Jump to content

LiquidTension

Staff
  • Content Count

    3,119
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. If a website isn't being blocked, you can assume it's not in the database. To confirm, use the steps provided earlier to report the website. For the components that utilise a form of an updatable database - yes.
  2. Hi @mpgioia, Thanks for the report. How are you monitoring the network performance degradation? Does this issue affect all network activity or only when performing certain actions? Quite often, issues of this nature are caused by the interaction between Malwarebytes and one or more other programs installed on the machine. We have not had any other reports of this and the issue is not currently reproducible, so it is likely other factors specific to your machine/environment are involved here. Please could you perform a clean boot using the instructions linked below. Ensure you re-check Malwarebytes Service so it's left enabled. https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows After the reboot, reassess the situation and let us know if you still encounter an issue.
  3. Hello, Just to clarify, the issue you're having with Malwarebytes for Windows is the following: Visiting a website that you believe should be blocked is not blocked by Malwarebytes Web Protection. However, once a file is downloaded from the website and executed, it is detected by Malwarebytes Malware Protection. If this is indeed the issue, then it is likely a case we do not have the website blacklisted in our Web Protection database. As mentioned, the website(s) in question will need to be reported to our Research team for analysis.
  4. Hi @Kanelakis, I'm afraid there's an issue with your license key that will need to be resolved as soon as possible. I will provide further details in a private message.
  5. Hello, Thank you for reporting this. Please carry out the technical issue steps in post #2 and provide us the generated file.
  6. Hello, This is currently expected behaviour. Certain advanced Exploit Protection settings are not compatible with some software. As a result, the setting(s) will automatically be disabled when Exploit Protection is turned on (e.g. at Malwarebytes Service startup) if a potential software conflict is detected on the system.
  7. Hi @jamesl92 , Thanks for reporting this. We can reproduce this behaviour and are looking further into it.
  8. Hi @Kanelakis, Thanks for your post. Just for reference, the initial issue you had was with your license key usage being maxed out. It appears the license key had been activated on a different machine and thus your license state was dropped when the auto redeem took place during the upgrade. Due to the repeated failed attempts to activate, the error message changed to, "Installation token not found". This was expected. I assume that at some point, you manually deactivated all used seats for your license. Due to the "Installation token not found" error only being a temporary measure in your case, you were therefore able to activate successfully at a later date.
  9. Thanks for your patience. We're still reviewing the dump file. In the meantime, could you try booting into Safe Mode with Networking and check if the crash still occurs please. https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode
  10. It looks like mbam.exe is crashing when it's launched. Given the process is crashing (as opposed to hanging), you might find it difficult to generate a dump using Task Manager. Instead, you can enable automatic creation of dump files for application crashes using the steps below. Enable User Mode Crash Dumps Please download enable_crash_dumps.bat using the link below. → https://malwarebytes.box.com/s/eug9gmk7i1xqeugb0xobjlqcsfb4uv1e Open your Downloads folder. Right-click enable_crash_dumps.bat and select Run as administrator to run the file. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A black Command Prompt window will appear. Upon completion, press any key to exit. Once done, please reproduce the issue you're experiencing. Once done, reproduce the issue by attempting to opening Malwarebytes. Then wait at least a minute and carry out the following steps: Collect Crash Dump Press the Windows Key + R on your keyboard at the same time. Copy %localappdata% and paste into the Run box. Click OK. A folder will open. Inside you should see a folder named CrashDumps Right-click the CrashDumps folder and click Send to followed by Compressed (Zipped) folder. Move the created Zip file to your Desktop. Go to WeTransfer.com in your browser. Click Add your files, navigate to your Desktop and double-click the Zip file. Click (...) and select the link radio button under Send as. Click Transfer. Upon completion, copy the download link and include it in a post.
  11. Thanks very much. We've reproduced the issue with the Desktop shortcut setting not being honoured and a defect has been filed. The issue is specifically related to install scenarios that require a reboot (e.g. due to a Malwarebytes PFRO from a prior uninstallation) before file installation commences.
  12. Hi @unknownguy, Thanks for reporting this. We can see that your detection reports are no longer on the machine, which is why nothing happens when clicking the notification. We're currently discussing whether this should result in the notification being removed from the Notification Centre. You can click the "Clear All" button to remove the notifications. As for why the detection report files are no longer present - unfortunately, it's not clear. How did you update to Malwarebytes version 3.8.3?
  13. Thanks. Are there any files named Setup Log {date} #{count}.txt (e.g. Setup Log 2019-06-28 #001.txt) in either %temp% or %systemroot%\temp? This is the log file we need. The Malwarebytes Support Tool will grab all setup logs from both locations.
  14. Hi @zukester, Our Web Protection team have determined the block is no longer required. It will be removed in the next database update scheduled for release later today. If you need to access the website immediately, you can configure an exclusion using the "Exclude a website" instructions in the following KB article.
  15. This is expected in some scenarios scenarios. The setup logs will help confirm exactly why the reboot was required in your case. This is expected behaviour and whilst it is possible to run both programs in conjunction with one another (with Exploit Protection disabled in Malwarebytes), it's not a setup we officially support. We haven't been able to reproduce this issue. Do you have the setup logs from the installation that this occurred with? This is also expected behaviour. After the reboot, the installer resumes silently in the background. As this installation is completely silent with the installer UI not being displayed, we opt to intentionally open the UI at the end of the installation to signify Malwarebytes is installed and running.
  16. Thanks very much for the feedback. We'll certainly look into whether there is anything we can do to account for possible network issues during the license unredeem/redeem process.
  17. Thanks for providing the file. The service logging indicates the main factor involved was a network issue that occurred as Malwarebytes attempted to automatically unredeem the license as part of the uninstall process. This was combined with a second factor (that would otherwise not be an issue on its own). As a result, the license state was reverted to free (and then switched to trial as part of the latter stages of the installation process. 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "httpconnection.cpp" 344 "HTTP POST - host not found" 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "httpconnection.cpp" 1485 "Exception details: text=Host not found: keystone.mwbsys.com" 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "keystoneimpl.cpp" 836 "Received a [-3] response from Keystone. This isn't one of the expected httpStatus returns." [...] 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::SendKeystoneRequest "keystoneimpl.cpp" 862 "Network connection error" 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneUnredeem "keystoneimpl.cpp" 368 "SendKeystoneRequest failed trying to Unredeem with Keystone. Code: -3, Message: " 06/20/19 " 17:08:31.850" 17531 0e20 1620 WARNING LicenseControllerImpl mb::licensecontrollerimpl::KeystoneImpl::KeystoneUnredeem "keystoneimpl.cpp" 375 "Error trying to Unredeem with Keystone. Code: -3" In this particular case, reverting to free/trial was expected.
  18. Thanks for the feedback. We have a defect filed for the issue. In terms of your machine, the issue won't occur again now that we have recreated the ELAMBKUP folder.
  19. Thanks. I updated the script to properly detect your OS (which you confirmed was successful). The issue during the initial installation was caused due to the following folder not being present on your system: C:\Windows\ELAMBKUP Malwarebytes didn't accommodate for the fact that this folder might be missing.
  20. Thanks for the file. In a normal Windows installation, a folder is created (by Windows) to house backup copies of ELAM driver files in case the file residing in \system32\drivers becomes corrupt/goes missing and needs to be repaired by Automatic Repair. The path for this folder is specified as data for the "BackupPath" value found in the HKLM\SYSTEM\CurrentControlSet\Control\EarlyLaunch key. By default, this points to %SystemRoot%\ELAMBKUP. It appears the %SystemRoot%\ELAMBKUP folder does not exist on your system. This is a scenario that Malwarebytes Service (MBAMService) does not currently account for and as a result, it erroneously copied the backup MbamElam driver file to %SystemRoot% with the wrong file name: 2019-06-19 12:24 - 2019-03-24 13:57 - 000020936 _____ (Malwarebytes) C:\Windows\ELAMBKUP To correct the issue on your machine, you can run the following batch file (download the file and double-click): https://malwarebytes.box.com/s/vsr70c0t1n1kcrpt2zvo720sgfi5n2i7
  21. This isn't the case. Contacting Malwarebytes Support is not automatically required. If you have a 2Checkout subscription for Malwarebytes Premium, MyAccount can be used to cancel automatic renewal. To access this, refer to the following KB article. Note that the actual option to cancel automatic renewal is not depicted in the images. The option is only visible to 2Checkout subscription users. If you have a Cleverbridge subscription for Malwarebytes Premium, the original confirmation email sent when the subscription was purchased contains a "Manage Subscription" link that can be used to cancel automatic renewal.
  22. Hi @1PW, We'd definitely like to investigate further. Please could you send me the mbst-grab-results.zip from the affected machine along with details of the license that was originally activated on the machine prior. Thanks!
  23. Thank you for feedback, everyone!
  24. Hi @MAXBAR1, Thanks for letting us know. Would you mind carrying out the "technical issue" instructions in the topic linked below so we can investigate the error message further? https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/
  25. Thanks for the report. At this current time, we've opted to leave this behaviour as it is and instead address this as a known issue with a KB article. It's possible we may be able to implement a solution in a future version. We currently want to avoid forcing a reboot of the machine to replace the shell extension DLL, which is the route we'd need to take in Malwarebytes for Windows version 3.x to address the issue.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.