.jpg.9677e5689bab176f751e57ec4ce6e9a4.jpg)
Rsullinger
-
Posts
533 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Rsullinger
-
-
Hello Sportflyer,
Thank you for confirming that. I want to have you run a system diagnostic tool for me so I can see what else is installed that may cause this. To do this:
1: Please download FRST from the link below and save it to your desktop:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.
3: Click the Scan button
4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
Thank you,
-
Hello Bonvant,
That is exactly what I needed, thank you. Do you know when approximately it occurred? For example, was it right when you collected these logs? I ask because I notice the protection is actually working in the background. However, I am seeing chrome entries a lot of the time. Is chrome the main browser you are seeing do this?
-
Hey Sportflyer,
I mentioned in my prior post, but do you know if your computers preformed windows updates prior to you rebooting on that day?
-
Hello Td47,
I want to have you collect me some system diagnostic logs as well so I can see what would be causing this for you. To do this, I am going to have you run a tool called FRST that will collect the information I need. Use these instructions to grab the logs:
1: Please download FRST from the link below and save it to your desktop:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.
3: Click the Scan button
4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
-
Hey Bonvant,
The log I would be looking into may have been overwritten by now depending on how often you open and close apps so they become protected. You can collect the logs and I can see, but just wanted to let you know the possibility of that before hand.
-
Hello Bonvant,
No problem. If it does happen again as well, make sure to get those logs too so I can compare them. Your settings look good so it seems like the protection starting up may be the issue. But we can take a closer look at that.
-
Hello Bonvant,
I want to have you check something for me. Can you go to the settings pane and see what portions of the product is checked there? Along with this, to confirm the protection is working I want to have you collect the logs from this link:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
-
Hello Sportflyer,
Sorry for the delay in this. Like you are seeing, I am seeing the same thing in the log:
Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit process will be terminated.
Did you happen to have windows updates occur prior to shutting down your computer Thursday/Friday? If so, have you rebooted your computer since then? I wanted to see if this could be due to an issue we have seen before with windows updates delaying our product from starting correctly on boot.
-
Hello BostonBerry,
The easiest way to check would be to close chrome completely and then check task manager. You can do this by right clicking on the task bar at the bottom of the screen and choose the option for Task Manager. If you have not used it prior, you will want to click the drop down for More Details. That will give you a detailed view of all the running processes. After that, you can click on the 'name' column at the top so you can search the list easily by name in alphabetical order. Once you do that, search to see if any google chrome entries are open. I would confirm first if this is happening. A couple of those extensions may be open after the window closes so this would be mainly to check if that is the case first. We can then pinpoint the app afterwards.
-
Hello Sportflyer,
Good to hear! A clean re-install is usually a good first step for this. As well, the latest version of anti-exploit has a fix to an issue with that anniversary update where Microsoft requires secondary signing of drivers from them. Let us know if you have any other issues!
-
Hello BostonBerry,
On the laptop, do you have any addons or plugins for chrome that stay open even after you close the program? Some chrome plugins stay open even after the browser is closed. Since our program is still injected into the chrome process because of this, it won't trigger a new banner when you open up chrome again. Can you just confirm if that is the case in task manager as well?
-
Hello Sportflyer,
You will want to use this link here:
https://downloads.malwarebytes.org/file/mbae
You should just be able to download it like normal. If it fails after installing that version of the product, then I want to have you collect the logs mentioned here:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
That will give us more information on the issue.
-
Hello TimmyLeeTurner,
Everything seems to be starting correctly in regards to the drivers for our program. So I am not seeing that being the issue. I want to have you collect a diagnostic log called FRST.
Download frst from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Once you download it, run the executable and click the 'scan' button. When it is finished it will open up two logs. Either find the logs in the location that you ran the executable or save those logs and attach it to this post.
-
Hello DarwinMartin,
No problem. We will want to see the logs from our program to see what is causing this. If you don't mind, can you have your customer collect these logs:
- Click on Start
- Click on Computer
- Double-click C:\ > ProgramData
- Right-click the Malwarebytes Anti-Exploit folder
- Click Send to > Selected Compressed (zipped) folder
- A .zip file will be created in the ProgramData
- Drag the newly created zipped file to your desktop and send it to us.
Also, if you would like to handle this through PM's or through e-mail instead, just send me a PM and we can do that instead.
-
That is correct. 1180 has fixes to IE crashing issues. You can download it from the sticky or from this link:
https://malwarebytes.box.com/s/wlp57iemiaor3mvx85co34gt6hb5ooup
-
Hello Hydropepon,
That may be the case. Let me research something on my side and to see if I can reproduce this.
-
Hey John,
I have had another customer with some of the same issues. If you are using the mail-merge toolkit, I would look for the latest update. He mentioned he downloaded that and it fixed the issue for him that we initially thought was an MBAE issue as well.
-
Hello Guitar-Picker,
I do apologize for the delay in this. It looks like this post may have been moved and got buried because of that. Normally the service for anti-exploit should start the protection when the computer is booted up. So if that is not happening, then I would like to do some more troubleshooting. Do you mind getting me these logs found in this post:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
-
Hello TomB,
I am glad to hear you got it working for you. The MBAE test tool just tests to see the protection is running and working correctly. It doesn't go through every protection layer and setting to test if they are blocked. -
Hello Mpawlowski,
Do you mind collecting the logs mentioned in this posts:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
The logs have a log we can look into for more information so reproduce the issue and then collect the logs so we can look into that.
-
Hey Hydropepon,
It seems the log I am trying to look at in the anti-exploit zip was corrupted some how. Can you try grabbing them and attaching them again? If they were emailed to you, the file may have been stripped by email filter.
-
Hello John,
Do you have a time stamp on when this became unresponsive to the point you had to hard shutdown? If possible, do you mind grabbing the application, system, and security logs from event viewer. You can use these instructions to do so:
-
Start Event Viewer by opening up the run menu ( press windows key + R) and type in eventvwr.
-
In the console tree, navigate windows logs and find the log you want to archive.
-
Right click on the event log and click Save Events As .
-
In File name , enter a name for the archived log file.
-
In Save as type , select a file format, and then click Save .
-
-
Hello Fortsand,
No problem. Please let us know if you run into any other issues!
-
Hello Doug,
No problem! Let us know if you run into any other issues.
Thank you,
MBAE crashes Chrome when PDF download attempted
in Anti-Exploit Beta
Posted
Hello Td47,
It seems like this may be a conflict with your Trusteer endpoint protection. All we need to do to make these two programs play nice is to just make a change in anti-exploit. In the tray icon, find the anti-exploit icon (it will be an orange shield) and open it up. From there, go to the settings tab and click on the advanced settings button. Go to to OS bypass tab and uncheck the chrome browser settings for 'call ROP 32" and 'Call ROP 64'. Then, go to the advanced memory protection an disable the malicious return address detection for chrome.
Once you do that, try it again and see if it fixes the issue.