Jump to content

pal1000

Honorary Members
  • Posts

    139
  • Joined

  • Last visited

Everything posted by pal1000

  1. Wireless driver is newer than what Dell provides, it's Qualcomm's generic driver for their 802.11b/g/n 2.4GHz cards from MUC. Dell Wireless 1703 is a Qualcomm based card. Anyway the driver is from July 2019, long before this MB problem came into existence. I just checked, no newer driver is available on Dell or MUC website. BIOS is up-to-date at A16.
  2. Yes, I have a habit of disabling devices that I don't use or that I use very rarely especially when representing privacy or security risks: - Realtek PCIe FE Family Controller is disabled because I almost always connect through wireless adapter; - webcam and microphone are disabled until needed, privacy risk; - Intel display audio driver is not installed and appropriate device is disabled because I don't connect external monitors, there is no HDMI or DisplayPort connection involved; - never used card reader functionality so I disable it; - bluetooth is a security nightmare and same is Intel Management engine. There are some edge cases where Intel ME may be needed but they mostly have to do with CPUs from newer generations.
  3. I knew for months that slow DNS resolution can be caused by either malware or web protection and sometimes both simultaneously. I almost always keep ransomware protection off and exploit protection and self defense seam to be the most stable parts. Here is a set of logs with active slow DNS resolution caused by web protection. I made sure FRST logs are in there. It looks like support tool hasn't produced FRST logs even when slow DNS resolution problem was inactive. Web protection was already set to off when logs where collected, but due to this problem causing affected drivers to be unresponsive to stop command, it was still running. I'll be back with similar logs for malware protection. There, the slow DNS resolution happens on next boot after a definition update causes pending file operations for files under C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins as spotted in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager mbst-grab-results-web-protection-problem.zip
  4. Tested with both ransomware and web protection off and it turns out I didn't have to wait long for issue to manifest. Just like last time a definition update caused pending file operations, then on next boot slow DNS resolution manifested again, but slightly less severe thanks to web protection being off, With issue in effect I disabled MB start with Windows, rebooted and collected logs with support tool. mbst-grab-results.zip
  5. Ransomware protection was already off during the whole time I waited for this issue to strike. I'll test with web protection off, but due to the nature of this issue it could take anywhere between 1 day and 2 weeks with possibility to take even longer if component updates are released to either beta or stable channels.
  6. I experienced slow DNS resolution occurring on next boot after a random MB definition update caused Pending File Operations affecting C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins I stopped MB from starting with Windows, rebooted to help Support Tool with FRST download and collected logs. Maybe it helps. This mbst-grab-results.zip
  7. This issue is far from being unique to you @re11ding, there are plenty of threads on both Malwarebytes for Windows beta and this forum about slow DNS resolution, it just happened for you to notice that service is hanging on stop when issue is in effect which I was aware of for a long time. I personally believe every single component update of MB4 is affected, including initial beta releases. I don't know why, but I recall experiencing this issue once with MB 4.0.4 CU 1.0.750 as well. This issue has many potential triggers that I noticed which makes it hard to avoid: - full Windows shutdown with Malwarebytes running in any form (this includes shutdown with fast startup disabled, fast startup override with SHIFT key on showdown and restart operations); - any kind of Malwarebytes scan (it doesn't matter if it's manual or scheduled or what type of scan is); - component updates or full software updates. I didn't know about sleep as I never use it. I prefer hibernation which doesn't trigger this issue.
  8. Since switching to web installer sometime during MBAM 3.8.x cycle, Malwarebytes reps stopped posting beta installers for clean installation. Some power users weren't happy, but the question about why remained. The surprising answer is that, they don't have to do it anymore. The web installer has a "secret" command line option that instructs it to download beta program and components instead of stable: MBSetup.exe /channel beta Malwarebytes software runs web installer with this "secret" command line argument when performing a beta full software update, like the recent 4.1.1.71. I found this via UAC prompt after engaging the update and then I saved the juicy command line argument with Process Explorer while installer was waiting for my input. Beside this detail, the beta clean install procedure overall is straightforward: - if a beta full software update is involved backup MBSetup.exe from %ALLUSERSPROFILE%\Malwarebytes\MBAMService\InstUpdate or else download latest web installer from Malwarebytes; - if applicable, uninstall Malwarebytes, either normally, via Support tool or both; - Run web installer obtained at first step with command line argument from code box above; After installation is done, if you want to keep receiving beta updates, you have to re-enroll, otherwise you won't get full software and component updates until stable branch catches up and exceeds your beta by at least a component update or full software update.
  9. First spot where Firefox releases usually appear: https://ftp.mozilla.org/pub/firefox/releases/ I think that's where Majorgeeks and others are finding releases with a fewer hours sooner than official announcement. This is nothing new. I recall things being like this for many years.
  10. Update 4/13/2020 22:57 As this issue can be caused by both malware and web protection, the symptoms vary depending on which of them or if both stop responding when Malwarebytes starts, DNS resolution issues being common theme and most noticeable, but they are just a part of the whole picture. List of all symptoms I encountered so far, not all of them manifesting simultaneously: - slow DNS resolution everywhere, probably caused by web protection; - temporary slow DNS resolution in web browsers that goes away after a few minutes but it's permanent in other programs and returns in web browsers when restarting them and then goes away again, probably caused by malware protection; - Windows security app takes minutes to display its contents, probably caused by malware protection; - visual basic scripts executed from Command Prompt take minutes to run even if they have very low complexity, probably caused by either of these problematic protection modules (extra: it is impossible to get MSYS2 packages updates due to permanent connection time outs); - Malwarebytes UI can no longer be opened after performing exactly 2 protection state switch operations via tray icon of any protection module(s), either same or distinct until Windows is restarted, if at least one of these problematic protection modules is acting up, with last protection state switch operation being unsaved and thus being lost and reverted on next Malwarebytes startup; - Windows hangs to an empty black screen if currently signed in user logs out, probably caused by either of these problematic protection modules; - if fast startup is enabled and it's not overridden by SHIFT key, Windows can hang on next boot to a black screen, probably caused by malware protection; - if fast startup is enabled and it's not overridden by SHIFT key, Windows can hang during shutdown after display disconnect step or next boot to a black screen and frozen mouse cursor, probably caused by either of these problematic protection modules; - attempting to stop any of these symptoms by quitting Malwarebytes via tray icon or by stopping Malwarebytes Service from Microsoft Management Console Services snap-in results in Malwarebytes Service getting stuck stopping until Windows is restarted and the annoying symptoms not getting better, probably caused by either of these problematic protection modules.
  11. It doesn't fix it, I tried. As this issue can be caused by both malware and web protection, the symptoms vary depending on which of them or if both stop responding when Malwarebytes starts, DNS resolution issues being common theme and most noticeable, but they are just a part of the whole picture. List of all symptoms I encountered so far, not all of them manifesting simultaneously: - slow DNS resolution everywhere, probably caused by web protection; - temporary slow DNS resolution in web browsers that goes away after a few minutes but it's permanent in other programs and returns in web browsers when restarting them and then goes away again, probably caused by malware protection; - Windows security app takes minutes to display its contents, probably caused by malware protection; - visual basic scripts executed from Command Prompt take minutes to run even if they have very low complexity, probably caused by either of these problematic protection modules (extra: it is impossible to get MSYS2 packages updates due to permanent connection time outs); - Malwarebytes UI can no longer be opened after performing exactly 2 protection state switch operations via tray icon of any protection module(s), either same or distinct until Windows is restarted, if at least one of these problematic protection modules is acting up, with last protection state switch operation being unsaved and thus being lost and reverted on next Malwarebytes startup; - Windows hangs to an empty black screen if currently signed in user logs out, probably caused by either of these problematic protection modules; - if fast startup is enabled and it's not overridden by SHIFT key, Windows can hang during shutdown after display disconnect step or next boot to a black screen and frozen mouse cursor, probably caused by either of these problematic protection modules; - attempting to stop any of these symptoms by quitting Malwarebytes via tray icon or by stopping Malwarebytes Service from Microsoft Management Console Services snap-in results in Malwarebytes Service getting stuck stopping until Windows is restarted and the annoying symptoms not getting better, probably caused by either of these problematic protection modules.
  12. Everything seams to be fine so far. Did a license and deactivation and reactivation to put real-time protection drivers through a stop/start cycle which went through without incidents.
  13. My problem seams to resemble to some reports from here: Currently running MBAM 4.0.4.49 CU 1.0.810.
  14. Yes, fast startup is enabled. Disabling fast startup doesn't solve the problem because as soon as this issue starts happening the more likely is to happen again. I noticed this issue can even happen during the same Windows session Malwarebytes is installed if Support tool was used for removal.
  15. Going into safe mode then rebooting to normal mode increases chances of encountering this problem. It can still happen with 4.0.4.49 CU 1.0.804.
  16. I was able to encounter this on 2 systems: - Windows 10 Version 1809, Intel Core i3-3220; - Windows 10 Version 1909, Intel Core i3-2375M.
  17. This still seam to happen with 4.0.4.49 CU 1.0.793. But I think I know how to reproduce more reliably now. Any of the following could do it: - delay real time protection by 45s; - apply Windows updates on a computer with CPU clock < 2GHz and with HDD instead of SSD, Malwarebytes naturally takes longer to start when Windows is patched; I don't think this can be reproduced on a computer with SSD due to very short boot. So only slow computers can reproduce it.
  18. Disabling malware protection seams to paradoxically help with slow DNS resolution. And disabling both malware and web protection is necessary to avoid hangs on logout and fast boots. Currently I am using Windows Defender with Malwarebytes without real-time protection. I also use NoScript and Malwarebytes Browser Guard in Firefox.
  19. I only have 1 computer running MB4 which is also the only computer running an insider build even though I haven't enrolled this computer into Windows insider program. No impact. I actually changed it to manual at some point and made no difference.
  20. I think some logs were missing because I ran the support tool with this issue in effect so downloads timed out. Attached FRST logs. I noticed some errors in Addition.txt that are more or less on the mark: - Error: (10/15/2019 05:10:18 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. - Date: 2019-10-14 20:43:57.969 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Consequences of the issue - Error: (10/14/2019 07:07:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. - Error: (10/12/2019 09:53:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:31:59 PM on ‎10/‎12/‎2019 was unexpected. FRST-Logs.zip
  21. Attached the logs. Some notes though: - I chose to disable ransomware protection by weighting protection need for my attack surface with potential for even more bugs like ones that existed in the past and my ability to respond to such an attack; - I also have Malwarebytes Anti-Exploit Beta 1.13.1.117. I chose to delay real time protection by 45s in Malwarebytes Anti-Malware to avoid the boot time race condition that can occur if both products are installed simultaneously. mbst-grab-results.zip
  22. Since I began testing MB4 I noticed one issue that can happen when Malwarebytes real time protection starts for the first time until Windows is rebooted. This may or may not happen. It's like a lottery. When it does happen it causes heavy delays to DNS resolution, without actually affecting network bandwidth. Also in this state 2 use scenarios can completely hang the system: - Windows is shutdown with fast startup enabled. In this case Windows takes almost double time than usual on shutdown and completely hangs on next startup to black screen with mouse cursor that is unresponsive too, - current user logs out. In this case Windows completely hangs to black screen before displaying the login screen. As an extra, when this issue occurs Malware protection cannot be turned off and if it's attempted the UI can no longer be opened. It probably hangs too.
  23. This issue actually started in 1.12.1.136. Sorry for not reporting it sooner. I thought this was caused by MBAE becoming a bit more unforgiving after the new chromium based browsers protection with the clever tricks I am using in my project to spawn an elevated Command Prompt from a standard one passing a parameter in the process to "transfer" a variable in the elevated context if UAC prompt is accepted and keep the standard cmd open waiting for user action even after the elevated cmd finishes and it is closed. I use Powershell to accomplish all this. Elevated cmd spawn calls with a variable value as parameter https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pythonpackages.cmd#L59 https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pythonpackages.cmd#L71 Code that runs with admin rights: https://github.com/pal1000/mesa-dist-win/blob/master/buildscript/modules/pywin32.cmd It first receives the variable from the standard user context before proceeding any further.
  24. - manually allow the domain (and subdomain) listed in alert. I said manually because temporary and permanent allow links from alert are broken as well.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.