Jump to content

pal1000

Honorary Members
  • Posts

    139
  • Joined

  • Last visited

Posts posted by pal1000

  1. cfglobalcdn.com is the CDN of netu.tv video hosting website. As an extra problem netu.tv always uses subdomains of cfglobalcdn.com so allowing cfglobalcdn.com doesn't seam to help. I find it odd the inability to include subdomains when allowing websites on such a long term developed security software like Malwarebytes.

     

    Screenshot 2023-06-26 183606.png

    Screenshot 2023-06-26 184208.png

    Screenshot 2023-06-26 184502.png

  2. 4.5.9.198 CP 1.0.1672 may also be affected but I didn't get to test it and now it's too late as CP 1.0.1672 was only available in beta and never made it to stable.

    Issue only starts manifesting when re-installing so upgrading from an unaffected product version and CP hides the problem.

    4.5.9.198 CP 1.0.1683 beta is still affected.

    Snippet from Addition.txt

    ==================== Event log errors: ========================
    
    Application errors:
    ==================
    Error: (05/13/2022 10:39:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:43 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:38 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:33 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:28 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:23 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
    
    Error: (05/13/2022 10:39:18 PM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

    I have good explanations for the other errors reported by FRST and I can provide them if necessary.

    mbst-grab-results.zip

  3. 3 hours ago, RTL434 said:

    @pal1000 @1PW Well I don't think I will be in this situation but since I will be removing Malwarebytes temporarily to use my Win 10 for another test,  I was curious as to what would happen.   I was currently on the 4.5.3.162 beta and deactivated it to free.  Restarted the PC and then activated the license. No problem---back as 4.5.3.162.  Only thing I can see that happens is that the Enable Beta  option has been reset.

    That's normal because you can only enable beta updates when premium is activated.

     

    3 hours ago, RTL434 said:

    I was going to zip up the pictures and post them as a zip file but don't know if that leaves them accessible to "ordinary members" or only Staff/Moderators can view them.  Maybe someone could enlighten me as regards that for the future.   Have temporarily stored them here in my BT Cloud.  

    Those pictures don't help much. nothing stood out to me there. Also judging by the fact you couldn't reproduce following the alternative steps which comply with Malwarebytes supported usage, it means the hang may only happen when activating from Malwarebytes `Getting started` screen.  If so the upgrade process itself hides the issue so the alternative and supported steps fail to reproduce the issue. However this issue may surface to supported usage when/if Malwarebytes v4.5.3.162 CU 1.0.1579 gets promoted to stable.

  4. Prerequisite

    - Malwarebytes online installer v4.5.3.263 or newer. Note that this is only available by enrolling in beta at the moment I am writing this. It gets downloaded in "C:\ProgramData\Malwarebytes\MBAMService" under a folder which name begins with "In". Copy it somewhere readily available.

    Steps

    - Uninstall Malwarebytes normally or via Support Tool;

    - Run Malwarebytes online installer with undocumented command line option to install beta program directly*;

    - Try activating license either via providing the key or by logging in, both activation means reproduce the problem.

    Note (*)

    I am aware this is unsupported and probably only Malwarebytes developers are supposed to know how to do this step, but this will become a real issue if/when Malwarebytes v4.5.3.162 CU 1.0.1579 hits general availability.

  5. Issue came back. Apparently issue occurs after the following steps:

    - remove all scheduled scans;

    - create a quick scan schedule and don't change anything, just go ahead and confirm the scheduled scan.

    Outcomes

    - because scheduled scan date and time matches system date and time down to minutes, scan won't run and its scheduled time gets delayed by 5 mins over and over for about half a day;

    - During this half day check for updates button doesn't work and background intelligence updates don't trigger either.

    Issue goes away temporary

    - on restart;

    - after a few hours.

    Issue returns on its own

    - on logout / switch user;

    - on next boot if fast startup is enabled;

    - after a few hours.

    Restoring proper functionality

    This is tricky. Sometimes support tool succeeds in curing the problem, sometimes it fails. Same for normal uninstaller. Running both with reboots for each maximizes chances of success.

     

     

     

     

    mbst-grab-results.zip

  6. This issue seams to be triggered by threat intelligence updates. Also when issue is in effect threat intelligence updates, component updates and scheduled scans don't trigger. Issue fixes on its own after a day and half at most and can reoccur after another threat intelligence update.  Issue can be triggered silently in the background, so if you don't check Settings About page the only clue hinting at something being wrong are the times when scheduled scans run. They'll run shortly after issue fixes on its own.

     

    This problem started around component 1.0.1045 or 1.0.1053. Clean installing doesn't help at all and issue can manifest immediately after a fresh install.

  7. On 8/4/2020 at 5:45 PM, pal1000 said:

    2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0.

    And finally this was also caused by those services being disabled. MB 4.2.0.82 Component 1.0.1025 hitting general availability gave me the opportunity to test this.

     

    This thread can be closed as all issues reported has been dealt with at my end with the exception of incomplete cleanup issue, which was known to Malwarebytes before this topic started. I wonder if Support tool should have a fix for LanmanWorkstation service. I am inclined to believe Malwarebytes relies on some SMB loopback communication. IP Helper may also be involved, but I don't see how.

  8. On 8/4/2020 at 5:45 PM, pal1000 said:

    1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0.

    This was also caused by certain services being disabled.

  9. On 7/30/2020 at 12:43 PM, pal1000 said:

    Scenario B - Disable start with Windows is reproducible without fast startup too.

    Tests I made clearly indicate that one of the tweaks I made to my system was responsible for this one. See https://github.com/pal1000/pal1000.github.io/commit/9ba400c0521a949ece3da93cfea9f0bb26832363

    I then found batcmd.com website which has a very comprehensive catalog with information about Windows services all the way from XP to Windows 10 Version 2004, including default startup type, the exact kind of information to recover from this kind of problem.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.