[Malwarebytes and Microsoft Security Essentials conflicts]

If you're not having success with the exclusions, here's what worked for us within MBAM 1.80:

1 - Boot into safe mode with networking

2 - Open MSE – Go to Settings -> Excluded Processes and add the following:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamapi.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
C:\Windows\System32\drivers\mbam.sys

3 - Save Changes

4 - Shutdown and Boot into Normal Mode

Also, we're working on MBAE and we'll have more to share on that shortly. 

[Malwarebytes and Microsoft Security Essentials conflicts]

We can now confirm that excluding "c:\program files\microsoft security client" from MBAM 1.8 works. We are continuing to actively investigate.

[Malwarebytes and Microsoft Security Essentials conflicts]

5 minutes ago, RedCountyPete said:

I tried the exclusion set in MSE as recommended by vchhuor and bstephens, and it's working on my main machine. A threat scan ran in the normal timeframe (it was over 40 minutes yesterday morning, now 17 as in the past). Will apply this to MSE in the laptop.

Thanks for trying and letting us know. We'll update again when we know more.

[Malwarebytes and Microsoft Security Essentials conflicts]

1 hour ago, Lygoldstein said:

Disabling realtime scanning is not really an acceptable option and increases our risk.  The whole purpose of having two solutions is for the added protection.

As a long-term solve, we agree. This suggestion is only a workaround for right now.

 

57 minutes ago, vchhuor said:

Hi Everyone,

We followed the following guide to add MBAM as an excluded process for Microsoft System Center Endpoint Protection and it seems like it has fixed the issue. This way you don't have to disable realtime scanning.

https://support.malwarebytes.com/customer/portal/articles/1986791-what-exclusions-should-i-add-for-my-antivirus-when-using-malwarebytes-endpoint-secuirty-?b_id=6520

Thanks

Thank you for sharing.

 

48 minutes ago, Limon said:

This is affecting our (large) organization greatly.  Many of our users were interrupted throughout Friday, lots of lost work, and 1/3 of the IT staff pulled out of support roles to work on a root cause with no call-backs or response from MB. to submitted ticket(s), etc.  Users continue to lose work and the fact that the workaround is to disable Endpoint realtime scanning is a terrible idea.  How about specific exclusions we can add to endpoint?  How about calling back the customers who leave voicemails/open tickets?  Based on this forum it's only 6 calls that would help MB to retain customers.  Here is what would help us customers the most:

1. Acknowledge the issue and who is at fault - done, it's a Malwarebytes problem, not Microsoft

2. Communicate with the customer - sort of -- in a forum?

3. Provide an eta to a real fix with regular updates to manage our expectations--we have to answer to Management.

Thank you for your help and please, please keep providing updates and developments within this forum as this appears to be the only mode of support.  There's rumors out there that say we should exclude certain Malwarebytes files.  Is this valid and are you testing that?

We are still actively investigating the root cause.

[Malwarebytes and Microsoft Security Essentials conflicts]

We have no new updates at this time. Our suggested workaround is still disabling real-time scanning in MSE.

[Malwarebytes and Microsoft Security Essentials conflicts]

13 hours ago, RedCountyPete said:

I got the slowdown this morning, when I updated MSE definitions (new series: 1.233.51.0) and ran a threat scan on MBAM. Normally, it takes 18 minutes or so, but it was running over 40. MSE is running more or less at its normal speed, but I'm also seeing slowdowns in browsing. A custom scan (with rootkit check) normally takes 2 hours, but this afternoon, I aborted the scan at almost 4 hours. I have it running, and it's bog slow; maybe halfway through the files at 2.5 hours.

Haven't tried disabling MSE just yet...

Were you able to try disabling real-time scanning in MSE and did that work for you?

 

12 hours ago, itlifesaver said:

It only seems to be Windows 7 (64 bit? unconfirmed, but all ours were) effected, we did not get any calls from clients with Windows 10 and MBAM complaining.

It happens after MSE updates to the latest definition. PC must have MBAM installed, in our case it is MBAM Business.

It slows down and eventually locks up the PC. It appears to be a memory leak type issue, and/or a CPU utilization, or some other OS resource exhaustion. The PC eventually becomes unusable and unresponsive. You can see many event log messages with "fault bucket" and talking about the MSE process. Perhaps MBAM is killing or disrupting the MSE scanning?

Booting into safe mode (or before the PC crashes) and disabling MSE real time scanning works around the issue. As does removing MBAM. It is definitely a conflict between the two.

Thanks for sharing and confirming the workaround.

 

9 hours ago, goatmale said:

We did this - I have had reports that this doesn't work - users are still experiencing issues until Malware Bytes Anti-Exploit is disabled. Just wanted to share our experience.

To confirm, are you saying you had to disable real-time scanning in MSE and disable MBAE on all machines or just some where disabling real-time scanning in MSE didn't work?

 

52 minutes ago, Lygoldstein said:

Any updates I have hundreds of users down.  Would like to have this resolved before Monday!!

Have you tried our suggested workaround of disabling real-time scanning in MSE?

[Malwarebytes and Microsoft Security Essentials conflicts]

We can just now confirm a workaround is disabling Microsoft Security Essentials' real-time scanning (in normal or safe mode). We're still troubleshooting and will provide updates here as we learn more.

[Malwarebytes and Microsoft Security Essentials conflicts]

Just now, goatmale said:

Mike - our organization is also having this issue.

Please let me know what we can do to help. We are running Windows 7 SP1 x64 machines with Microsoft Endpoint Protection managed via SCCM 2012. For some of the machines, disabling Microsoft's real-time scanning resolved the issue. On others, we have had to disable Anti-Exploit to get this working again.

 

Would it help to open a support case? or is this the best place to get further updates? Let me know if I can provide any information.

Thanks,

Really appreciate your offer, @goatmale. No need to open a support case (unless you want to). We'll be posting our updates here.

 

6 minutes ago, sueska_mb said:

Having similar issues that other have reported. Running Windows 7 Pro, MSE, & MBAM Pro paid version 1.75.0.1300. Window updates done on 11-15-16 without issue. Updated MBAM and MSE this morning. Problems surfaced during reboot of windows.

PC nearly inoperable with difficulties booting into windows (hanging at the welcome screen) and once at desktop OS was non-responsive. Example when right clicking on desktop icon it took 3-5 minutes for menu to open.  OS became fully operable after disabling active protections of MBAM.

Once OS was stable, did some testing, using deep freeze program. Also running MBAE, but enabling MBAE application alone does not cause any issues. OS was stable until I enable MBAM filesystem protection and attempt to run MSE scan. I suspect rebooting windows would also present issues based on earlier experience. Unable to retest. Planning to not use affected PC, until issues resolved.

Thanks for sharing, @sueska_mb.

[Malwarebytes and Microsoft Security Essentials conflicts]

40 minutes ago, SteveRies said:

We are having massive issues right now with this at one of our clients.

We have 120+ PC's with Malwarebytes Business on them, Got reports this morning that several machines were locking up.
The issue spread like a wild fire through the business. We have spent the entire day trying to narrow the issue down because it also seems to have something to do with an MS Office 365 update.
On some machines we are able to disable MBB (Malwarebytes Business) let the MS Office update finish running and then turn MBB back on with no issues.
However on many of the PC's we are unable to turn MBB back on at all or it crashes and locks up the entire PC.

We are also running MSSE MS Security Essentials.
I opened a tag with MB Support just now...

We need answers QUICK! This is a large business and this has ground them to a halt today!!!
~Steve~

 

Thanks for sharing your details. We are still trying to track this down. We also have a line open with Microsoft and we're actively discussing it with them.

[Microsoft Security Essentials conflit]

We're actively troubleshooting right now. Locking this thread and directing everyone here: 

 

[Malwarebytes and Microsoft Security Essentials conflicts]

We're hearing reports of conflicts between Malwarebytes Anti-Malware and / or Malwarebytes Anti-Exploit and Microsoft Security Essentials (MSE) or Microsoft System Center Endpoint Protection (SCEP). We have created a KB article to help resolve this conflict: https://support.malwarebytes.com/customer/portal/articles/2650097--malwarebytes-and-microsoft-security-essentials-conflicts?b_id=6442

If needed, a copy of the KB article's solution steps are included below.

Solution:

Spoiler

Issue: Malwarebytes Anti-Malware (MBAM) 1.x + Microsoft Security Essentials/System Center Endpoint Protection causing lockup after Security Essentials update
 
Affected Products:

• Malwarebytes Anti-Malware 1.80
• Malwarebytes Anti-Malware 1.75

 
Affected Microsoft Antivirus Products:

• Microsoft Security Essentials (MSE)
• Microsoft System Center Endpoint Protection (SCEP)

 
 
Initial Findings: The lockup was introduced when MSE and SCEP virus definitions were updated to versions 1.233.56.0 and onwards.  After this update, MSE/SCEP seems to lock up when scanning certain system files that is also triggering MBAM to scan the said files.
 
Solution: Adding the following files as both Excluded Files and Excluded Processes inside of your affected Microsoft Antivirus Product:

• If your computer is responsive, complete steps 1-8
• If your computer is unresponsive, wait 10-15 minutes for it to become responsive and then complete steps 1-8
• If after waiting 10-15 minutes and your computer is still unresponsive, boot to Safe Mode and complete steps 1, 3-6 and then 8

Alternatively, you can immediately boot into Safe Mode and complete steps 1, 3-6 and then 8.

1. Open MSE/SCEP
2. Disable Real-Time Protection: Settings -> Real-Time Protection
3. Exclude files: Settings -> Excluded files and locations and add all the files below
   1. Note: make sure to use the full path to the file
4. Click Save Changes
5. Exclude processes: Settings -> Excluded processes and add all the files below
   1. Note: make sure to use the full path to the file
6. Click Save Changes
7. Re-Enable Real-Time Protection: Settings -> Real-Time Protection
8. Reboot computer into Normal Mode

It is best to copy/paste the exclusions when adding them. We have seen issues when using the short filename convention and/or environment variables (%programfiles% mapping to “C:\Program Files\” instead of “C:\Program Files (x86)\” or vice versa).

If you’re copying all exclusions at once, be sure to include the required semicolon after each entry.
 

Managed client:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe
• C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
• C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
• C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe
• C:\Program Files\Malwarebytes' Managed Client\SCComm.exe

For x64 installations:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe
• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe
• C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe

Standalone Malwarebytes Anti-Malware client:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe

For x64 installations:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe

Standalone Malwarebytes Anti-Exploit client:

• C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
• C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
• C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe

For x64 installations:

• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
• C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe

 

[[RESOLVED] Not receiving Forum notification emails]

Just now, Aura said:

Replied and I didn't receive a PM notifying me of your reply in this thread, nor of the PM you sent me.

Same here. I'm going to open a ticket with IPS now. Thanks for alerting us!

[[RESOLVED] Not receiving Forum notification emails]

Just now, Aura said:

I still receive them, however I received an email for a reply I got to a PM 3 days ago this morning only.

Going to test this with you. Sending you a PM now. Can you respond back to that?

[FileASSASSIN is still not sign yet ?]

Thanks for always checking on our stuff, @Gt-truth! Similar to the other tools thread, it's simply not a priority right now for us.

[malwarebytes Rescue Disk]

7 hours ago, Gt-truth said:

By any chance can we get a rescue disk ?  a rescue disk is for UN-bootable system to scan for malware and to repairs thing ?  

this is just my idea ,

Hi @Gt-truth. We have discussed this idea a few times in the past but have not yet dedicated resources towards it. Right now it's not something we're going to focus on.

[How to get a list of startups detected by StartUpLite]

20 minutes ago, GdG said:

Hello

How can I get the list of startups found by StartUpLite?

 

Welcome to our forums! It appears the link within the app is double broken (extra slash and using an old URL format). You can see it here: 

Side note: we are not actively maintaining StartUpLite.

[Feature Suggestions for File Assassin (Folders and Fixing Permissions)]

52 minutes ago, IgorDotNinja said:

I messed up some permissions on some files and folders, so i downloaded file assassin ( i used it before for some issues ) , fileassassin could not  delete the files.

I fixed the problem by downloading "NTFS Access" ( http://www.zeus-software.com/downloads/ntfsaccess ) and that fixed the permissions of the folders, granted me full access to the folders/files, and then i could delete the programs manually.

So i have a few suggestion for FileAssassin:

- Deleting folders also

- Using the things that NTFSAccess does to grant permissions to the folders/files recursively, and that makes me the full owner of the files, and that will allow the program to delete the files.

Thanks for the suggestion, @IgorDotNinja! Right now we've paused development on FileASSASSIN. If we start up again, we'll review your suggestion a bit more.

[[RESOLVED] Possibility to "enlarge" the forum cover zone?]

21 minutes ago, Firefox said:

This includes the layout when in a PM, you do not get so see all options unless you stretch out you window across several screens. So annoying when you need to use one of the menu items.

Are you talking about the toolbar? That's a different setting in the ACP and they use the concept of small, medium and large (toolbars). It's also an all-or-none setting where if you adjust the "small" toolbar it affects all aspects using the small toolbar (e.g. mobile editor for post replying, PMs in full view).

The challenge is the PM toolbar forces a smaller bar even though it might not need to do so. When we last looked at this (also around the v4 update), we could not adjust it. We'll look at this again.

[[RESOLVED] Possibility to "enlarge" the forum cover zone?]

You did! We looked at this during the initial move to IPS 4 but opted to not do it as we wanted to keep as many variables set to default as possible so we could better learn the new software.

There's a built-in setting to expand the layout but that didn't quite meet our needs when we last looked at it. We'll look at this again and report back.

cc @AlexSmith

[JRT not creating restore point]

22 hours ago, nukecad said:

Fair enough, it is fine that JRT just does it's stuff with only the one prompt to proceed.

I was just thinking that if someone runs it daily then the only restore points on their system will be the ones created by JRT each day, as the older ones drop off the bottom of the list.

I wondered if it might be preferable for some users to be able to switch off the JRT restore point creation, and have a few of the older restore points still available, just in case.

 

As I say it was just a thought.

Ah, got it. As @Aura said, we don't recommend using JRT on a daily basis or from a prevention standpoint. Well, unless you're getting infected every day!

 

2 hours ago, digmorcrusher said:

Correct me if I'm wrong but I seem to remember the last time I used JRT that it does not give the user any choices as to what to remove, anything detected is remove automatically. So if this is the case then I would think its imperative that a restore point is made first in the case any false positives are detected. Giving the user that choice could result in some borked machines if something was deleted that shouldn't be and no restore point was made.

 

2 hours ago, Aura said:

JRT still doesn't ask for permission to remove what it detects, it removes everything it finds. I think it has always been like that.

Yep, @Aura once again is correct!

 

3 minutes ago, tacua said:

I ran JRT and it again makes restore points.  I really liked the fact that your program made restore points, often times when I've done a system restore JRT's restore points are the ones that I used.  Thanks for your great products.

Great to hear! Thanks for letting us know. We too are glad @thisisu made JRT!

[JRT not creating restore point]

21 hours ago, Aura said:

Nice to see that JRT can still receive that much work! Good job guys

 

3 hours ago, Firefox said:

thanks for the new version...keep the good tools coming...

You bet!

31 minutes ago, nukecad said:

Restore point creation working again here: Win 10 home, v 1607, build 14393.222

Slightly peripheral; but have you considered giving the user a Y/N option as to creating the restore point or not?

Thanks for sharing your results. Yeah, we have discussed this a few times but decided against it as we didn't want to disrupt the automated process.

What would you prefer it do?

[JRT not creating restore point]

We've deployed JRT 8.0.9! You should receive the new build via the updater within JRT or you can download it directly.

Release notes: https://forums.malwarebytes.org/topic/189059-junkware-removal-tool-jrt-809-released/

@tacua - please try the new version and let us know if it's working for you.

[JRT not creating restore point]

We've completed our in-depth testing and it's ready! We'll be uploading JRT 8.0.9 a bit later today. Watch for the announcement here.

Also, here's a quick overview of what happened and how we addressed the issue.

With the latest builds of Windows 10, Microsoft made a small change to their restore point creation API that can potentially cause a restore point to be abandoned if the requesting process exits before Windows has finalized the restore point.  The operating system notifies older builds of JRT (and even some Microsoft utilities) that a restore point is ready *slightly before* it is actually done creating it.  When the timing lines up just right, Windows falsely assumes the process that requested the restore point has crashed, and it should cancel and delete the restore point.

To mitigate this new behavior, we’ve expanded the restore point creation process in JRT into two steps:

1. We request a restore point to be created by the OS
2. We verify the restore point was created successfully via WMI

You'll see this new two-step process outputted to the command window while using JRT. If we run into an issue, you'll be presented this information and have the choice to continue or exit JRT.

If you need to use the restore point JRT created, look for "JRT Pre-Junkware Removal" (type will be "Manual" and that's as designed). 

Please note this potential issue with restore point creation does not affect the rest of JRT.

Thanks for being patient with us as we tracked this down and fixed it!

[JRT not creating restore point]

Hello! Today we completed a ton of testing on the new build of JRT. This initial testing went well and we have one more round scheduled for tomorrow. If that goes well, we should be able to get this deployed later in the day.

[New ToS/ToU ( aka Guidelines )]

Thanks for your feedback, @David H. Lipman. Our legal team is reviewing this and I'll share the details once we know more.