Jump to content

dont_touch_my_buffer

Members
  • Posts

    153
  • Joined

  • Last visited

Everything posted by dont_touch_my_buffer

  1. @exile360 I did not upload logs, dumps, etc., nor did disabling the self-protection module helped. The files are huge and I am hesitant to upload all of that data about my system to "WeTransfer" without knowing what's in the files and where it'll end up. Yes, I could research where the files end up, privacy policies, etc., but I already spent too much time on this problem. The issue had been resolved anyway, Malwarebytes was uninstalled and system performance restored to where it should be. I'll be back again next year to test the future Malwarebytes version, will not drop the three device license. I do appreciate you trying to help me, it's not you, it's me...
  2. Thanks excile... Disabling modules didn't help, for that matter, just disabling MBAM service didn't help either. I did uninstall/reinstall MBAM, but it made it worse, if anything... Procmon shows a lot of "PATH NOT FOUND" for MBAM, when trying to replicate network connections with Word: I am not certain why these error messages from MBAM? My system has six internal drive, two of the SSD drives have Windows 10 installed, Disk 0 and Disk 1. The latter one has MBAM and Office '13, while on Disk 0 there's no MBAM and has Office '10 installed. Maybe MBAM is getting confused and looking for the path on Disk 0? It's unlikely, but possible.... Here is the Word start up time for MS Word, with the reinstalled MBAM: 1.9816 1.0359 1.0330 1.0156 The same for MS Excel: 1.1391 0.8267 0.7938 0.8176 Opening documents from network shares has also increased, now around 7 - 8 seconds...
  3. @exile360 Well, third-party A/V is no longer in the picture. It really makes me curious what could cause the network delay? I'll try disabling Ransomware protection and see what happens... Thanks...
  4. @LiquidTension So, the recommendation did change, thanks... Some details of the system in question... The OS is Windows 10 Pro 64-bits, version 1809 (OS bui;ld 17763.253), with Malwarebytes 3.6.1.271 with the latest component package. MBAM and Vipre on the same system seemingly caused some conflict, based on the application startup time for both from a local drive and from networked resource. As suggested, Vipre had been uninstalled. After rebooting the system, Windows Defender A/V activated itself with MBAM active, the applications had been retested. Opening a word document improved and shown below: 2.4065 0.9997 0.9895 1.0071 That's pretty much on paar with Vipre, when it's been the only third-party A/V that was active prior to removing it. Unfortunately, it did not fix the issue of opening documents from a networked resource. While there are no issues with browsing the network, just as fast as it used to be prior to MBAM, opening Word documents take 6 - 8 seconds, measured by stopwatch. Excel on the other hand takes more than twice as long to startup, when the spreadsheet opened from the local drive, With Vipre only on the same system Excel started up in a third of a second: 0.3898 0.3653 0.3741 0.3586 Excel with MBAM and WD A/V: 1.2636 0.7804 0.7960 0.7867 Opening Excel spreadsheet from network share is marginally better than Word documents, 4 - 5 seconds passes by before the spreadsheet is opened. The LAN is fully switched, gigi network, that had no issues prior to MBAM and it still does not. Disabling Windows firewall did not seem to matter, opening the file from network share still took a long time. Exclusions for Windows Defender A/V didn't help either, from an older link below: https://forums.malwarebytes.com/topic/200162-exclusions-for-windows-defender-users/ Is there anything else that can be done for removing the delay for opening documents from the network shares? As a reminder... There had been no issues with application startup time, be that local or from network share, LAN, regardless if the firewall had been active or not. TIA...
  5. As a follow up to the year old posting below: I did remove Malwarebytes 3.3.1.2183 last February and left Vipre only for protection against malware. The yearly renewal for Malwarebytes license arrived and reminded me to test the performance again. Installed MBAM 3.6.1.271 with the latest component package next to Vipre 11.0.3.20. The test results for MS Word 2013 are even worse than they have been with the year old version of Malwarebytes: 6.6401 5.0041 4.9077 4.9388 Was there a change in supporting/recommending "traditional" A/V solutions with Malwarebytes? Do you recommend having Malwarebytes the only security protection for the system and remove Vipre? TIA...
  6. I have installed the 3.4 beta premium on my Windows Pro, 64-bit PC released version, with Vipre AV, mainly to test the performance improvement. The applications did load faster, about 30-40% faster than the version 3.3.x, but did not measure the improvement. There was really no time for testing, the system locked up after about ten minutes. The 3.4 version was uninstalled and the leftover cleaned up by mb-clean. Yes, beta software can do this and that's fine. Hopefully, it is addressed in the final version...
  7. While I disagree with your statement... Would you admit that Malwarebytes software is slow, if I reinstall Malwarebytes, remove Vipre from my system, and the test results still indicate ~300% performance hit when Malwarebytes enabled? The answer is probably no, you probably would ask for reinstalling Windows... And keep in mind what Malwarebytes said about other AVs: They may have changed their stance for market reason, but do not guarantee that you don't need AV... Beefy or not, all system will experience some performance hit with layered protection. The question is the magnitude of the performance hit and that's where Malwarebytes has disadvantage vs. others from my perspective. And don't take me wrong, I do believe that Malwarebytes protection is excellent, I've been using it for couple of years. The gradual slowing down applications load time started couple of month ego and as of late, it was unacceptable. My guess is that Malwarebytes did not account for Windows built-in memory protections and there's a conflict, if and when the application started that causes the delay. Trying to disable these memory protections in Anti-exploit portion of MBA used to work, but it does not have the same effect now. After uninstalling MBA, downloaded, installed the Beta version of the Anti-Exploit and it had been worse than the full install of MBA, that includes Anti-Exploit. Yes, I know, Beta software, but still... And just as AV can be bypassed, so can be Malwarebytes: So you do need layered protection....
  8. I did not completely uninstalled Vipre and the computer restarted, simply disabled the services; here's the results: C:\Program Files\internet explorer\iexplore.exe - 4 executions 0.5463 0.4995 0.4994 0.5002 And here's the results with Vipre enabled from my earlier post: C:\Program Files\internet explorer\iexplore.exe - 3 executions 0.6554 0.5461 0.5463 This level of performance impact is acceptable in my view, certainly much less than the "<2 seconds of extra time to bootup these programs is expected and is within the threshold we consider to be adequate." for Malwarebytes 3.3.1 Completely uninstalling/rebooting may, or may not result in an other ~0.1 seconds improvement.
  9. Your product team seems to be inadequate, if they believe that 300% increase in program bootup time is adequate in year 2018. In the year where 4-6 core CPUs on desktop, SSD and/or PCIe x4 NVMe drives and even fast memory are the norm, they still hang on the old/archaic software model that will make the up to date system feel like it's back in the late 90's, or early 2000s. I do not accept any security product to decrease my system's performance by 300%, nor should anyone. I'll keep my licenses for the time being and may try the MBA version 4.x in the unlikely event, that the current product team will be able to come up with a product that does not increase the program bootup time substantially. There's always a chance....
  10. Here's the results of all five disabled, but MBAM service running: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - 3 executions 2.1395 2.1090 2.1090 That's worse than all five enabled and here's the results for MBAM service disabled: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - 3 executions 0.7028 0.7339 0.7339 One thing worth mentioning. This Windows 10 is an update from Windows 8.1, 64-bits. Should I uninstall/reinstall MBAM? Maybe some of the settings/files from Windows 8.1 are not correct to Windows 10.
  11. I've done some testing, changed the advanced anti-exploit settings, just disabled protection one-by-one and all four. While disabling all four does improves the startup time, the improvement isn't to the level of disabling MBA service. Individually disabling the protections seemingly had not improved the delay.
  12. Here's MS Office 2013 Excel startup performance with MWB enabled: C:\Program Files\Microsoft Office\Office15\EXCEL.EXE - 3 executions 1.3639 0.4440 0.4460 And with MWB disabled: C:\Program Files\Microsoft Office\Office15\EXCEL.EXE - 3 executions 0.1867 0.1704 0.1760 And I could go on with other programs, not just MS Office apps on the system. The overall performance of the system is noticeably degraded, even managing the system, such as changing setting, opening event viewer are impacted. The opening apps time progressively increased, if and when MWB service is left active. Operational wise, MWB works just fine, it's the performance hit that unacceptable. As such, MWB is disabled on my system, while it had been uninstalled from the new Windows 10 PC. While I understand the security software will have a hit on the system and applications performance, the level of decrease in performance is not acceptable. And I just renewed the licenses at the beginning of the month...
  13. My system had marginal improvement, IE11 startup with MWB disabled: C:\Program Files\internet explorer\iexplore.exe - 3 executions 0.6554 0.5461 0.5463 Enabling MWB results in this: C:\Program Files\internet explorer\iexplore.exe - 3 executions 1.7342 1.7028 1.6556 Disabling Web Shield shows this: C:\Program Files\internet explorer\iexplore.exe - 3 executions 1.6927 1.6715 1.6692 The values are in seconds, each tests included opening/closing IE three times. The first opening in each tests has the highest value, the minor decrease by the subsequent starting might be due for Windows cashing the program in the memory.
  14. Windows 10 Professional, 64-bits with Malwarebytes 3.3.1.2183, running on a system with i5-330P CPU, 16 GBs memory and Samsung EVO SSD. The system also has Vipre Antivirus version 9.3.4.3. The system runs just fine, no issues with Malwarebytes except performance. If and when Malwarebytes protection enabled, MS Office applications, such as Word and Excel, have a substantial delay staring up. I've measured the the time it takes to start up with PassMark AppTimer V1.0 build 1010. With Malwarebytes active, this is the time it showed: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE 0.9636 That's one second that gets even a lot worse, if and when the word document is opened from a network share. Subsequent opening a different word document has no delays, as long as the first document is open. If it's closed, the delay is there. Stopping and disabling the "Malwarebytes Service" in services and re-running the test shows this: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE 0.1556 That's about six times faster, than the previous test and opening up word document from network share is just as fast. Excel shows the same delay at startup, if Malwarebytes enabled. I've just built a system with an i5-8400 CPU, 16 Gbs memory and Samsung NVMe EVO drive with Windows 10 Professional, 64-bits. Adding Malwarebytes slowed the MS applications the same way on this system too. Both systems have licensed installation, as shown in the attached image. Question... Is there a reason why MS Office apps are slowed down with Malwarebytes, at times to a crawl? Windows 10 has a number of built-in memory protections for apps. Could the some of the Malwarebytes memory protection, in "Advance Settings\Advanced Memory Protection" causing the conflict that slows the apps start up time down? TIA... PS: Internet Explorer 11 has an even worse start up time with Malwarebytes...
  15. It was neither... As stated previously, my scheduled scan runs on 15th of every month and I did not initiate a manual scan on June 04. I only do manual scan after major version updates and/or suspicions arise.The fact that MWB initiated on its own still troubles me. Yeah, I like to control what's going on on my system... What is the file you are looking for? TIA...
  16. In my scheduled scan, these options had already been configured: With real-time protections via number of different security protection active, I am not a believer of scheduling scans frequently There's little reason to do so, especially with SSD drive.... I understand why modifying the LSA keys cannot be stopped. Seeing how MB did it and the local authentication of the end user did not break, I guess it's OK. What I don't understand is why a dormant PUP in the download folder triggers this? It's not like that this PUP had been installed, active and detected by the scan As the matter of fact, the file in question is an archived/compressed file that had been downloaded about a week ego. Ever since it's been sitting there dormant, I forgot about it until MB detected the file as PUP. Interestingly, MB did not flag this file a week ego, when it was downloaded and saved. Go figure..
  17. The system in question is Windows 8.1 Professional, 64-bit OS... After starting up this system, the uncontrollable startup scan had found a PUP in my download folder: The file in question had been in the download folder for about a week, I am not certain why MB had found it today? Promptly, MB had quarantined the file in question, which is fine. What is not fine is that MB restarted the PC, after popping up a red warning in the system tray. The warning could not be captured, since it had been displayed for less than second and the system reboot started. Looking at the logs showed that MB had modified "Lsa" registry entries: Couple of questions: Is there any ways to stop system scanning at start up? Why a PUP detection results in a system shutdown, without giving time for saving documents and other work related programs? What is the purpose for rewriting LSA registry settings and can it be disabled?
  18. MB protection for Firefox includes the add-ons as well, no need to add it separately. Keep in mind that it is for the Thunderbird add-ons and not for the actual Thunderbird email program. If Firefox is not running and you run the Thunderbird program, MB will not protect it. You can add the Thunderbird program to MB protection, as a custom rule, just select the program type as "Browser". That's what I do with Outlook, not part of the default "Protected Applications"...
  19. Update... The Exploit protection did start up this morning. On the flip-side, the web protection did not start up this morning. Do you need the logs again? TIA...
  20. I'd say that the SSD in my W7 system is pretty fast too: The i5 CPU (up to 3.7 GHz) and G.Skill PC3-12800H are no slouch either. They may not be as fast as your system components, but the difference between the two should not result 3x longer system scan. My guess is that the system settings differences between the two might be the more likely reason for this. For example, in my systems the page file is disable among other changes. Isn't really an issue for me since the scheduled scan takes time once a month at off hours anyway. I've just happen to notice the performance difference between W7 and 8.1, after installing the beta version for both systems and running the initial scan manually.
  21. Based on the little information that you've provided, I can just guess... The chances are that MB did not remove the mackeeper fully, just disabled some of the offending functions in the program. Doing so probably broke some of the functionality of mckeeper that prevents the MacOS starting up. One of the functionality is encrypting files and if it had been enabled, that might be the root cause for the OS not starting. The booting routine cannot find/read the files that it needs to start. As a side note... Malwarebytes is right about mackeeper in my view, it is a scam and it includes PUP MUPs, popups, etc. How MB removes some of the functionality of this program is probably wrong... http://themacschool.blogspot.co.uk/2012/09/mackeeper-is-scam.html http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/ You could try booting your Mac in safe mode to see, if you can bypass the issue with MB disabled/the uninstalled programs: https://support.apple.com/en-us/HT201262 Once in safe mode, properly uninstall mackeeper, follow the instruction in the link above.
  22. Systems: W7 and 8.1, Professional 64-bits OSs, quad CPUs, 8 (W7) and 16GBs (W8.1), Samsung SSDs, MB 3.1.1 Starting the default "Threat Scan" manually in Windows 7 results in close to 100% CPU utilization. The system is sluggish, programs take long to load, the mouse pointer becomes jumpy and the scan completes in about six minutes: Starting the same default "Threat Scan" manually in Windows 8.1 results in variable CPU utilization, depending on the programs starting, or being used. The system is pretty much the same as without the scan running, the scan completes in about two minutes: Yes, there's a roughly 20% more files scanned in Windows 7, but it should not result in close to three times the time to complete the scan. Nor should it peg the CPU to close to 100% CPU utilization.... The two systems are running on different computers, not dual-booting on the same hardware. Is the performance difference between the two scans "it is what it is", or can that be fine tuned within MB?
  23. System: Windows 8.1 Professional, 64-bit OS MB version (licensed): 3.1.1.1722, Component package: 1.0.117, Update package: 1.0.1.1887 The MB 3.1.1 had been installed over the previous version 3.0.6 couple of days ego. The exploit protection worked just fine, until now. Manually starting results in quickly going back to "Off" position. mb-checkResult 05.07.17.txt logs_05.07.16.zip
  24. You seem to state that MB failing in "real world" test, but works just fine if there's some social engineering on the front end of the malicious URL.. Accessing the malware via a direct link, or via any other delivery method should have the same results as far as protection is concerned. At the end of the day, it is the malicious URL, accessed directly and/or by redirecting in the background, that delivers the payload. If your focus is on "spam, exploits and malvertisements", that could be a simple black listing URLs. If that's the case, that can quickly become a "whack-a-mole" game, just like the AV is. Provided that the MB real time web protection works reliably, but that's a whole other issue...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.