Jump to content

LiquidTension

Honorary Members
  • Posts

    4,182
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. The standalone Malwarebytes Anti-Ransomware cannot be installed on a machine with Malwarebytes already installed. Hi Paul, I certainly understand the frustration. Unfortunately, we do not have any information to share at this current time. As soon as we do, a post will be made on the forum.
  2. Thank you! Hi @torrey, which Malwarebytes product are you using?
  3. Hi @CeeBee, The files are all counter-signed, which proves the validity of the signing signature despite it being expired. This can be seen in any of the file properties (e.g. open mbarw.exe properties -> Digital Signatures -> Open details -> Countersignatures -> Details). What's important is the signing timestamp of the counter signature, which is before the certificate expired. You can read more about this here: https://docs.microsoft.com/en-us/windows/win32/seccrypto/time-stamping-authenticode-signatures
  4. Hi @Eagle12, Thanks for those dumps. Unfortunately, minidumps aren't particularly useful. Could you zip up and upload the full memory dump found at C:\Windows\MEMORY.dmp please? Also, please provide the following information: When did this BSOD first start occurring? How often does it occur? Are you able to consistently reproduce it or is it random? What actions typically cause it to occur? What were you doing with the computer when it last occurred? If you temporarily uninstall McAfee and reboot the computer, does the BSOD persist?
  5. Thanks for letting us know about this. Please could you zip up and provide C:\Windows\MEMORY.dmp (assuming it was created) along with logs from the Malwarebytes Support Tool: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually
  6. Thanks Phil. That's consistent with our findings. Once we have an update on the issue, I'll respond back to this topic.
  7. Thank you! In case it helps, the follow article outlines how to enable user mode dump creation: https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps Also, if you're able to associate the crash with a particular set of actions, this will greatly help with our efforts to reproduce the issue.
  8. Malwarebytes uses plain text files (with JSON formatted data/.json file extension) located in %ProgramData%\Malwarebytes\MBAMService\config to store product settings. Windows System Restore does not monitor this type of file. See About System Restore. If you are looking to restore the Malwarebytes settings to default, you can use the "Restore default settings" button found in Settings -> General (scroll to the bottom).
  9. Thanks for the report, @AnotherConcernedCitizen. We haven't been able to reproduce this issue yet. I've sent you a PM with steps to generate some troubleshooting data for us.
  10. Hi @BillH99999, Do you have NVIDIA HD Audio Driver installed? Please could you start with logs from the Malwarebytes Support Tool: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually
  11. Thank you for the report. Do you have any dumps files from these crashes? If automatic dump creation is enabled, %localappdata%\CrashDumps is the default location to check. Without any dumps or methods to reliably reproduce this, I'm afraid there isn't much we can do here.
  12. Thank you for the report. We have a defect filed for this issue. Until we're able to release a fix, please keep the exclusions in place.
  13. The event log excerpts found in the Addition.txt file is a good starting point to check if there's indication of an Ant-Exploit-related crash. If you perform a clean boot, do you experience the same issue? https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows (leave anything Malwarebytes-related enabled/checked)
  14. Hi @MJBJ, Thank you for the file. You currently have rootkit scanning enabled, which will often significantly increase the duration of the scan due to the low level nature of the scanning that is performed. To confirm if this is the cause, please disable rootkit scanning and run a manual Threat Scan. Open Malwarebytes. Click Settings. Click Security. Turn "Scan for rootkits" off under Scan options. Return to the Dashboard and click Scan. Please let us know how you get on.
  15. Hi @RaulV, The file indicates there are leftovers from a Malwarebytes Anti-Malware version 2 installation. Please use the Malwarebytes Support Tool to remove all leftovers and install the latest Malwarebytes version 4. https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool
  16. Thank you for the report. Please note that winrar.exe is added as a protected application by default (albeit, it is not included in the "Default" list displayed within the user interface). The expected behaviour here is for an error message to be displayed indicating the application is already protected. A defect has been filed to correct this.
  17. Hi @Flintheart, If you prefer not to post the file publicly, you are welcome to send a private message with it attached. What you are experiencing is too broad to single out any specific cause.
  18. Thank you for that information. We haven't been able to reproduce this with our initial efforts. A Process Monitor boot time log may help shine some light on this. If you're able to reproduce the detection once more, please generate a boot time log using the instructions in the article below: https://support.malwarebytes.com/hc/en-us/articles/360039025073-Use-Process-Monitor-to-create-real-time-event-logs (refer to the "Create a boot log" steps) Once you have the log, please provide the following: Process Monitor boot time log MBAMService.log Contents of the C:\ProgramData\Malwarebytes\MB3Service\ARW directory. Farbar Recovery Scan Tool logs: https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs Please ensure the second, third and forth items are uploaded after generating the Process Monitor log.
  19. Hi @BadgerBadger, Thanks for the report. Could you carry out the instructions in the article below on one of the affected machines please: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-manually This may give us more information on the cause of the issue you encountered.
  20. Thanks for reporting this, @BillH99999. We're aware of this issue and hope to have a fix in the next update.
  21. Hi all, Thank you for reporting this issue. Everyone's efforts here are greatly appreciated. We have a defect filed for this. We're currently working on various fixes and improvements to Web Protection, that we hope to make available in an upcoming update. Please standby for this. Once it's released, I'll update this topic.
  22. Hello, Thank you for the report. How many machines in total have encountered this? Please export the following keys and provide them to us: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Could you also carry out the following instructions and attach the two generated files: https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs
  23. Malwarebytes version 4 component package 1.0.750. It can be downloaded from: https://malwarebytes.box.com/s/z6cravnwptrzx5tyjw36jq6zt6c7apsx
  24. You can either revert to an earlier Malwarebytes version 4 component package version (download URL) that does not contain the issue or revert to Malwarebytes version 3.x (download URL). If you revert to a previous Malwarebytes version, you will need to disable the "Application updates" settings found in Settings -> General. Once we release a fix, you will need to update to the fixed version manually.
  25. Thank you for your patience. Unfortunately, we do not have an update on the issue at this current time. If you wish to have Web Protection enabled for the majority of your Windows session, it has been found that leaving Web Protection enabled and only disabling it immediately prior to performing the sleep/hibernation mitigates the issue.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.