Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Thanks for offering to look at this, Porthos. In case this helps anyone else, the problem seems to have been caused by my VPN provider, Windscribe. Even when the VPN wasn't set to start automatically -- the icon didn't even appear in the task tray -- I frequently saw these warning messages from MBAM. A few days ago I uninstalled Windscribe and the problem has stopped, even after I installed a different VPN provider (NordVPN). I haven't seen the message since uninstalling Windscribe. It's strange that a theoretically-inactive VPN layer would interfere with MBAM's updates, but it appears to have been the case.
  2. Every morning when I start my computer, MBAM's taskbar icon shows a red exclamation mark. A while later I get a pop-up warning me that my definitions aren't current. If I open MBAM, it downloads and applies the new definitions. Under Settings > Application > Application Updates, both options are enabled. Why does it make me take manual action to update definitions? Other AV programs update automatically.
  3. Thank you for confirming. HItmanPro doesn't seem to have a support forum, but I forwarded the information (and a link to this post) to their support address, support@hitmanpro.com
  4. I'm using safe mode with networking. Would it help to submit the file somewhere?
  5. I'm using safe mode with networking. Would it help to submit the file somewhere?
  6. Thanks for investigating. When I try to save a logfile in safe mode, after I select the location for the file, HitmanPro crashes to desktop with "HitmanPro 3.7 has stopped working". No logfile is saved. When I try to save a logfile in normal mode, I'm able to save it... but in normal mode, mbae64.dll doesn't get flagged as suspicious. I've attached a file with the information I'm able to get from HitmanPro (the same as from my original post). HitmanPro mbae64.dll.txt
  7. Hitman Pro is flagging c:\windows\system32\drivers\mbae64.sys as a suspicious file. I'm posting here because that's an MBAM file, and I think an MBAM expert might be able to confirm it's not really a problem. My reason for thinking this follows. I've scanned the file with MBAM and Norton (both in safe mode), and with three online meta-scanners like Virus Total. All of them say the file is fine. Hitman Pro only flags mbae64.sys when I run Windows in Safe Mode. Here's what I suspect: in Safe Mode, some MBAM service/process doesn't start. That service would normally keep other AV programs from flagging mbae64.sys, so this isn't really a problem. But I'm not sure and am a little concerned. Can anyone confirm whether my Safe Mode explanation sound correct, or possibly confirm the file has a valid hash (below)? Here's why Hitman Pro says mbae64.sys is suspicious: Properties Name mbae64.sys Location C:\WINDOWS\system32\drivers Size 75.6 KB Time 25.8 days ago (2017-08-28 18:17:45) Authenticode Valid Entropy 6.4 RSA Key Size 2048 Service ESProtectionDriver SHA-256 CA3EB6AB127A01311DA1C7CE3A2F4C2C3E3641F45718CFCA0F8AED7235BE910D Scoring (24.0) The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Starts automatically as a service during system bootup. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Startup HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver\
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.