Jump to content

pal1000

Members
  • Content Count

    112
  • Joined

  • Last visited

About pal1000

  • Rank
    Advanced Member

Recent Profile Visitors

3,469 profile views
  1. Nice try but no boxes are checked there either for any potential files I mentioned above.
  2. The Support Tool only uses an HKCU\...\Run value as a backup. The default startup mechanism is a scheduled task. The Run value is created when the scheduled task creation fails. Are you performing a Clean/Repair in Safe Mode? No. Your OS version is being interpreted as Windows Vista or lower. We will look into this. Are there any compatibility flags set on the downloaded mb-support-{version}.exe file (or the browser with which you downloaded the file)? No. I checked with right click - Properties - Compatibility on both web browser shortcuts on Start and desktop respectively and on mb-support-1.7.0.827.exe. I even checked the unpacked mb-support.exe from %Temp%\mwb*.tmp\. It does, but only if the FRST executable is successfully downloaded when the tool is first launched. In your case, the file is not being downloaded successfully due to a network issue so FRST is not run when you gather logs. I wonder where it downloads FRST from. If I'd have the link I could test it with other DNS servers. Maybe a glitch with Cloudflare DNS. The %LOCAALAPPDATA%\mbam path is included as part of cleanup and in most cases is successfully cleaned up. We are however aware of a couple of issues and have defects filed, which we hope to address in a future update. The %Temp%\mbam and %Temp%\MBAMInstallerService.exe paths are intentionally not included as part of cleanup, so it's expected to see these paths remain. Thanks for clarifying that it's a known issue. In the meantime the annex thread ended with no evidence that anything is obviously wrong at my end.
  3. I'll wait for next Malwarebytes stable component update before clean installing as I did it recently and it doesn't seam to change anything. I'll create a support ticket after that as well. There is no rash as none of these issues are exactly blocker bugs. They all can be worked around one way or another.
  4. I tried putting FRST in same folder as MBST download folder, admin user download folder and temporary folder where MBST is unpacked. and no dice. Maybe it's supposed to be on admin user desktop. That I haven't tried. No, but I exported last Malwarebytes scan log as text and picked its filename to match scan end date and time in UTC. I am not that much worried about telemetry data being collected but rather the resource hog. Microsoft Compatibility telemetry starts running after roughly a week since a fresh Windows install, and then almost on every boot and on every software install and uninstall. On a computer with HDD it runs for 5-10 mins every time and uses the CPU and storage almost to the max. I disabled it with this. Simply disabling its scheduled task won't last long as Windows Updates reset it. All on purpose. None of them are actually defective or unstable. Most of them pose privacy or security risk if running all the time: I almost never use wired network connection. If I have to I can re-enable. I never used the integrated webcam. Too much privacy violation for my taste. This is actually Intel Display Audio but display isn't connected via HDMI or DisplayPort, so no audio goes through iGPU. In my current setup this device won't do anything. If I ever connect an external monitor, then I may have to enable it. The controversial Intel ME. With my IT security knowledge I see it susceptible to 2 theoretical classes of attacks: - attack from host OS through driver; - network attack against remote management. The latter only affects Intel VPro CPUs as far as I know. The former I mitigated by disabling this driver. I won't deny that this may have side effects. I heard that from ME10 or ME11 chipset powered multimedia hardware acceleration requires ME driver to be active. Bluetooth is a security nightmare. I prefer to prevent it from running as I am not using this kind of connection. Never attached a SD card to my PC, until then this stays disabled. Microphone also stays disabled most of the time. I disabled it in a way that makes it vanish from Device Manager. All the tweaks I applied are scripted here [1][2]. I haven't applied [3] as these are probably properly tied to maintenance now. They don't seam to run independently in Windows 10 Version 2004 anymore. If you think any of these are responsible please let me know. There are some glitches with various Malwarebytes components mainly causing slow resolving host issue which is very common for Malwarebytes 4.x and it's triggered under very precise circumstances: https://forums.malwarebytes.com/topic/262181-p2p-application-brings-back-slow-resolving-host-issue/ https://forums.malwarebytes.com/topic/262267-2-more-scenarios-that-can-lead-to-slow-resolving-host-and-potential-freezes/ https://forums.malwarebytes.com/topic/261935-pendingfilerenameoperationsnetwork-connections-slow-establishing-possible/ The last was fixed with component 1.0.990. Every time it happens it throws this in event log because Malwarebytes service gets stuck stopping.
  5. Created topic per request: https://forums.malwarebytes.com/topic/262297-throughly-diagnose-malwarebytes-support-tool-issues/
  6. Opening a thread here was requested by exile360 in this topic. Attached FRST and Malwarebytes threat scan logs according to protocol. FRST.txt Addition.txt threat-scan-log-7-30-2020-14_38.txt
  7. Spotted a regression with UI: some overlay windows won't open. Examples: add exclusion window. and exploit protection advanced settings window. Interestingly enough, overlay windows for adding and editing scheduled scans respectively, work as expected. mbst-grab-results.zip
  8. I drafted this report in this topic, but I think it deserves a topic of it's own for better visibility, especially as I discovered more issues. 1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0. 2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0. Screenshot attached. 3. MBST doesn't actually run FRST during logs collection, it just scrapes C:\FRST\Logs and grabs what's in there. If FRST never ran or its logs were deleted, logs would be incomplete. To have full logs you have to manually download and run FRST scan with default settings before running MBST. This is either a failure of MBST to grab and run FRST or UI is misleading about Run FRST step. Still reproducible with release 1.7.0. 4. Cleanup is incomplete. Still reproducible with release 1.7.0. This has been reported by other users in other topics. Mainly I spotted these locations not being deleted: - These are created for every user account who opened Malwarebytes UI %LOCAALAPPDATA%\mbam\ %Temp%\mbam\ - Created on admin account with which credentials Malwarebytes is uninstalled %Temp%\MBAMInstallerService.exe
  9. Scenario B - Disable start with Windows is reproducible without fast startup too. We'll see about scenario A - Firefox uninstall at some point. I also gathered logs for scenario B. mbst-grab-results.zip
  10. I haven't tested these without fast startup, but I will with next opportunity, next Firefox point release or next component update, whichever happens first. UPDATE: I already spotted a new beta, component 1003 announced. I'll thoroughly test scenario B, tomorrow. It's 22:18, here. Scenario A will wait for better timing.
  11. Both these scenarios assume Malwarebytes has real-time protection enabled. Scenario A: Firefox uninstall Steps to reproduce: 1. Backup whatever you want to keep from Firefox profile(s); 2. Run Firefox with -p command line argument to open profile manager; 3. Remove all profiles including their files; 4. Uninstall Firefox Uninstaller may hang close to end. Apparently Malwarebytes malware protection hangs too. There is a symptom that hints to this. See next paragraph. This leads to: slow resolving host in any program that is launched after issue takes hold and makes network connections; Windows Security app takes abnormally long to display its content if Malwarebytes is set to register with it, indicating a anti-malware provider detection time out; potential freezes when logging out, resuming from hibernation and fast startup; Farbar recovery scan tool hangs during other areas scanning. I don't know anything about what putting to sleep in this case leads to. I prefer to disable sleep. Logs for this scenario are attached. FRST logs may be incomplete for reason mentioned above. Problem goes away on reboot. I know this issue trigger existed for months but other more common and frequent triggers took priority. Scenario B: Disable start with Windows Steps to reproduce: 1. From Malwarebytes UI disable start with Windows; 2 Reboot; 3. Log in wait for system to become idle; 4. Launch Malwarebytes using shortcut from Start. You'll experience same symptoms from scenario A with the exception of Windows security app glitch. I don't know how FRST behaves in this scenario as I didn't collect logs for it. sorry. In this case anti-malware protection is unlikely to be the component responsible. Malwarebytes appears in Windows Security app as anti-malware provider if registered with this trigger in effect. Re-enabling start with Windows and rebooting makes the problem go away on next boot. mbst-grab-results.zip
  12. While Acestream wasn't running I added Application Web process exclusion for %AppData%\ACEStream\engine\ace_engine.exe then re-enabled web protection. When I re-launched Acestream, issue didn't manifest. No reboot was necessary. Thanks for reminding me of exclusion system which totally slipped my thought. It looks like Acestream is causing web protection driver to hang. In addition to slow resolving host there other symptoms that point to an unresponsive driver: - freeze to black screen when logging out; - long shutdown and freeze to a black screen with an equally frozen mouse cursor on next boot if fast startup is enabled. The latter clearly indicates failure of web protection driver to resume from hibernation. Anyway, the exclusion workaround is reasonable. I'll keep watching to see if other users or staff members can reproduce. Acestream became popular for TV online after SopCast slowly died between February and May.
  13. Encountered when running Ace stream engine for Windows. You don't have to do anything special to reproduce after installing. You don't need to play any channel so you don't need any channel link. You may be prompted from your firewall as Acestream wants to open port 6878 for streaming and 8621 for broadcasting. Also you don't have to allow it either. Issue should start manifesting after you close and reopen web browsers and/or CLI tools which use network connections. Fast startup / hibernation has no impact on this issue. Disabling web protection helps but only if you do it before issue happens. If Acestream is set to run on start up not even a clean install of Malwarebytes will help you. mbst-grab-results.zip
  14. It took 2 days with 2 batches of PFRO from Malwarebytes and slow resolving hosts issue and other connected glitches didn't happen. I think it's caused by hibernation in any form (ordinary hibernation or fast startup). Doing either just once is enough for issue to trigger in 2 days. Hearing that others had success with component 1.0.990 I decided to play braver: - Enrolled in beta channel and performed component update; - Enabled fast startup as I am on HDD; - Re-enabled optional scanning settings and optional anti-exploit settings for browsers and chromium-based browsers; - Changed UAC back to maximum protection. - Rebooted to ensure component update is in effect even though it didn't ask for full system restart and it didn't create any PFRO.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.