Jekko

Staff
  • Content count

    243
  • Joined

  • Last visited

About Jekko

  • Rank
    Staff
  • Birthday

Recent Profile Visitors

2,904 profile views
  1. @Acrobaze - That was my mistake! Previously in MBAM 2.x we protected the desktop shortcut for malwarebytes. Another way to test if self-protection is working is, while it's turned on, to create a new folder in the Malwarebytes Program Files directory. C:\Program Files\Malwarebytes\Anti-Malware @TempLost - Thank you for your response! I'll look into the 2 sets of logs you've sent, but if you have any clear instructions on program compatibility or conflict please don't hesitate to respond. You originally opened this thread for Web Protection issues so we can continue the conversation here.
  2. I've modified the batch script I sent earlier. Based on the logs you sent with Event Logging on, we think this may solve your issue. Please run this file as admin again, and let us know how the results are. Do not worry about uninstalling Avast or CryptoPrevent yet. SP_Replace.zip
  3. Thanks for the logs @TempLost. Unfortunately nothing clear has been found from procmon. We did see there were accesses by aswidagenta.exe which is Avast Identity Protection software. Could you try disabling Avast temporarily and running the batch script I gave you to see if self-protection can be enabled? Also, can I ask you to enable Event Log Data in MBAM's Application settings? This will give more advanced logging to the MBAMSERVICE.log file. Please try those steps and attach your mbamservice.log file afterwards.
  4. Here is the process to get logs from ProcessMonitor: Run procmon.exe. Agree to the License Agreement. Process Monitor will open and being collecting events from your computer. Follow the other steps I've outlined earlier regarding SP_Replace.bat: Run SP_Replace.bat as Administrator. Wait for MBAM's UI to open. Turn on/off self-protection in MBAM's Protection Settings. Click on the save icon. Look at the path for Logfile.PML. Click OK. Zip and Attach Logfile.PML back here on the forums. If the file is too big, I can provide a box.com folder for you to upload to. Please let me know if you have any questions.
  5. Thanks for the logs @TempLost. Your cooperation has been great! For some reason it looks like mbamchameleon.sys is being blocked when it should be created. Could you try the following? Download ProcessMonitor. Run ProcessMonitor. Run SP_Replace.bat as Administrator. Wait for MBAM's UI to open. Turn on/off self-protection in MBAM's Protection Settings.
  6. @templost We're still looking into the issue, but if you could provide your latest mbamservice.log, that would be very helpful.
  7. @TempLost Do you still see self-protection enabled in the UI? Can you rename the shortcut for MBAM on desktop? This would prove to us if chameleon is protecting MBAM's files correctly.
  8. Could you try the following? Open cmd.exe with admin credentials and run the command: net stop mbamservice Delete the file C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json Open MBAM. Adversely, if you do not know how to do those steps, I am also attaching a file "SP_Replace.bat" which will do those steps listed. You will need to run SP_Replace.bat as administrator for it to work correctly. After doing those steps, and MBAM is running again, please check if MBAMChameleon.sys has been replaced. SP_Replace.zip
  9. @Firefox MBAM 3 also uses the mbamchameleon.sys file. It's for self-protection functionality.
  10. The only time you get a block notification is when you navigate to http://52.21.84.70/ ?
  11. @Acrobaze Thanks for the quick reply! When you visit iptest.malwarebytes.org, do you get a block notification? Do you see it added to your reports section from MBAM's UI? First I want to confirm that you are getting visual confirmation from MBAM that a block is happening.