Blackberry445

I've read that if you run MWB and Norton 360 both in real time you should avoid collisions by excluding their key files from each other's real-time protection. Makes sense to me. I exclude mbam.exe, mbampt.exe, mbamscheduler.exe and mbamservice.exe from Norton's real-time scans (SONAR et al). I've read that the entire Norton 360 directory should be set as excluded within MWB, This strikes me as overkill. Not to sound too paranoid, but we are dealing with MALICIOUS software here and the Norton 360 directory is just like any directory: it could be accessed by malicious people who could plant a virus within the directory. I have excluded the Norton Engine folder, which contains only the current engine. In fact, I have been debating just excluding the engine exe itself, rather than the whole folder. Always remember: "Just 'cuz you're paranoid doesn't they ain't out to get ya!" What do your experts suggest?

Ok attaching as directed. I look forward to hearing your opinion! MBAM-log-2014-10-23 (18-06-59).txt

Have had this just happen on multiple computers on multiple different physical networks. Suspect a false report, especially as this same virus has been reported by MWB in other "legit" programs, as reported here in other posts. Is this confirmed as false positive? Can we restore SAS.exe?

OK will do, sorry. I just thought it had some relevance.

I just had Malwarebytes quarantine SuperAntiSpyware.exe on two different networks, reporting this same malware, Trojan.Agent.ED. One is a corporate installation of MWB and the other is a Premium. Like I said, two different networks. In both cases the SAS was a paid Premium version and MWB reported blocking malware at almost the same times 15 minutes apart on two different computers on two different Internet connections. This strikes me as a false detection triggered by a SuperAntiSpyware definition download. But at the moment I can't run SAS without removing it from quarantine. Should I do so??

PS: MWV above should read MWB. Not seeing a way to edit...! PPS: Oh, it's POSSIBLE that the extra instances of MWB arise when I do a right-click scan of a specific file or folder using MWB. I do this generally with anything I download. While I can't specifically say I've seen the extra instance "appear" right after that, it does seem this "multiple instance" behavior occurs mostly on the systems I use and I'm habitual about doing such discretionary scans. Never caused this problem in the previous version of MWB!

Hello I have 12 MWB 2.0 Premium licenses installed on several computers on 3 different networks in 3 different physical locations. I have seen multiple instances of the following behavior which I am reporting. 1. Malware Protection and Malicious Website Protection have been turned ON and later they appear as turned OFF, leading to the big red FIX NOW warning on the DASHBOARD. 2. I click the FIX NOW and nothing happens. SOMETIMES running a scan (which is always clean) allows me afterwards to turn them on. Sometimes NOT and the only fix is to reboot. 3. Multiple icons for MWB in the bottom right corner of the desktop confirming that MWB is running multiple times. Usually it's 3x, with different amounts of RAM being used in TASK MANAGER. Simple enough to close 2 of them but I don't feel comfortable doing this and continuing so usually I'm inclined to waste my time rebooting. I know the initial response will be that I am infected. Yet this has happened on multiple business systems and scans of Norton 360, MWV, SuperAntiSpyware and HouseCall reveal no problems. One of the systems is a totally isolated computer which we only use for Internet banking and it would be highly unlikely it could be infected. I do plan to reformat the HDD on that system and reinstall Win7 fresh, then load back on all my anti-virus and I'm going to monitor that one very carefully to see if this apparent MWB 2.0 "bug" appears there because it's the closest thing to a pure "test" environment I have. All systems are Win7 32-bit or 64-bit and all are kept religiously up to date. I run SANDBOXIE Internet sandbox browser on all of them as well. Look, I'm not averse to submitting logs or running any test programs you suggest. But I respectfully suggest there is some buggy behavior in MWB 2.0 going on here.Oh, I also instructed Norton to exclude the 5 key MWB .exe's from its coverage just in case this is caused by real-time protection conflicts between MWB and Norton, which certainly has been a problem in the past. Suggestions?

Hello What files should be excluded in Norton 360 in order to "safely" wun MWB Premier 2.0's real-time protection at the same time as Norton 360? I excluded the *.exe in the MWB directory but I thought I read that MWB-related .sys files under \system32\drivers need to be excluded as well. I'm running MWB under both 32-bit and 64-bit Win7 systems so I need to know if that makes a difference please. For what it's worth I also noted that Norton 360's history logs are showing activity being "blocked" for mbamservice.exe even though I have it specifically configured as excluded. That's why I'm wondering if .sys files need to be excluded as well. Any help would be mucho appreciated. Love the new 2.0 interface and features---it does handle much more smoothly than the previous version. Now I can even entrust others with doing some of the configuration work for our subscriptions!

Yes, I've been seeing IP addresses of the form 64.208.138.### with access attempts from high-level ports (49940,49953,49745,58295, etc) blocked my MWB Pro as well on several of my computers. I did some research and these IP addresses appear to trace back to an Internet advertising organization (names Level 3 Communications, Appnexus, Inc. and Adnexus) out of New York, ostensibly. I'm guessing these are attempts at popup ads which MWB is blocking. Are these legitimately "bad" sites? I'm fine with MWB blocking ANY popups, anyway; that's one reason I'm a big fan! I'm just curious since these warnings all started appearing today and they seem to popup from various unrelated sites from all kinds of genres.

I am using Norton 360 as well as Norton 360 Premier, both on current version 20.3.1.22. I will do as suggested, thanks for the info. Note that I use Norton as my firewall, replacing Windows own firewall. So you're saying I should excluse the named files within Norton's firewall, or is that automatic if I exclude it with respect to their anti-virus software?

Well, it may be a "tactic" but if there IS a conflict, then obviously this is an area of concern.... right? Now if you're saying it's a tactic to undermine a competitor's product and has no basis in fact, then that's a different issue. This would be lame though since I don't even think Norton contends that a user should rely SOLELY upon their product. I do see entries in Norton's logs showing blocking attempts by MWB to access certain Norton files. I also see "blocks" of SuperAntiSpyware activities. Should I configure Norton to ignore certain MWB files? (I'll let SAS speak for themselves on this topic.) If so, which files? I run MWB on various systems, XP and Win7, 32-bit as well as 64-bit. Thanks for your help. It's much appreciated. BTW, I did enable compatibility mode and seems to work fine now for ensuring readability of my posts!

This has been discussed in other threads and on Norton's forum. Norton is telling me that MWB conflicts with Norton's operation and MWB needs to be REMOVED. I've seen in other threads that you're looking into this and contacting Norton about resolution. In the meantime what do WE users DO? I run MWB Pro on several computers and I need to keep those systems protected. Should I temporarily remove MWB until an announced solution is reached? Should I just disable RT protection for the time being? Should I ignore Norton and leave things "as is"? I do notice that both programs SEEM to run their scans properly as per their log files. So I'm willing to believe Norton's claim is wrong. But I can't afford to have multiple systems with less than maximum protection and I seek guidance from you folks as to what to do while we await resolution. Unfortunately the threads already posted here give conflicting and varying advice so I would appreciate the best advice from the admins and experts here! Thank You! (PS: I'd also like to know why I can't start a new paragraph using the text editor in posting here like I used to be able to do before. I say "again" because I've seen this complaint raised by others.) I was able to insert breaks between paragraphs here by writing in Notepad and pasting here. Thanks for your help!

Doesn't happen often but a couple of times in the last week I saw a popup message from MWB saying that IP-Block had blocked an outgoing connection attempt to a certain IP address. The "offending" process was iexplore.exe. Yes, this happened while I was browsing the Internet---reputable news sites like CNN. MWB says it blocked the attempt, which is excellent! But should this be a concern? I ran scans right after using MWB, SuperAntiSpyware and Norton and other than the usual cookies, nothing was detected. Is this just "par for the course" when browsing the Internet? I use a fully updated IE on a Win7 system.

Helps a lot, thanks. I was getting worried. I do run scans often so caching to save run time makes a lot of sense.

Objects scanned: 224449 Time elapsed: 34 second(s) Can this be accurate? I am scanning on a i7 computer with 16gig of RAM. This is a QUICK SCAN. It sure is QUICK! I have PRO licenses on several different computers, running XP, Vista and Windows 7, some of them as slow as old dual-core systems. They require from 2 to 5 minutes for a QUICK SCAN. I run SuperAntiSpyware and Norton-360 on this system and those quick scans take between 2 and 5 minutes as well. Is MWB working correctly here?

I run a currently updated MWB Pro edition on XPSP3 Windows system. Just turned to look at screen and saw a small popup box on the desktop that said: [ Shell_NotifyIcon ] Failed to perform desired action. Error Code: 0. OH! for the days of meaningful error messages. Nothing was running and I just had finished a clean Quick Scan, maybe an hour earlier. Anything to worry about? Anything to check? Wait and it see if it recurs?

Thanks for your help.

Please provide following details, so that someone may be able to assist you: What is your current version of windows (XP, Vista, or Win7)? XP SP3 Is your windows OS 32-bit or 64-bit? 32-bit Is this in your home or company? home What is your OS Service Pack? current What version (if any) of MBAM are you running (current is 1.51.2.1300) and is it the Free or Pro version? Consumer, Pro, same as shown here What MBAM database version do you have now (current as of now is 8034)? same What brand and version of antivirus software do you have? Norton 360 V5 plus SuperAntySpyware (both kept current) What firewall software do you use if any? Norton Do you use any P2P (Peer to Peer) software such as Bittorrent, Utorrent or Skype? Skype Has your computer been infected recently, or is it currently showing any other abnormal behavior (browser redirects, IP blocks, etc.) to suggest an infection? No I did some research and the IP address involved is probably Skype. It's in Holland so at first that made me suspicious. But I've seen similar IP addresses linked to Skype in other posts. It would have been helpful if your log kept info on what program was having its IP activity blocked. I did notice you have a setting to record info from P2P programs so I checked that ON. Let's see if the log starts capturing "skype.exe" as the source of the blocked attempts. Thanks I will update in a day or so.

Hello Love your product, very happy with its performance. I do have a question. On one of our "pro" installations I found out that an outgoing web attempt was blocked by MWB as "potentially dangerous website." The IP address was logged and the time of the attempt but nothing in the log tells me what software or user attempted to make this connection. Is there anywhere in MWB logs to find out more info on why this happened? Thanks for any help in advance!

The bad thing is after disabling Norton and then downloading the Malwarebytes from the link above I then ran SuperAntiSpyware and it detected an infection of PUP.Startnow toolbar and I don't know where in heck I got that. SAS seems to have cleaned it but maybe that's from being on the Internet without Norton or MWB even for the time it took to download the MWB install file>?

Objects scanned: 169322 Time elapsed: 1 minute(s), 25 second(s) Does this make any more sense? That's after I did what you instructed. My Vista-64 bit machine, quad core ay 2.5Ghz with 4gig RAM scanned 169380 files in a Quick Scan in 2 mins 2 secs. My Vista-54 dual core with 3gig RAM Quick-scanned 167681 files in 3mins 13 secs. Those seem somewhat consistent in terms of CPU speed and resources. Or are these all crazy? I've been using your software for years and the Quick Scans have always been pretty quick... even on slower XP systems usually under 10mins. What u think?

Scan type: Quick scan Objects scanned: 168728 Time elapsed: 46 second(s) Running Malwarebytes on 64-bit Windows 7 Home Premium on a pretty fast system, Core i7 920@2.67GHz with 12gig RAM. I have no reason to suspect problems as my Norton, SuperAntiSpyware and Malwarebytes all report a clean system as does a just-completed TrendNet HouseCall online scan. But I run Malwarebytes on other systems I use and it takes a LOT longer to run. Of course, those are slower systems, from Vista-64 quad cores down to XP dual-cores. Can MWB really scan 168k files in 46 seconds, or about 4000 files a second?!

Actually it appears to be the reverse. When I DO execute silently, I DO get the mbam-log. It's when this option is UNchecked I do NOT get the mbam-log. Reassuring to know it's a known bug, though. Hope you can fix it soon!

I notice that when I schedule a scan using the programmed scheduler, I only get protection-log, never mbam-log. This is a bit troubling since protection-log only tells me the scan started successsfully. I need mbam-log to see the results. THAT is the important thing! I do suspect this problem can be fixed by checking "Perform scheduled scan silently from the system account." Because I have licensed copies installed in multiple locations and I notice I got the mbam-log ONLY at the location where I had accidentally checked this option. I'm OK with checking it at all locations but it seems rather counter-intuitive, and illogical, only to get the protection log, and not the "results log", when you don't check this option. Why not? Also, somewhat minor suggestion but worth making: allowing editing of scheduled task. Right now if you edit the setting of an existing task, you need to save it as a new task and then delete the predecessor task, in order to make your changes take effect. The first few times I edited a task, I made changes, clicked "CLOSE" and assumed I had edited the task. In reality, I had just wasted my time since clicking CLOSE just erases all changes made. In principle, this makes sense but some kind of warning would be helpful here, maybe also an indication that there is NO edit function and that to edit a task you essentially need to copy it, make a new task and then delete the old one. Great software overall, so don't take this so much as criticism as much as helpful suggestions!

Has this been been fixed? I'm still not getting any logs. Should I uninstall and reinstall?