Jump to content

LiquidTension

Staff
  • Posts

    4,192
  • Joined

  • Last visited

Everything posted by LiquidTension

  1. Hello, The mbam.exe crash is being caused by Dell Backup and Recovery. Uninstalling this program (or possibly updating it to the latest version) will prevent the crash from occurring. This program is known to cause crashes and various other issues with any Qt-based applications.
  2. Hello, The attached logging shows too many failed activation attempts within a short period of time. If you're still experiencing an issue, please wait 24 hours without attempting to activate and try again once. If you still experience an issue with activation, please rerun the Malwarebytes Support Tool and attach the generated file.
  3. This is caused by file system redirection as Kaspersky's UI is 32-bit. You will need to replace "System32" with "Sysnative" in the file paths being entered (C:\Windows\Sysnative\drivers\mwac.sys, etc).
  4. Are there any particular actions that typically trigger the BSOD? What installed programs are typically running when the BSOD occurs? Excluding Malwarebytes, are you running any VPN/network filtering software? How often does the BSOD occur? Is it random, immediately at startup, after several days of uptime, etc? @eee I've sent you a message with some steps to generate additional debug logging for us.
  5. Thanks for the report. We've identified the cause of this issue and are working on a fix for those who have yet to install the latest component update version (1.0.1003).
  6. Thanks for the report. We've identified the cause of this issue and are working on a fix for those who have yet to install the latest component update version (1.0.1003).
  7. @TaxMan How are you opening the scan report? Are you navigating to the Reports page within the UI and double-clicking the report directly? Or when the scan completes, are you clicking the "View report" button on the notification that appears when the UI isn't open? There is a known issue with the second point that results in incorrect information being displayed in the report. Please provide the explicit steps you're taking.
  8. Thanks for the update. This is most likely related to Avast Secure Browser being added as a custom protected application. This browser (like Google Chrome, Microsoft Edge, etc) does not want third-party DLLs injected into it, which is why the following code integrity error is being logged: Date: 2020-07-22 18:05:12.051 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements. Consequently, when a component update is performed, there's a much higher likelihood of an issue occurring when attempting to unload the MBAE DLL which will prevent the file from being successfully updated in that Windows session. This is why the issue no longer occurs when the machine is restarted. We removed DLL injection into Google Chrome and Microsoft Edge for this very reason as we found it often resulted in issues occurring after a component update. I would suggest removing Avast Secure Browser as a custom protected application and verifying there are no further occurrences of this issue after a component update is installed.
  9. Yes, the file is downloaded automatically by the Malwarebytes Support Tool and used when the log gathering functionality is selected by the user. It's completely safe. The detection you've encountered is a false-positive and can be disregarded.
  10. Thanks for the information. For anyone having an issue with deleting report files, could you run the Malwarebytes Support Tool please and provide the generated file: https://support.malwarebytes.com/hc/en-us/articles/360039023453
  11. To confirm, these are machines that are also unable to add to the Allow List? If so, it's the same issue and either deleting the IrisPlugins folder or waiting 24 hours for the next automatic Iris check-in will resolve the issue. The files are related to in-app messaging, so aren't needed. New copies will automatically be downloaded at a later point in time.
  12. Hi all, Regrettably, there is still an issue for some machines. Clean uninstalling isn't necessary. To restore full UI functionality immediately, disable Self-Protection and delete the following folder: %ProgramData%\Malwarebytes\MBAMService\IrisPlugins. Re-enable Self-Protection afterwards if necessary. We are actively taking measures to minimize the impact of this and restore full UI functionality to all CU 1.0.1003 users. Thank you for the continued feedback.
  13. Thank you again for the report. As noted above, we are working on a fix and intend to release an updated installer version for both the Malwarebytes and Malwarebytes Privacy products. Also note for an existing installation of Malwarebytes, C:\Program.exe is detected if a scan is run or upon execution if Malware Protection is enabled. This of course doesn't solve the issue but does mitigate it in some manner in the event the installer is run on a machine already running Malwarebytes.
  14. The Support Tool only uses an HKCU\...\Run value as a backup. The default startup mechanism is a scheduled task. The Run value is created when the scheduled task creation fails. Are you performing a Clean/Repair in Safe Mode? Your OS version is being interpreted as Windows Vista or lower. We will look into this. Are there any compatibility flags set on the downloaded mb-support-{version}.exe file (or the browser with which you downloaded the file)? It does, but only if the FRST executable is successfully downloaded when the tool is first launched. In your case, the file is not being downloaded successfully due to a network issue so FRST is not run when you gather logs. The %LOCAALAPPDATA%\mbam path is included as part of cleanup and in most cases is successfully cleaned up. We are however aware of a couple of issues and have defects filed, which we hope to address in a future update. The %Temp%\mbam and %Temp%\MBAMInstallerService.exe paths are intentionally not included as part of cleanup, so it's expected to see these paths remain.
  15. Hi all, The issue with various UI controls (Add exclusions, advanced Exploit Protection settings, etc) will no longer be an issue once this beta version is released to all users. Note that this issue does not affect all beta users. If you're in need of using these UI controls now, you will need to downgrade to the latest non-beta version. Thank you for sharing feedback.
  16. That feature already exists. Disabling the "Show all notifications in Windows notification area" setting will disable all green colour-coded notifications. Disabling orange and red notifications is not possible.
  17. Thank you for the feedback on this. We have a request filed to evaluate whether it would be feasible to separate the "Scan complete" notification from other notification types. This would allow you to suppress "Scan complete" whilst retaining all other notifications. We'll post to this topic if this is something we address in a future product update.
  18. Hello, We are actively working on improvements to Ransomware Protection performance. If you're still experiencing an issue after rebooting the machine, could you provide more detail on exactly which type of activities triggers the performance degradation? You mentioned watching a Netflix film in your original post. How are you watching Netflix (browser, Netflix application, etc)? Does the performance issue only occur with this particular activity or other activities as well?
  19. Hello, This is currently expected behaviour. It doesn't indicate an issue with the Web Protection being provided by Malwarebytes. The concept of a "Web protection" provider in Windows is relatively new and wasn't present in older versions of Windows such as Windows 7. It's something we may evaluate in the future. Here is some additional insight into the "Web protection" security provider in Windows 10: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning-windows_10/windows-defender-windows-security-web-protection/6ab606a9-a212-47f2-bbed-bfb8610e6d3e Thank you for the feedback.
  20. Thanks for the report. We're aware of the issue and are currently investigating.
  21. Thanks for the update. Could you provide the log file mentioned in my previous post please so we can look into why the issue initially occurred? Thank you!
  22. Hi @Silver_fang, Has the BSOD/GSOD been exhibited with Malwarebytes component package 1.0.979 or higher? You can check which component package version is installed using the Settings -> About page in Malwarebytes.
  23. Hi @gixxerbwm, Thanks for the update. Have you rebooted the machine since installing component package version 1.0.990? If not, could you do this now (ensure you use the "Restart" option; not "Shut down") and verify you experience the same issue? Could you also run the Malwarebytes Support Tool and provide us the mbst-grab-results.zip please so we can take a closer look at the issue. Finally, please describe the exact issue you're currently experiencing in more detail. Thank you!
  24. Your logs from 10 days ago show you have quite an outdated version installed. Please update to the latest version (Malwarebytes version 4.1.2, Component update package 1.0.979 or higher) and verify if the issue persists or not. If the issue persists: We need to confirm if Malwarebytes is definitely involved. Does the issue still occur if Avast is uninstalled and Malwarebytes is left fully enabled? Is a particular Real-Time Protection component in Malwarebytes involved? I would suggest starting with disabling Web Protection. Can you provide the full kernel dump generated from the BSOD (C:\Windows\MEMORY.dmp)?
  25. Hello, It's expected not to see the MBAE DLL injected into Google Chrome processes. Exploit Protection no longer injects into Google Chrome. However, it should be injected into Firefox processes. Could you restart the machine and confirm if you see the same behaviour or not? If the MBAE DLL is still not being injected into Firefox processes, please do the following: Launch Firefox. Enable debug logging in Malwarebytes (Settings -> Event log data). Right-click the Malwarebytes icon in your system and click Quit Malwarebytes. Wait ~15 seconds. Relaunch Malwarebytes and wait for the UI to open. Verify the MBAE DLL is not injected into Firefox processes. Gather logs with the Malwarebytes Support Tool and attach mbst-grab-results.zip: https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.