Jump to content

LiquidTension

Staff
  • Content Count

    2,967
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. Thanks for the information, alQamar. Whilst 1903 is a preview build and issues are to be expected, we're still interested in learning more about what you've experienced given how close to release this version of Windows 10 is. Are these issues only seen when the Malwarebytes license state is trial or premium? You mentioned trial expired/free in one of the points. When Malwarebytes is no longer in trial/premium mode, do the issues quoted above no longer occur? If no other security product is registered in the Security Centre, this is not expected behaviour. When Malwarebytes is running in trial/premium mode, the default setting is for the program not to register in the Security Centre providing no other third-party program is registered. If you experience this behaviour again, please run the Malwarebytes Support Tool immediately after (refer to post #2) so we can take a closer look. It's expected for Malwarebytes to remain registered in the Security Center for a few days after reverting to trial expired/free. However, it's not expected for Malwarebytes to register in the first place if Windows Defender is the only installed security product and the Malwarebytes settings are left as default. To confirm, you left the following setting as default?
  2. Hello, We've just released a new components package update (v1.0.586) that addresses the issue. See here: https://forums.malwarebytes.com/topic/242280-ladies-and-gentlemen-mb371/?do=findComment&comment=1309638 Please let us know how you get on. Thanks again for reporting this!
  3. Hello, I'm sorry to hear of the issue you're experiencing. Please carry out the instructions in the post above and provide the generated mbst-grab-results.zip file so we can take a closer look at the issue.
  4. Thanks for the file. Testing shows that Symantec Desktop Encryption 10.4.2 MP2 registers an LSP/Winsock DLL which is causing MBAMService to crash. This is a known issue with Malwarebytes version 3.7 on Windows 10 due to the introduction of an Early Launch Anti-Malware (ELAM) driver. We're currently working on a fix for this issue. I'll provide an update once it's released. Support have informed me that you also have a help desk ticket, so you will get a response to that as well.
  5. Hi hexaae, Just to clarify, the "I want to continue to this site anyway" string of text is not intended to be a clickable link that brings you to the blocked website. Clicking it or the blue circle to the right is only intended to reveal a message box explaining the implications of visiting the website and providing a link to instructions on how to setup a exclusion should you wish to circumvent the block. For reference, the message box is depicted below. The "Go Back" button is not intended to bring you to the blocked website either. Clicking the button performs an operation that is intended to return you to the previous page that was loaded prior to the block occurring and not the actual website that was blocked. Depending on how you access the website or how you have your browser configured, there may be nothing to return to. If you trust the website and wish to circumvent the block, you will need to add an exclusion for it in Malwarebytes. With that said, our Research team have reviewed the block on the website in question (the one referenced in the URL found in post #2) and determined it is no longer required. As a result, the block is being removed. This change will be included in a database update released shortly. Later today, you should find that Malwarebytes no longer blocks the website (with or without an exclusion).
  6. Hello, Thanks for reporting the issue. Please could you carry out steps 4 and 5 in the topic linked below so we can take a closer look at the setup of your computer: https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/
  7. That's not a problem. Thanks for the update. As you don't intend on using the Changed Block Tracking feature, there's no need to use the updated mrcbt.sys driver file. For completeness, you might want to uninstall that feature from Macrium Reflect as the driver is still loaded at boot even with the option unchecked. To do so: Open Programs and Features -> Right-click Macrium Reflect and click Change -> Click Next followed by Modify -> Uncheck Install CBT and click Next -> Click Install -> Reboot the computer. We haven't seen any issues specifically between Macrium Reflect and the Ransomware Protection component, so it's possible it was the reboot that solved the issue (following on from the earlier unexpected shut down). Please continue to monitor the computer and let us know if you encounter any further issues.
  8. Malwarebytes version 3 has never officially been supported on Windows XP SP2. The legacy Malwarebytes Anti-Malware version 2 was supported on Windows XP SP2, but please note that this product reached end of maintenance nearly 2 years ago. It does still receive definition database updates, but it is severely lacking in detection capabilities and other areas when compared to Malwarebytes version 3 (in Free mode). My advice would be to strongly consider moving away from XP in favour of a support Operating System. If this truly isn't possible, the legacy Malwarebytes Anti-Malware version 2 can be downloaded using the following link: https://malwarebytes.box.com/s/4usptr0ghcqoer1z07o1br2yk9g2cbtd Yes. For Malwarebytes version 3 and Malwarebytes Anti-Malware version 2, Free mode includes the ability to run scans on specific files/folders. Real-Time Protection drivers are installed dynamically in Premium/Trial mode. Once reverted to Free, those drivers are automatically uninstalled. There are no leftover running elements from the Premium/Trial mode.
  9. Hello, Thanks for reporting the issue. The system freeze you originally experienced was likely caused by the mrcbt.sys driver belonging to your installed Macrium Reflect product (specifically related to the "Changed Block Tracking" feature). We've had a few reports from other users experiencing similar freezes and analysis of dump files obtained from the users revealed the source to be operations performed by Macrium Reflect's mrcbt.sys driver. I suspect the subsequent issues you encountered with the Anti-Rookit module not starting are related to the machine's forced/ungraceful shut down. I recommend starting by addressing the system freeze. From your logs, I can see that the Changed Block Tracking feature is enabled in Macrium Reflect. Macrium have provided an updated version of their mrcbt.sys driver file that is intended to help address the issue. It can be downloaded from here: https://updates.macrium.com/mrcbt/64/mrcbt.sys Replace the mrcbts.sys file in C:\Windows\System32\drivers with the updated version from the download link above and then reboot your computer (this is important). Afterwards, please let us know if you encounter any further issues with system freezes and or Rootkit scanning within Malwarebytes.
  10. Hello, When changing settings within Malwarebytes, are you dragging the toggle across as depicted below? This will sometimes result in the setting not being saved. We have a defect filed for the issue. To guarantee the setting is saved, tap/click the different setting position as depicted below. If the above does not apply to what you are seeing, please provide the requested troubleshooting information mentioned in post #2 along with additional details on what settings you are changing.
  11. Hello, The current version of Malwarebytes has no installation compatibility issues with Kaspersky Security Cloud. Please try installing Malwarebytes using the following link: https://downloads.malwarebytes.com/file/mb3 If you encounter an issue during installation, please take a screenshot of the error and provide it to us in a post.
  12. Hello, We have a defect filed for the erroneous creation of a duplicate/additional scheduled scan in a certain scenario (involving license state changes). Ultimately, we would need the logs requested in the post above to confirm if the cause of your issue is the same or not. However, I do understand if you would prefer not to provide them.
  13. Hi @JustRay, Does the block occur with all CNN.com pages or just certain pages? Can you provide the URL of a CNN page that you experience the block on please? To help us better understand why you're experiencing this block on the CNN.com website, capturing a trace with a program called Fiddler will help. Here are steps on how to do so: Close your browser. Download and install Fiddler: https://www.telerik.com/download/fiddler/fiddler2 Launch the program once installed. Open Google Chrome and navigate to a CNN webpage that you experience the Malwarebytes website block on. When the Malwarebytes block occurs, return to the Fiddler window and save the trace by clicking File followed by Save followed by All Sessions. Once saved, open the folder containing the .saz file. Right-click the file and click Send to followed by Compressed (Zipped) folder. Please send a Private Message to me (hover over my name and click Message) with the Zip file attached. Thank you!
  14. Hi @boombastik, Thanks for reporting the issue. I can reproduce the behaviour you're experiencing. We are investigating the issue further and will provide an update as soon as possible.
  15. Hello, That's the correct file. Premium/Trial/Free share the same installer file. Once you install Malwarebytes on your computer, you may find Malwarebytes is in Trial. To deactivate the Trial and set Malwarebytes in Free mode, refer to the following article: https://support.malwarebytes.com/docs/DOC-1033
  16. Thanks for the update. I'm glad to hear all is now well. Let us know if there's anything else we can help with.
  17. Hi @DSperber, Thanks very much for keeping us up-to-date with the contact you've had with Macrium. Our analysis of the dumps you recently provided show the same set of conditions and deadlock cause. Please do let us know how you get on with the updated version of mrcbt.sys that Macrium provided you. The Malwarebytes service logging indicates a correlation between the Self-Protection module and those events being logged to the Windows System Event Log. If you find they still persist, we can certainly continue looking into this. I don't believe they are associated with the freeze/deadlock, but it would certainly be worth verifying if they still persist after the deadlock no longer occurs. Your deadlock occurs between a RegUnloadKey operation performed by MBAMService (the main Malwarebytes service) and a RtlQueryRegistryValues operation performed by mrcbt.sys (in which it tries to acquire a CmpRegistryLock resource). Taking Malwarebytes out of the equation changes the scenario.
  18. To confirm, did you uninstall and then reinstall McAfee? Please repeat the Malwarebytes Support Tool steps (#4 and #5) in the topic linked below: https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/
  19. Hi @Howtodestroy, Your license key is currently showing as activated on the same machine that the Malwarebytes Support Tool was run on. To confirm, were you eventually able to activate Malwarebytes Premium? What's the current situation with your Malwarebytes product?
  20. Hi @Winjama, Thanks for reporting the issue. Please could you provide the following information: Export Event Logs Press the Windows Key + R on your keyboard at the same time. Type eventvwr.msc and click OK. Expand Windows Logs. Right-click Application and click Save All Events As.... Name the file application and click OK. Repeat for Security and System. Navigate to the location of the files. Highlight the three files, right-click one and click Send to followed by Compressed (zipped) folder. Name the Zip file EventLogs.zip and attach the file in your next reply.
  21. Thanks for the information and files. The dump is consistent with other blue screens we see when McAfee is installed and an email client (Outlook, Thunderbird, etc) is opened. This is typically fixed with a reinstallation of McAfee. As you have McAfee Total Protection installed, please uninstall the program and verify the blue screens stop. Afterwards, you can reinstall the McAfee product if desired and should find no further issues encountered.
  22. That's understandable. We appreciate your efforts with assisting the troubleshooting of the issue. Please note that the freeze has still been observed by some users even after Malwarebytes is no longer installed. With that said, investigation is still on-going and we are actively looking into whether a change on our side can help alleviate this issue for users with Macrium Reflect and Malwarebytes installed.
  23. Please do share the findings with Macrium. I would also strongly encourage you to share the MEMORY.dmp file with them as well. If you encounter another freeze with the latest version of mrcbt.sys installed, we'd be happy to take a look at the dump file.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.