Jump to content

pal1000

Members
  • Content Count

    71
  • Joined

  • Last visited

About pal1000

  • Rank
    Regular Member

Recent Profile Visitors

2,710 profile views
  1. Disabling malware protection seams to paradoxically help with slow DNS resolution. And disabling both malware and web protection is necessary to avoid hangs on logout and fast boots. Currently I am using Windows Defender with Malwarebytes without real-time protection. I also use NoScript and Malwarebytes Browser Guard in Firefox.
  2. I only have 1 computer running MB4 which is also the only computer running an insider build even though I haven't enrolled this computer into Windows insider program. No impact. I actually changed it to manual at some point and made no difference.
  3. I think some logs were missing because I ran the support tool with this issue in effect so downloads timed out. Attached FRST logs. I noticed some errors in Addition.txt that are more or less on the mark: - Error: (10/15/2019 05:10:18 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. - Date: 2019-10-14 20:43:57.969 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Consequences of the issue - Error: (10/14/2019 07:07:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. - Error: (10/12/2019 09:53:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:31:59 PM on ‎10/‎12/‎2019 was unexpected. FRST-Logs.zip
  4. Attached the logs. Some notes though: - I chose to disable ransomware protection by weighting protection need for my attack surface with potential for even more bugs like ones that existed in the past and my ability to respond to such an attack; - I also have Malwarebytes Anti-Exploit Beta 1.13.1.117. I chose to delay real time protection by 45s in Malwarebytes Anti-Malware to avoid the boot time race condition that can occur if both products are installed simultaneously. mbst-grab-results.zip
  5. Since I began testing MB4 I noticed one issue that can happen when Malwarebytes real time protection starts for the first time until Windows is rebooted. This may or may not happen. It's like a lottery. When it does happen it causes heavy delays to DNS resolution, without actually affecting network bandwidth. Also in this state 2 use scenarios can completely hang the system: - Windows is shutdown with fast startup enabled. In this case Windows takes almost double time than usual on shutdown and completely hangs on next startup to black screen with mouse cursor that is unresponsive too, - current user logs out. In this case Windows completely hangs to black screen before displaying the login screen. As an extra, when this issue occurs Malware protection cannot be turned off and if it's attempted the UI can no longer be opened. It probably hangs too.
  6. I installed this new beta and I noticed it still comes with Anti-exploit component 1.12.4.147 from January 8 which is a bit dated considering standalone Anti-Exploit 1.13.1.63 has been around since April 22 and there hasn't been any real issues and regressions reported with it according to anti-exploit beta thread. I personally used anti-exploit beta and MBAM at the same time despite not being a supported configuration as I have the necessary tech skill to avoid the startup race condition between Malwarebytes Service and Malwarebytes Anti-Exploit Service that can happen at boot time in this unsupported configuration.
  7. This issue actually started in 1.12.1.136. Sorry for not reporting it sooner. I thought this was caused by MBAE becoming a bit more unforgiving after the new chromium based browsers protection with the clever tricks I am using in my project to spawn an elevated Command Prompt from a standard one passing a parameter in the process to "transfer" a variable in the elevated context if UAC prompt is accepted and keep the standard cmd open waiting for user action even after the elevated cmd finishes and it is closed. I use Powershell to accomplish all this. Elevated cmd spawn calls with a variable value as parameter https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pythonpackages.cmd#L59 https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pythonpackages.cmd#L71 Code that runs with admin rights: https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pywin32.cmd It first receives the variable from the standard user context before proceeding any further.
  8. - manually allow the domain (and subdomain) listed in alert. I said manually because temporary and permanent allow links from alert are broken as well.
  9. Workarounds (pick at least one): - Install a stand-alone download manager (not a browser extension) and activate its browser integration for Firefox. It works on most cases. One obvious limitation is downloads from popup windows (ex: Windows update catalog), those may still fail. You can overcome even that if you activate Context menu element for the download manager integration extension and use it for downloads from popups. I personally use Free Download Manager v5 and it has all these features. - disable Malware/Scams protection on webpage with the download. DO NOT re-enable until the downloaded file is already launched otherwise Malwarebytes extension deletes it on completion. This also is unable to prevent blocking downloads from popups,
  10. No more crashes with 1.12.1.48 with Firefox 59.0.1 x64 on Windows 10 1709, It also fixed a false positive with JPCSP running under JRE 10 with Malicious outbound shell protection enabled.
  11. This Firefox crashes uptick has been noticed at Mozilla's end as well. Someone opened this bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1444019
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.