hake

This issue is affected by the Fast Startup option in Power Settings. When Fast Startup is enabled, a system startup following a power off shutdown results in the two settings described, if previously set to ON, continuing in that state.

You were right about my mistake with Firefox ESR versions numbers. I keep all browsers that I use bang up to date. This behavour of Browser Guard for Firefox is exactly repeated on all five copies of Firefox which I have on different Windows 7, 8.1 and 10 systems and the MailOnline website causes the same behaviour on all five FF installations.

MBAE 1.13.1.407 -> Browser Dynamic Anti-heapSpraying enforcement and MS-Office Protection for Office VBE704 object abuse settings are set at first use after installation of MBAE but can become unset at every subsequent start of MBAE. The main thing I have noticed is that the problem is initiated by starting Windows 10 with a restart. While the system is started after shutdown, the problem advanced settings are unchanged, i.e. the two items are checked. After a restart, the two items are unchecked and then remain so, even after a startup from a system shutdown.This only affects a single system and other installations are unaffected. I am running BitDefender free on Windows 10 Pro 21H1 x64. MBAE shows no similar issue on a similar setup with BitDefender free on Windows 8.1 Pro x64. Where do I find the software to create a diagnostics file?

I cannot set Browser Guard to consistently block ads/trackers and PUPs on https://www.dailymail.co.uk/news/. Those two controls always revert to unset for the MailOnline website when Firefox is closed and restarted. They cannot maintain state. Malware and scams are shown as set to be blocked. My overall default settings in Browser guard are to block ads/trackers, malware, scams and PUPs. This issue does not seem to occur with Browser Guard for Chrome browsers. I am using Firefox ESR 78.0.14 (64bit). The protection settings controls shown in the screenshot might be unreliable? It looks like Ads/Trackers might be being blocked. The MailOnline website is a bit of a mess. It provides a poor user experience, the pages loading in a haphazard way and comments submitted to topics often disappearing without trace.

I have installed Browser Guard on Firefox and have full confidence in it because it is produced by Malwarebytes.

Glad to help. It's what is called Enlightened Self Interest. MBARW 428 is performing faultlessly on my several Windows 10 21H1 systems plus an 8.1. Memory consumption is flat.

I am running Windows 7 with the updated MBARW 428 and have noticed the 'double icon' in the System Tray. Initial impressions look good. I will come back this evening (UK time) after I have run some more scans. It seems to me that running intensive scans are what seem to make Malwarebytes Service grab more than its fair share of memory when version 427 of MBARW was in use. P.S. Six hours on from the remarks immediately above, I have run SuperAntiSpyware scans on two Windows 10 21H1 systems, one Windows 8.1 system and one Windows 7 system and the memory consumed by Malwarebytes Service has remained stable, typically at 16 to 18MB. I noticed some CPU activity in Malwarebytes Service while the data for the scan was downloaded and processed prior to the scans and the memory went up to c.23MB for a few seconds before returning to the 16 to 18MB range. The 'double icon' in the System Tray seems only to have happened once with Windows 7 and not at all with Windows 8.1 and 10. Other than that, I cannot see any difference between running MBARW 428 on Windows 7, 8.1 or 10 as regards the excessive memory use problem.

Susan Bradly says "I often come across Windows computer systems that have been severely compromised, and more often than not the entry point for attack is through the Web browser. Sometimes I visit Settings, Apps in Windows and find unexpected programs installed. Often, these programs are malicious at worst, annoying at best. But it’s always a matter of concern that these programs are installed in the first place." https://www.askwoody.com/2021/browsing-your-way-to-more-security/ Isn't this what MalwareBytes Anti-Exploit is intended to prevent the Web Browser from doing?

I am presently enjoying Windows 8.1 endlessly churning away waiting for MS updates. The point of this comment is that Windows 8.1 and 10 are both affected with this when any prolonged task is in progress. The difference is that with Windows 10, Malwarebytes Service grabs a lot more memory than it does with Windows 8.1. The AV scan is just another heavy prolonged process, judging by the process information yioelded by Task Manager. The double System Tray icons have not been seen with Windows 8.1. All my systems are bang up to date. Windows 7 is immune to this as far as I can tell and with which the memory needs of Malwarebytes Service seem to max at 30 to 40MB.

I've been using the latest version of MBARW for several days. The high memory use only seems to occur with intense prolonged activity such as an AV scan. It does seem to stop increasing and then remains steady. The condition does not persist after a system restart. I use Windows 10 21H1 but also observed the problem with 20H2 early today. The reason why I was using 20H2 was because I had to revert to a backup system image. The double icon seems to appear after, say, an AV scan has been running for a while. I have not noticed the issue with previous versions of MBARW or Windows 10 but then I wasn't looking for it.

I use MBARW Beta. When I run an AV scan with either Panda Dome free 20.02.01 or Avast free 21.6, the memory required by the Malwarebytes Service can exceed 750MB with Windows 10 whereas with Windows 8.1 it can reach 150MB but with Windows 7 the memory occupancy is very modest at approx. 20MB. The systems are all 64 bit and operate with mandatory ASLR. I have noticed with Windows 10 that TWO MBARW icons appear in the system notification tray during the AV scans. I mention AV scans but the same issues seem to coincide during Patch Tuesday updates. What mainly catches my attention is the differences between the various versions of Windows, i.e. 7, 8.1 and 10.

Thanks Pedro. That is just what I wanted to read. Does the presence of a custom email shield, e.g. for Thunderbird, override the new shield for email clients? I have left the Thunderbird custom shield in place until I am certain of Thunderbird's status in MBAE since I cannot find a list of email clients catered for by MBAE 1.13.1.400.

Does MBAE implicitly recognise such applications as Thunderbird as email clients? I classify Thunderbird as 'Browser' in its user defined shield and so assume that scripts are already monitored. Is scripting abuse different in email clients compared with web browsers?

The vulnerable driver file seems to be absent for my venerable HP LaserJet 1100, there being no file named SSPORT.SYS in C:\Windows\System32\drivers\ The HP support stuff is completely incomprehensible to both of my brain cells

Borncity on the issue of Serious Vulnerability in Printer Drivers from HP, Xerox and Samsung This recently discovered problem actually goes all the way back to 2005. I doubt that fixes will be forthcoming. The thought occurs to me that MalwareBytes Anti-Exploit might be a means of applying such exploit protection to printer drivers in addtion to the existing protections already enjoyed by its users. Would this be possible?

These files in the Windows \ Temp folder invariably contain the folowing entry:- : Set service name to MB3Service The service name is MB3Service

Evolution has left my XP system behind. This doesn't worry me because it is most definitely not used to sensitive purposes. I have used it like I would drive a classic car since April 2014 and since when I have received MS security updates (POSReady and WEPOS) until August 2018 when Microsoft seemingly dropped pre-SSE2 processor support. POSReady and WEPOS updates never caused any problems. Since my first use of Windows in 1992, I have yet to experience the effects of malware on any of my Windows installations (all internet exposed since 1995) including XP.

Same outcome with MBAE 1.13.1.387 setup as with MBAE 1.13.1.384 setup.

Thanks Pedro. Got it!

I have found that the first link given to me for the download of the MBAE 1.13.1.384 now tells me that it no longer works. Pedro asked me to try this version of MBAE with XP. I am unable to do this.

I don't know how I managed to download the MBAE 1.13.1.384 setup file first time. I cannot logon to either the Malwarebytes person account or the box.com account. I guess that my Malwarebytes forum credentials are different. I do not have a box.com account.

Hi Pedro. I attempted installation of MBAE 1.13.1.384 but the installer now does a check on the host OS and Windows XP failed it.

I have discovered that MBAE 1.13 causes Windows XP SP3 to hang randomly, very occasionally but without warning. There is no obvious pattern with this behaviour. I regularly use MS Word 2003 on XP but rarely use Excel 2003 so when I recently did need to use it I found that it would immediately crash (as also did MS Publisher 2000). Word 2003 always runs without problems. After some floundering around, I ended up substituting MBAE 1.12.1.90 for the lastest MBAE version and those MS applications then ran properly and XP also stopped hanging. I only mention this as feedback on very good software whose latest incarnations have obviously moved beyond being suitable for use on a very old OS., i.e. Windows XP. I guess that this also applies to equally ancient applications.

Thanks jboursier. The mandatory ASLR issue with AdwCleaner and Windows 8.1/Windows 10 has been resolved and now works fine.

I wondered why this is. A signature for an executable file is some assurance of authenticity. I started this thread because I needed to add an exclusion to OSArmor to allow MBAE to update automatically so that I can prevent unwanted unsigned processes running in Windows temp folder. Not being as bright as I would like to think I am, this took a bit of time to get right but MBAE can at last happily update without OSArmor stopping the process. The OSArmor exclusion rule for MBAE update reads as follows:- [%PROCESS%: C:\Windows\Temp\is-*.tmp\mbae-setup-*.tmp] [%PARENTPROCESS%: C:\Windows\Temp\mbae-setup-*.exe] [%PARENTSIGNER%: Malwarebytes Inc] MBARW seems to be exempt from this fun, both at installation and at update.