Propheticus
-
Posts
64 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Propheticus
-
-
Hi,
I've been a fan of Malwarebytes since I was a student and helped people fix their slow PCs, often riddled with malware and PUPs/toolbars.
As an ad-hoc scanner/cleaner there was no better option. So I'd always have a portable version with the latest definitions with me on my (write protected) USB-stick with malware removal tools.At some point I earned a life-time license and started using MWB as real-time malware/virus protection (together with Windows Defender). I thought it would be only fair to explain why I have now decided to uninstall it. It's also to underwrite the issues several others have recently posted about. These issues might be more widespread than currently visible. They're not easy to diagnose for regular users, because it's often other apps like your browser that display the issue.
In recent year, every now and then new (major) releases led to issues ranging from annoying to rather serious. From slow browsing to entirely crippling performance and overall system instability. As an IT guy, I'm lucky I can troubleshoot and fix most issues myself. If I would be a regular home user, I think I'd lost my patience a lot earlier.
The most recent issues I encountered are:
- Resolving host... in Chrome took literally ages. Also other DNS operations would time out or take very long. A reboot would temporarily fix it. Seemed to creep in over (up)time, possibly related to the daily quick scan.
-
After a longer uptime not a single application would start anymore or take very very long to do so. (I often use sleep instead of a shutdown, only rebooting to update or fix issues)
possibly a memory leak as hard faults / interrupts and mem usage were strangely high. - The event viewer would be full of errors about permissions (apps trying to instantiate storage folders; so file system rights & DCOM application specific local activation permissions)
- Every few boots OneDrive would fail to start and access online files properly. Retrying/starting OneDrive never helped; only a reboot could solve it, but it was a lottery.
-
Updating MWB indicated to take forever. It kept showing the spinning circle "installing updates". The first time I minimised the the UI to tray to continue browsing while waiting. Opening the UI again was no longer possible. A reboot resolved it and the update appeared to be successful.
The next time it happened I did not close the UI but lost patience after at least half an hour of spinning wheel action. After the reboot all seemed fine again, logs and file update timestamps showed the update had already finished long before I had rebooted.
I recently performed a clean install using the support tool to fix issues 1 and 2. While it looked like it fixed the DNS issues, I could not test long enough to be sure. The reason was that issue 2 popped up again and I was truly fed up by now.
This is when I decided to uninstall Malwarebytes and use Defender instead. I've hardened it to be a bit more strict (using MAPS with cloud protection set to high and block at first sight enabled). Recent real-life* tests on eg. AV-comparatives show that even with default settings its defence is rather good nowadays. Even scoring higher than Malwarebytes.I'm using Windows 10 Pro N on version 1909 which was cleanly installed in August. All drivers and apps are kept up-to-date.
I was not on a VPN and not part of a domain group. This is my home PC. The only tweak in MWB I did was turning off the forced registration in security centre (to keep Windows Defender on).
In conclusion. Until you resolve the stability/reliability issues and provide a noticeable improvement over what comes for free with Windows 10, I'm not reinstalling Malwarebytes.
*: They use real-life attack vectors like network shares/email attachments/website urls hosting the malware instead of a flat test that simply runs malware executables already on the local fs.
I know the default answer about your behaviour detection being bypassed by the way they test. In my opinion it's no longer true they defeat this behaviour based security layer. They mimic a user visiting websites referring to malware (not the direct download URL) and opening emails. -
I think I'll skip.
After a beta that might've caused my PC to not post properly I'm a bit cautious. After disassembling my whole pc and starting from bare essentials, I found it booted with 1 piece of ram, then after adding the second piece it no longer did.
Although I find it hard to believe a piece of software actually destroyed hardware, a tool that ties in on such a low level might affect drivers>indirectly impact the hardware controlled by it. It could be coincidental timing. While I know proximity in time =/= cause and effect, you'll understand I'm wary.
-
What also would have been nice to mention is that a clean install is a possible fix. A clean install has worked for several people:
- Boot Windows in safe mode and uninstall MBAM 3 from programs and features.
- Check in C:\Windows\System32\Drivers to see if mbae64.sys and MBAMSwissArmy.sys are indeed gone. If not delete by hand.
- Install MBAM 3 again from scratch (can be done while still in safe mode)
-
I had shared mine here:
Before the clean install (via safe boot), when I had serious issues like BIOS not posting on reboot, I saw a lot of errors related to "AEControllerImpl" and "AeShimImpl" (Anti-exploit?) And some syntax error for LicenseControllerImpl because the string that's being referred to is empty.
After the clean install I only see the LicenseControllerImpl errors.
-
Don't want to hijack this topic, but just wanted to mention I had the same slowness/hang issues on my pc as described above. Eventually needed to reset BIOS to defaults and boot in safe mode to uninstall and re-install.
I do not use Macrium so that lead might be false...
-
Ok, so eventually did a boot a safe mode to delete leftover drivers from Malwarebytes. (mbae64.sys and the swissarmyknife)
Also installed while still in safe mode. MBAM 3.0 now started succesfully.
Nitpicking: Win10 does not recognize MBAM 3.0 as a full fledged virus scanner and enabled Defender...
appears I needed to explicitly tell MBAM to register itself:
-
Here's some info. Going to do an uninstall now and re-install.
edit1: reinstall is failing due to issues with replacing mbae64.sys
-
wow, this time my system would not even POST properly. Had to reset my BIOS to defaults....
-
- Brief description of the issue.
I installed MBAM 3.0 beta on top of and existing MBAM 2 install. After a reboot it complained real time protection(exploit protection) was disabled. Turning it on took forever.
Furthermore my system is very very slow. After booting I could not do anything, now everything happens delayed. Between clicking something and the actual application/windows opening takes minutes, even ctrl-alt-del takes a minute to appear. Actual CPU/Disk/Mem usage does not look out of the ordinary.- Any screenshot(s) of error messages or other incorrect behavior (not required; include if available).
- Operating System Details (e.g. Windows 7 SP 1 x64, Windows XP SP3 x86, Windows 10 x64 Version 1607 Build 14393.351, etc.).
Win 10 x64, gathering the rest of the details is currently too cumbersome. Explorer just crashed (UI dissappeared) while trying to open the Configuration Panel.
- Details on how you encountered the bug and any steps that can be taken to reproduce it.
Installed MBAM 3.0, uninstalled Avast (free), rebooted
- Do you get the same result more than once if you follow the same steps? Y/N
I'll try another reboot now.
- A copy of the contents of C:\ProgramData\Malwarebytes\MBAMService\logs in a ZIP file (attach to post)
Can't access explorer, takes too long + it crashes.
-
Do a right-click and "check for updates" to download the latest definition database
-
Same here when on gmail/inbox, google, new chrome tab:
www.gstatic.com 172.217.18.163 ports 0 62430 62431 62432 62433 63491 63492 63493 63494 63495 63496 63497
ssl.gstatic.com 172.217.18.163 ports 0 62023 62024 62025 62026 62027 62031 62032
csi.gstatic.com 74.125.29.94 ports 0 63460 63461 63462 63478
-
Blackhat friendly sounds as if they actually take their side. Surely that's not the case, right?
Anyway, thanks for the answer. I get how being too unresponsive in blocking hackers does make a hoster an enabler in a sense.Is your hope that blocking their whole IP-range motivates them to take action?
-
Suddenly got a block warning while browsing. Ip's both resolve to Velcom.ca which is a Canadian webhoster as it seems.
Maybe too large a block of IP's has been blocked due to one infected site, because above Ip's seem clean. Only see one warning about an outdated Apache server version (2.2.17). -
-
The exact cause aside: my point was that it's rather ironic for an AV company to have it's website or forum hacked. Doesn't inspire confidence, however misplaced this notion may be (pc vs webserver, 3rd party vs in-house., etc)
-
SMF 2.0.7 has been available since januari. Avast forums was running 2.0.6... So I'm not speculating at all. They did in fact not run the newest version. Also: they speak of hashing, but I didn't read anything about salting.
-
That's pretty bad for a company that has security as it's core business... Even though Avast was using 3rd party forum software, I reckon leaving leaks open/not updating to newest forum software damages their reputation. To put it in one word: "clumsy"
-
This problem exists for the Dutch language as well, so might not be language specific.
-
He's not talking about False Positives. He's asking about false negatives / low detection rate. The other way round, many blacklisted sites are not being blocked while he thinks they should.
-
Now, back to my own MB anti-malware. If I keep the program updated, there really is no reason to upgrade to 2.0, is there?
Other than the cosmetic changes (not all for the better, I'll give you that...) there have been changes underwater as well. Your 1.75 life-time licence (bought pre-2.00) will be converted to a 2.00 life-time licence. There really is no reason not to upgrade, is there?
Also I wasn't being snarky, but in the discussion I read some confusion about the 1PC->3PC thing. My bad If I misinterpreted this.
-
One lifetime license does not magically turn into 3.
-
'better' looking is pretty subjective. It looks pretty organized but the abundance of gradients, large red areas with screaming warnings and red crosses whenever one little thing is a bit off are making it look like a 'speed up your pc now! 300 problems found!' fluffware app.
It can be argued that the 2.00 version is easier to use for non tech savy users, the exaggerated warnings make it look suspicious to the more IT handy people out there though.Also: I won't be doing any free advertising for a 2$ t-shirt.
-
The new version will not be lifetime licenses, but yearly subscriptions. Get a lifetime license while you can...
-
Advertisement in a paid product.... no thanks!
Malwarebytes causing bad sound?
in Malwarebytes for Windows Support Forum
Posted
How so? When it comes to properly handling real-time audio, ISR routine / DPCs and the time they take to execute (latency) are relevant.
AV/Anti-malware products often tie in on a low kernel/driver level, so driver issues or conflicts are not unimaginable.
A good explanation (and tool to measure) can be found at Resplendence's LatencyMon page.
It does take a bit of IT understanding and is not a cookie-cutter answer, that's true.
LatencyMon at least uses general rules of thumb that make sense to estimate whether a system is running in a way suitable for handling real-time* audio.
Anything under 2000 µs (2ms) is considered ok. On my PC it measures 500 at the highest and 10 µs on average.
Please note the how to use page also mentions there's several other possible causes for drop-outs: audio buffer size, CPU thread contention (high load/competing programs), buggy drivers, buggy software. Also CPU throttling/power saving functions can cause spikes during state switching.
Since the tool shows drivers' DPC execution times and processes' hard page faults they can at least help you find possible culprits of audio issues. Probably the DPC latency spikes are much bigger than 2ms if they're the cause of dropouts in normal music playback.
*: real-time refers to use-cases where you use low-latency (midi) devices with a small buffer... Like artists or recording studios do to obtain a low total roundtrip latency in the monitor/artist earbud. Regular music/video playback is not real-time and should be able to handle higher latencies. Buffer sizes for recording input could be e.g. 256 samples. At a sample rate of 44.1kHz that's only 5.8ms input latency (2000µs = 2ms)
Audio/video playback software often uses buffers 10x that or more.