siliconman01

Fix confirmed. Thanks again for prompt resolution.

okay, will do. Thanks much for your efforts on this. 😉

Here is the requested log. Are you running the newly released component version of MBAM? The reason I ask is that yesterday I was not getting this false detection. Today after the component update, I am getting the detection. MBAMSERVICE.zip

I don't have 7zip on my system...I use WinRar v7.0. If I extract Support.Cab using WinRar and scan the extracted folder files, no detection is found. If I scan Support.cab with heuristics on, I get the detection. If I scan Support.cab with heuristics OFF, I do not get the detection.

It's also detected via a right click scan of the file.

It is still detected even after deleting HubbleCache per your recommendation. This is on a Custom scan with "Scan rootkits" selected and also with "Scan rootkits" not selected. It is not detected on a standard routine scan. MBAMLogCustomNORootkitScan.txt MBAMLogCustomRootkitScan.txt MBAMLOGStandardScan.txt

The latest MBAM is detecting the InstallShield info for my Creative SoundBlaster Z drivers as an infection. {9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}.zip MBAMScanLog.txt

Were the developers able to reproduce this issue? Is a fix in progress?

The [Extensions Database *] cleaning module has been removed from Winapp2.ini and is no longer an issue for users who add Winapp2.ini to the CCleaner set of cleaning modules.

File Explorer "eject" successfully works both on a Threat scan and a Custom scan with "Scan for rootkits" active. NOTE: There is no File Explorer "eject" for hot plug disks, so cannot test that. Did try the following "solution" after creating the issue on a hotplug disk. - In Run, enter: RunDll32.exe shell32.dll,Control_RunDLL hotplug.dll - Select the hot plug disk - Select Stop The above could not "eject" the hot plug disk until I exited Malwarebytes.

It does not happen on a Hyper scan, only Threat and Custom. The test procedure you show is correct. I have isolated what is causing this. 🙄 It is the "Scan for rootkits" logic that is causing it. If I turn off "Scan for rootkits", I can eject a USB or hotplug disk during and after a Threat scan. And in a Custom scan if I do not Scan for rootkits, I can eject the a USB or hotplug disk during and after a Custom Scan. Hope this helps you resolve and issue a fix for this issue.

This issue also applies to HotPlug disks. If the Hotplug disk is active PRIOR to the start of the MBAM scan, the Hotplug disk cannot be ejected until Malwarebytes is completed killed.

Success! 😊 Here is the wetransfer link. https://we.tl/t-A4BRqMUIca NOTE: The USB drive must be active/plugged in PRIOR to starting the MBAM scan. If I start a scan and THEN insert the USB drive, then the issue does not occur and the USB drive can be ejected during the scan.

Trying to create the requested memory dump; however, 5 - mbamservice_memory.bat opens a cmd window and then promptly closes. I think the MBAMService.exe is denying access even with Self Protection turned off. If I try using SysInternals' Process Explorer (run as administrator), and attempt to "create a full dump" of MBAMService.exe it comes back with Access is denied. Note that I rebooted the system after turning off self-protection.

Does/did not occur on 3.6.1 NOTE: The USB drive must be active/plugged in PRIOR to starting the MBAM scan. If I start a scan and THEN insert the USB drive, then the issue does not occur and the USB drive can be ejected during the scan.