Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Jekko

  1. Hello @southcoastie - we want to see if we can get some additional logs from you. Could you do the following: Enable User Mode Crash Dumps Please download enable_crash_dumps.bat using the link below. → https://malwarebytes.box.com/s/eug9gmk7i1xqeugb0xobjlqcsfb4uv1e Open your Downloads folder. Right-click enable_crash_dumps.bat and select Run as administrator to run the file. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A black Command Prompt window will appear. Upon completion, press any key to exit. Once done, please reproduce the issue you're experiencing. Collect Crash Dump When the installer next crashes, wait at least 1 minute. Press the Windows Key + R on your keyboard at the same time. Copy %localappdata%\CrashDumps and paste into the Run box. Click OK. A folder will open. Inside you should see a DMP file. Right-click the file and click Send to followed by Compressed (Zipped) folder. This will create a ZIP file. Go to WeTransfer.com in your browser. Click Add your files, navigate to %localappdata%\CrashDumps and double-click the ZIP file. Click (...) and select the link radio button under Send as. Click Transfer. Upon completion, copy the download link and include it in an email reply. Windows Event Logs Press the Windows Key + R on your keyboard at the same time. Type eventvwr.msc and click OK. Expand Windows Logs. Right-click Application and click Save All Events As.... Name the file application and click OK. Repeat for Security and System. Navigate to the location of the files. Highlight the three files, right-click one and click Send to followed by Compressed (zipped) folder. Name the Zip file EventLogs.zip and attach the file in your next reply.
  2. Thank you @southcoastie for the quick reply. We'll take a look!
  3. Hello @southcoastie and , Could you please follow the steps from the automated reply so we can look at your logs and help figure out what happened?
  4. We've been able to replicate this behavior. This has to do with requiring a reboot saying "No" to the reboot prompt, or even just waiting with the reboot prompt up. The old service is restarted because we don't want to leave the user unprotected and the installation will run again after reboot silently. We have a bug written up internally. Thanks for the input! 😀
  5. Hello @exile360 We're aware of the bug and this should be fixed in the next MBAM 4 iteration. Out of curiosity, what version was mbsetup.exe? It should be saved in C:\ProgramData\Malwarebytes\MBAMService\instlrupdate
  6. Glad to hear it. Let us know how the new BETA (edited) goes for you and any feedback you have with it.
  7. @Max-H Please try installing it once more. As @throkr mentioned you should see version: Malwarebytes version Component package 1.0.690
  8. I think I've found the issue. Can you open msconfig.exe and enable Malwarebytes Service. According to your logs it shows it as disabled. This is what you will be looking for.
  9. Hello @ggFlayeep! I've looked at your logs and see the error during uninstall. When you run mbam, do you see "Unable to connect the Service" like your first screen shot?
  10. Hello @DarthVitrial I've looked at your logs. Do you have Windows 10's Random Hardware Addresses enabled? https://support.microsoft.com/en-us/help/4027925/windows-how-and-why-to-use-random-hardware-addresses
  11. Thank you for reporting. We are aware of the issue and this will be fixed in a future update.
  12. You've already done so! Thank you very much. I'm able to reproduce what you've reported. I'll let the proper team know of the issue. The problem is the device is getting removed correctly server side, but the my account portal is not removing the right device name. If you refresh your page after removing the device, the list should be updated correctly. If the system already has MBAM installed, the next time it checks with our server and if you still have a seat available it will stay activated. Otherwise, you will need to re-activate it manually.
  13. @tonguetwister - Hello! I agree with Firefox. I would perform the upgrade due to the various fixes. We are also aware of possible issues during upgrades and have been making changes to help prevent this and added more logging to help debug the issue. If you do run into the issue, please do not hesitate to post here on the forum or reach out to one of the staff members here so we can figure out the issue.
  14. Hello @dagar74 and Could you follow the directions here and get us diagnostic logs from the Malwarebytes support tool? The directions are also in the Automated Reply above regarding technical issues.
  15. @coyote2 - Got it! I'm able to reproduce your scenario if I invoke RunAsInvoker to launch MBAM. I understand the annoyance of not wanting the UAC prompt, but this does put your system in a strange state and as you can see causes problems with MBAM trying to deactivate a trial. I'm unsure if you will run into the same issue with the Elevated Task Schedule method you linked. I will report this to our developers but if you do see more issues in the future, I suggest running the program regularly or even "As Admin" as you stated.
  16. Thanks for the logs @coyote2, we will take a look and see if we can figure out the issue. When you try to deactivate, is your user a limited/standard user or an admin? I see logging that the trial attempts to end, but lacks elevated privileges: 03/12/18 " 06:49:59.036" 5430000 1ab8 18a8 ERROR LicenseControllerCOM CLicenseController::EndTrial "LicenseController.cpp" 659 "Thread is not elevated."
  17. @softoutlet - Process Monitor will record what is happening on your computer at the time, and what I hope to see is what processes are running at the time of word 2010 being opened. This way I can see if there is a conflict with another program at the time. Also, we still want to get diagnostic logs from you. We have not received your logs.
  18. Hello @coyote2 and First, could you get the diagnostic logs requested from the automated reply? Farbar Recovery Scan Tool (FRST) Download FRST and save it to your desktop Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run FRST and when the tool opens click "Yes" to the disclaimer Press the "Scan" button This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions MB-Check Download MB-Check and save to your desktop Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" This will produce one log file on your desktop: mb-check-results.zip This file will include the FRST logs generated from the previous set of instructions Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area Also, do you see any notifications after clicking on the deactivate button?
  19. Hi @softoutlet - I've tried replicating your issue with: Windows 10x64 MBAM Symantec Endpoint 14.1 MP1 Microsoft Word 2010 I don't see your issue, Word is still opening in about 3 seconds. Could you do the following? First, get the diagnostic logs from this post: Then, download following tool and follow these steps: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Have MBAM and Symantec Endpoint installed. Run procmon. Open Microsoft Word. Save the log from procmon. Attach the diagnostic logs and procmon logs here.
  20. Hi there @dagar74 and Could you please get the following diagnostic logs and post them here?
  21. @bcodagnone - Thanks for checking that. As Porthos and vbarytskyy say, something is getting left behind after mb-clean is being run.
  22. @bcodagnone - Please try stopping the self-protection module before you upgrade to 3.3.1. Click on Settings. Click on Protection. Close to the bottom, turn off the setting Enable self-protection module.
  23. @Applemilk - If you could run mb-check and attach the zipped logs, that would be very appreciated.
  24. Hello riahc3, We are aware of the issue and will be pushing out an update to fix this. The intention was to have a user reboot and re-run the installer automatically after the reboot if there were any issues in the installation process. Unfortunately this issue is affecting many of our users so we are working to collect information to identify this is the same issue and will have a new build soon to fix this issue. Thank you for your patience and response.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.