Jump to content

pal1000

Honorary Members
  • Posts

    128
  • Joined

  • Last visited

Everything posted by pal1000

  1. I decided to try this experimental MBAE build linked here out of curiosity, but it didn't took me long to discover why it wasn't announced here, it crashes Command prompt no matter what shields or protection settings I disable. Reverting to MBAE 1.13.4.345 built into Malwarebytes premium makes issue go away.
  2. Issue came back. Apparently issue occurs after the following steps: - remove all scheduled scans; - create a quick scan schedule and don't change anything, just go ahead and confirm the scheduled scan. Outcomes - because scheduled scan date and time matches system date and time down to minutes, scan won't run and its scheduled time gets delayed by 5 mins over and over for about half a day; - During this half day check for updates button doesn't work and background intelligence updates don't trigger either. Issue goes away temporary - on restart; - after a few hours. Issue returns on its own - on logout / switch user; - on next boot if fast startup is enabled; - after a few hours. Restoring proper functionality This is tricky. Sometimes support tool succeeds in curing the problem, sometimes it fails. Same for normal uninstaller. Running both with reboots for each maximizes chances of success. mbst-grab-results.zip
  3. This can't be reproduced no matter what after clean installing from Oct 16. I think Support tool eliminated whatever persistent glitch occurred during components 1.0.1053-1.0.1070 beta cycle.
  4. Clean installed with support tool and the issue seams fixed. One thing I need to test is if the problem returns if I do a standard uninstall, reboot and reinstall. If it does come back then the culprit is the uninstaller.
  5. I was already on MB 4.2.1.89 Component 1.0,1070 stable as I did a clean install before opening this thread. Issue manifested shortly after install. mbst-grab-results.zip
  6. This issue seams to be triggered by threat intelligence updates. Also when issue is in effect threat intelligence updates, component updates and scheduled scans don't trigger. Issue fixes on its own after a day and half at most and can reoccur after another threat intelligence update. Issue can be triggered silently in the background, so if you don't check Settings About page the only clue hinting at something being wrong are the times when scheduled scans run. They'll run shortly after issue fixes on its own. This problem started around component 1.0.1045 or 1.0.1053. Clean installing doesn't help at all and issue can manifest immediately after a fresh install.
  7. These same five services being disabled is the root cause for these issues as well:
  8. If those aren't the cause then maybe one or more of these is: - dmwappushservice - SSDPSRV - fdPHost I still disable SMB via Windows Firewall, blocking ports 137-139, 445 outbound TCP and UDP..
  9. And finally this was also caused by those services being disabled. MB 4.2.0.82 Component 1.0.1025 hitting general availability gave me the opportunity to test this. This thread can be closed as all issues reported has been dealt with at my end with the exception of incomplete cleanup issue, which was known to Malwarebytes before this topic started. I wonder if Support tool should have a fix for LanmanWorkstation service. I am inclined to believe Malwarebytes relies on some SMB loopback communication. IP Helper may also be involved, but I don't see how.
  10. @exile360, as I found the root cause of this issue and neutralized it at my end, I think this topic can be closed.
  11. Tests I made clearly indicate that one of the tweaks I made to my system was responsible for this one. See https://github.com/pal1000/pal1000.github.io/commit/9ba400c0521a949ece3da93cfea9f0bb26832363 I then found batcmd.com website which has a very comprehensive catalog with information about Windows services all the way from XP to Windows 10 Version 2004, including default startup type, the exact kind of information to recover from this kind of problem.
  12. Tests I made clearly indicate that one of the tweaks I made to my system was responsible for this issue. See https://github.com/pal1000/pal1000.github.io/commit/9ba400c0521a949ece3da93cfea9f0bb26832363 I then found batcmd.com website which has a very comprehensive catalog with information about Windows services all the way from XP to Windows 10 Version 2004, including default startup type, the exact kind of information to recover from this kind of problem.
  13. Tests I made clearly indicate that one of the tweaks I made to my system was responsible for this one. See https://github.com/pal1000/pal1000.github.io/commit/9ba400c0521a949ece3da93cfea9f0bb26832363 I then found batcmd.com website which has a very comprehensive catalog with information about Windows services all the way from XP to Windows 10 Version 2004, including default startup type, the exact kind of information to recover from this kind of problem.
  14. Nice try but no boxes are checked there either for any potential files I mentioned above.
  15. The Support Tool only uses an HKCU\...\Run value as a backup. The default startup mechanism is a scheduled task. The Run value is created when the scheduled task creation fails. Are you performing a Clean/Repair in Safe Mode? No. Your OS version is being interpreted as Windows Vista or lower. We will look into this. Are there any compatibility flags set on the downloaded mb-support-{version}.exe file (or the browser with which you downloaded the file)? No. I checked with right click - Properties - Compatibility on both web browser shortcuts on Start and desktop respectively and on mb-support-1.7.0.827.exe. I even checked the unpacked mb-support.exe from %Temp%\mwb*.tmp\. It does, but only if the FRST executable is successfully downloaded when the tool is first launched. In your case, the file is not being downloaded successfully due to a network issue so FRST is not run when you gather logs. I wonder where it downloads FRST from. If I'd have the link I could test it with other DNS servers. Maybe a glitch with Cloudflare DNS. The %LOCAALAPPDATA%\mbam path is included as part of cleanup and in most cases is successfully cleaned up. We are however aware of a couple of issues and have defects filed, which we hope to address in a future update. The %Temp%\mbam and %Temp%\MBAMInstallerService.exe paths are intentionally not included as part of cleanup, so it's expected to see these paths remain. Thanks for clarifying that it's a known issue. In the meantime the annex thread ended with no evidence that anything is obviously wrong at my end.
  16. I'll wait for next Malwarebytes stable component update before clean installing as I did it recently and it doesn't seam to change anything. I'll create a support ticket after that as well. There is no rash as none of these issues are exactly blocker bugs. They all can be worked around one way or another.
  17. I tried putting FRST in same folder as MBST download folder, admin user download folder and temporary folder where MBST is unpacked. and no dice. Maybe it's supposed to be on admin user desktop. That I haven't tried. No, but I exported last Malwarebytes scan log as text and picked its filename to match scan end date and time in UTC. I am not that much worried about telemetry data being collected but rather the resource hog. Microsoft Compatibility telemetry starts running after roughly a week since a fresh Windows install, and then almost on every boot and on every software install and uninstall. On a computer with HDD it runs for 5-10 mins every time and uses the CPU and storage almost to the max. I disabled it with this. Simply disabling its scheduled task won't last long as Windows Updates reset it. All on purpose. None of them are actually defective or unstable. Most of them pose privacy or security risk if running all the time: I almost never use wired network connection. If I have to I can re-enable. I never used the integrated webcam. Too much privacy violation for my taste. This is actually Intel Display Audio but display isn't connected via HDMI or DisplayPort, so no audio goes through iGPU. In my current setup this device won't do anything. If I ever connect an external monitor, then I may have to enable it. The controversial Intel ME. With my IT security knowledge I see it susceptible to 2 theoretical classes of attacks: - attack from host OS through driver; - network attack against remote management. The latter only affects Intel VPro CPUs as far as I know. The former I mitigated by disabling this driver. I won't deny that this may have side effects. I heard that from ME10 or ME11 chipset powered multimedia hardware acceleration requires ME driver to be active. Bluetooth is a security nightmare. I prefer to prevent it from running as I am not using this kind of connection. Never attached a SD card to my PC, until then this stays disabled. Microphone also stays disabled most of the time. I disabled it in a way that makes it vanish from Device Manager. All the tweaks I applied are scripted here [1][2]. I haven't applied [3] as these are probably properly tied to maintenance now. They don't seam to run independently in Windows 10 Version 2004 anymore. If you think any of these are responsible please let me know. There are some glitches with various Malwarebytes components mainly causing slow resolving host issue which is very common for Malwarebytes 4.x and it's triggered under very precise circumstances: https://forums.malwarebytes.com/topic/262181-p2p-application-brings-back-slow-resolving-host-issue/ https://forums.malwarebytes.com/topic/262267-2-more-scenarios-that-can-lead-to-slow-resolving-host-and-potential-freezes/ https://forums.malwarebytes.com/topic/261935-pendingfilerenameoperationsnetwork-connections-slow-establishing-possible/ The last was fixed with component 1.0.990. Every time it happens it throws this in event log because Malwarebytes service gets stuck stopping.
  18. Created topic per request: https://forums.malwarebytes.com/topic/262297-throughly-diagnose-malwarebytes-support-tool-issues/
  19. Opening a thread here was requested by exile360 in this topic. Attached FRST and Malwarebytes threat scan logs according to protocol. FRST.txt Addition.txt threat-scan-log-7-30-2020-14_38.txt
  20. Spotted a regression with UI: some overlay windows won't open. Examples: add exclusion window. and exploit protection advanced settings window. Interestingly enough, overlay windows for adding and editing scheduled scans respectively, work as expected. mbst-grab-results.zip
  21. I drafted this report in this topic, but I think it deserves a topic of it's own for better visibility, especially as I discovered more issues. 1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0. 2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0. Screenshot attached. 3. MBST doesn't actually run FRST during logs collection, it just scrapes C:\FRST\Logs and grabs what's in there. If FRST never ran or its logs were deleted, logs would be incomplete. To have full logs you have to manually download and run FRST scan with default settings before running MBST. This is either a failure of MBST to grab and run FRST or UI is misleading about Run FRST step. Still reproducible with release 1.7.0. 4. Cleanup is incomplete. Still reproducible with release 1.7.0. This has been reported by other users in other topics. Mainly I spotted these locations not being deleted: - These are created for every user account who opened Malwarebytes UI %LOCAALAPPDATA%\mbam\ %Temp%\mbam\ - Created on admin account with which credentials Malwarebytes is uninstalled %Temp%\MBAMInstallerService.exe
  22. Scenario B - Disable start with Windows is reproducible without fast startup too. We'll see about scenario A - Firefox uninstall at some point. I also gathered logs for scenario B. mbst-grab-results.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.