Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@NtRaiseHardError
NtRaiseHardError authored Jan 23, 2020
1 parent 8862b87 commit 31c7979
Showing 1 changed file with 2 additions and 16 deletions.
18 changes: 2 additions & 16 deletions Malwarebytes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,8 @@

## v4.0.4.49

What's the problem now?
Hijacking Malwarebytes via COM IPC.

## v3.7.1.2839

### Issues

1. Does not proactively scan files dropped to disk,
2. Executables with `etl`, `Config`, and `Manifest` file extensions ran using `CreateProcess` do not get scanned.

### Recommended Fix(?)

1. Include `IRP_MJ_CLEANUP` (and optionally `IRP_MJ_WRITE`) minifilter callback operations,
2. Do not whitelist `etl`, `Config`, and `Manifest` file extensions from scanning.

### Tested Environments

* Windows 7 x64 Home Premium
* Windows 7 x64 Ultimate
* Windows 10 x64 Pro
Malicious code bypass via extension whitelisting.

0 comments on commit 31c7979

Please sign in to comment.