bugs myself.

WARNING. If you turn on MB3 and image, be sure to turn off the Ransomware module before imaging and then turn it back after.

Pete

Well they may have improved defender, but updates is the pits. An update has been running here since 10:30. ARG. I can fix the loss of security in 7 easily, but how do I fix this update mess.

I don't know, Peter. Having never experienced it myself, I don't know what the issue is. You, Acadia, and Allyson are the 3 that I recall running into the problem. There may be another one or two hanging about. I have to assume it is a software conflict of some sort. I keep my machine pretty simple and mostly Microsoft. A few 3rd party things - Nook, Kindle, Kobo, Calibre, Sumatra PDF, Adobe Flash, a few games - stuff from the Microsoft Store primarily; and Malwarebytes, of course. No dual boots, no 3rd party system utilities.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Sadly I also do not know as to Updates issues. Even though Allyson does not fit the profile might it not be that your extreme security measures are a factor? I'm not saying anything against your security but think it a valid question.

Unlike Patty I run a lot of third party software including such that changes how my Win 10 system runs including having an Active Desktop where I can use videos as my wallpaper as in Dream Scenes from Win Vista along with my Start Menu looking more like Win 7 than 10. My Win 10 system also has many aspects of the Aero transparencies. With all these OS mods I'd expect to have more issues but do not see them at all. A while back I DID have an update issue but it was a one time issue; can't even remember what the issue was and/or the cure.

My thought in questioning your security as a factor just boils down to the fact that you two are having updates issues and run similar security. Others here are not reporting such issues. In such cases you have to look at the difference between systems. In this case the difference is the extreme security measures.

Think about it... If you responded to a question where someone was having such issues and they said that they were using Norton for security... Would you not advise to get rid of Norton? Of course I'm not going to tell you to get rid of your security but will say that it may be part of the issue.

This is just speculation as I don't run Sandboxie but I can see a potential issue. Am I correct that, if you install something while sand boxed, you can select while exiting the sand box to keep the change? If this is the case than it is mandatory that the sand boxed session actually DOES have access to the real system's registry. If this is the case please explain how it is 100% security. If this is not the case please correct me.

I am NOT attacking any security measures here. I'm asking for explanations to a few things that do not make sense to me. Please do not just respond with that it just does it automaticlly. I'm trying to be totally open minded here but I cannot help seeing two people having similiar issues using the same basic security. In such a case it is just natural that I would question the security measures.

_________________

The VM I had update today, just had windows defender and Malwarebytes on it. Admittedly it was an Insider Preview update. But 5 hours?

Any way that was an aside to the subject had hand which is ransomware.

I still have questions... Sorry!

I understand that you are in a VM but is not that VM running under all yout main security? If this is the case then the updates still have to go through all your main system checks... correct me if I'm wrong on this.

It is like I have a nibble on a thought but can't get a solid bite. If you can give more info I just may find something but not likely more than you have already found. If the issue happens to be just a driver update just hide the danged thing and forget.

_________________

Security programs are certainly a possibility; but I also wonder about programs that alter the boot sector, imaging and multi-booting and so forth. I always had issues with programs of that sort, which is why I gave them up. Thank goodness I've had zero issues with my RAID mirror in many years.

For those of you who don't know, RAID=Redundant Array of Inexpensive Discs, and a mirror is when you have two drives that operate in tandem; that is Windows sees them as one drive and operates as if they are one drive. When anything gets written to one, it gets written to the other also. Same with deletions. This only protects you from complete hard drive failure of one of the drives. It is not a backup.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

The only problem that I ever had with MS updates was the one that I had a few months ago, and many people had it, well maybe not huge numbers at the Haven but still a fair percentage. MS released a KB that fixed it.

I feel confident that this will never happen, but given a choice between MS Updates and my security programs ...

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson

I have to do something for an hour and then all answer the question. Really simple

1. As to my frustation with win 10 updates, It's not only a VM but also in my win 10 images. It's aggravating to start an update have it run for 30 minutes and then fail. Then you get the click here for an explanation and the explanation is the update failed.

The reason the update took longer then forever is that it was an insider preview, and they are slow as molasses. Last week I aborted the download which very slow and tried to turn off the insider preview. It told me I need an internet connection. GRRR. You guys are about to get to deal with it as the latest insider preview was an RC.

As to the security software. No effect either on the image or VM. The VM is isolated so only the software on the VM effects it.

Now on to the remark Acadia made. While I play with Win 10, I see no reason to convert my main uses to win 10. 7 for me is so much more efficient. But I know everyone says, and I agree 10 is more secure as a an OS. And also If the updating on 7 gets to be to painful I may stop. It is my belief that my setup is as secure as Win 10. That is what I am proving, and so far.....