LiquidTension

Thanks for that file. So just the action of opening it, starting a slideshow, etc does not trigger any detection for us. Without the exclusion for POWERPNT.EXE in place, do you find you consistently experience the Ransomware Protection detection for PowerPoint? If you're able to consistently reproduce it, could you try disabling or uninstalling your McAfee product and see if this has any impact. Can you provide any further details on what you were specifically doing with PowerPoint and the file you attached that resulted in the detection occurring? We're hoping to be able to reproduce this detection so that we can more reliably ensure it does not happen again in the future.

Hi Jack, Thanks for that file. However, we do need additional logs in order to begin looking into this. Could you run the Malwarebytes Support Tool please and gather logs with it: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually Thank you!

@frozen Can you consistently reproduce this detection? I see you've encountered multiple detections involving Firefox.exe. Are you performing any manual steps at all that trigger the detection or simply allowing Firefox to update automatically in the background? Could you zip up the C:\ProgramData\Malwarebytes\MBAMService\ARW folder and provide it for us please.

Hi @BDSolomon, Thank you for the feedback. This is an area we are actively working on to improve the overall user experience. At the very least, we would like to provide additional messaging earlier on that lets the user know a reboot may be required (before the upgrade process begins). We appreciate you voicing your concerns with the current process.

@tcloud Thanks for those files. Could you provide more details on what you were doing with PowerPoint that triggered the detection? As much details as possible would be appreciated. If you were working on a saved PowerPoint tfile, would you be able to share this with us so we can try to reproduce the detection?

This is a new feature we added with the latest component package update. As you've noticed, there's an issue with the correct timestamp being displayed. We have a defect filed for this and hope to address it in a future update as well.

The update is metered out so not all Malwarebytes users receive it at the same time. Your product would have eventually received the update if you didn't manually check.

Hi @Xauma95, Thanks for the report. The missing green text is a known issue with the latest components package version. We have a defect filed and hope to correct this in a future release.

Hi @tcloud, Assuming you have already restored the detected items from quarantine, please zip up and provide the following files: C:\Users\tc\Desktop\PowerPoint.lnk C:\PROGRA~2\ROOTSM~1\ROOTSM~1.EXE C:\Program Files (x86)\RootsMagic\RootsMagic.exe AxCrypt-1.7.2976.0-Setup.exe If you haven't restored the items, please zip up the following folder: C:\ProgramData\Malwarebytes\MBAMService\Quarantine Please run the Malwarebytes Support Tool and gather logs as well so we can take a closer look at the detections: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually Thank you!

Hello, Thank you for the information. We haven't been able to reproduce this issue when testing with the latest released components package version. With Ransomware Protection enabled, VueScan updates just fine from an older version to the latest (9.7.27). Could you make sure you have the latest components package version installed for Malwarebytes (1.0.867) and let us know if experience any further issues.

Thanks for the report, @possum. Could you zip up and attach the following folder please: C:\ProgramData\Malwarebytes\MBAMService\ARW. Which version of VueScan did you initially encounter an issue with? Which version did you successfully update to after disabling Ransomware Protection? Could you provide some more detail on what you were doing that triggered the issue? What steps did you take that resulted in the issue occurring? Please be as specific as possible. I don't see VueScan listed as an installed program in your logs. Is this a portable application? Could you confirm where you obtained it from?

Thanks. The FRST logs attached in your first post indicate there's no fully installed product, but there are leftovers related to Malwarebytes Endpoint Protection. It's possible log gathering is hanging due to this. Could you run the following cleanup tool please: https://support.malwarebytes.com/hc/en-us/articles/360038524734-Malwarebytes-Support-Tool-for-business-environments Afterwards, please rerun Farbar Recovery Scan Tool and provide fresh FRST logs.

Great, thanks for confirming!

Thank you for your patience. We hope to have this issue addressed as soon as possible. We'll provide an update to the forum once we have more information to share.

Hi @jerimiah124bullfrog, Your issue is being caused by the following proxy configuration: ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:14118;https=127.0.0.1:14118 Do you recognise this? Do you know where it came from? Installation of Malwarebytes will be possible once this is removed (or with use of the offline installer mentioned above).

Hi @enrique_badiola, Due to the state of the currently installed Malwarebytes service, you will need to clean reinstall using the Malwarebytes Support Tool. Please carry out the instructions in the following article: https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool Let us know how you get on.

Hi @mole13, During testing, we did indeed find the issue was not exhibited with the 2019 version. Many users also had the same result.

Without a dump file, it's difficult to comment further. There are existing BSODs in the current version, so it's possible the issue you've encountered is not yet addressed. We hope to have an update available in the near future that addresses a lot of the current issues with Web Protection (BSODs, loss of connectivity, etc).

@RKinCO You have a Windows Firewall rule to block network traffic from mbamservice.exe. FirewallRules: [{D11D6044-2A4D-44D1-8669-77379FC12447}] => (Block) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) This will need to be removed first. Out of interest, where did you download the Malwarebytes setup/installer file from? Did you get it from the Malwarebytes website or somewhere else?

Hello, Please carry out the following instructions and respond back with the mbst-grab-results.zip file saved to your desktop: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually Thank you.

Thank you for confirming. For time being, I suggest leaving this workaround in place. It will limited impact on the overall security of your computer. We have a defect filed for the issue and will be investigating further. Once we have an update, I will post back here.

Please start by getting Malwarebytes reinstalled: https://downloads.malwarebytes.com/file/mb-windows Do you recognise the following Opera extension? OPR Extension: (Translator) - C:\Users\kitka\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2020-02-29] It looks like this might be the source of your Web Protection blocks. Please try removing this extension after Malwarebytes has been reinstalled and check if any issues persist.

Hi @netguru, Thank you for this information. We're still currently investigating the issue. Could you try applying the following workaround in the meantime: Uncheck the two boxes depicted below. Click Apply.

Unfortunately, this isn't possible. Your best bet is to reboot the machine and allow the remediation to occur. Afterwards, you can restore the D:\SteamStuff\steamapps\common\Hades\x64\Hades.exe file from Quarantine.

Hi all, If you are able to still actively reproduce this issue with Malwarebytes version 4.1, we'd be interested to collect some additional troubleshooting data. Please do the following: Enable Event Log Data in Malwarebytes (open Malwarebytes -> Settings -> General -> Event Log Data). Attempt to reproduce the issue with Process Monitor running: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Once the issue is reproduced, stop the Process Monitor capture (click File > Capture Events). Save the log (click File > Save) and zip it up. Collect logs with the Malwarebytes Support Tool: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually Drag the C:\ProgramData\Malwarebytes\MBAMService\ARW folder into the mbst-grab-results.zip file saved to your Desktop. Provide us with the zipped up Process Monitor log and mbst-grab-results.zip file. Thank you!