Jump to content

dont_touch_my_buffer

Honorary Members
  • Posts

    155
  • Joined

  • Last visited

Everything posted by dont_touch_my_buffer

  1. All three of my Windows 10 machine are running MB 5.0.x version. For me, the layout for the GUI is nice and ecstatically pleasing. The VPN ad from MB doesn't bother me, but that's just me. In a world of the 5/9/14 eyes countries, chose your VPN provider carefully, your VPN may not be as private as you think. Just like your ISP, VPN service providers can and a good number of them do log the access to the internet. https://www.vpnmentor.com/blog/understanding-five-eyes-concept/
  2. I took a sabbath from MB during the last couple years, changed how I run my desktops. In the meantime as a positive news, Malwarebytes got better and bigger, resulting in load balancing their servers for the increased demands. It's all good, thx for your help...
  3. I use IP addresses, not domain names. The list of domain names come back with different IPs, even within a short time period. I can get the IPs via the "dig", "nslookup", but that may not work. Even if the IPs would be added to the "host" file, since the IPs will change. I guess, I'll need to find a different way to resolve it. Thx for your help...
  4. Windows 10 desktop running MB v.5.x, outbound connections are controlled by the firewall.... Every time the MB updated, it throws the error bellow: Looking at the firewall logs shows, that the "C:\program files\malwarebytes\anti-malware\malwarebytes.exe" tries to connects to a number of IP addresses on port 443. Trying to add exception for the IPs works for the session so to speak, but next time it might be different IPs. Is there a block of IPs that should be allowed? Thx...
  5. @exile360 I did not upload logs, dumps, etc., nor did disabling the self-protection module helped. The files are huge and I am hesitant to upload all of that data about my system to "WeTransfer" without knowing what's in the files and where it'll end up. Yes, I could research where the files end up, privacy policies, etc., but I already spent too much time on this problem. The issue had been resolved anyway, Malwarebytes was uninstalled and system performance restored to where it should be. I'll be back again next year to test the future Malwarebytes version, will not drop the three device license. I do appreciate you trying to help me, it's not you, it's me...
  6. Thanks excile... Disabling modules didn't help, for that matter, just disabling MBAM service didn't help either. I did uninstall/reinstall MBAM, but it made it worse, if anything... Procmon shows a lot of "PATH NOT FOUND" for MBAM, when trying to replicate network connections with Word: I am not certain why these error messages from MBAM? My system has six internal drive, two of the SSD drives have Windows 10 installed, Disk 0 and Disk 1. The latter one has MBAM and Office '13, while on Disk 0 there's no MBAM and has Office '10 installed. Maybe MBAM is getting confused and looking for the path on Disk 0? It's unlikely, but possible.... Here is the Word start up time for MS Word, with the reinstalled MBAM: 1.9816 1.0359 1.0330 1.0156 The same for MS Excel: 1.1391 0.8267 0.7938 0.8176 Opening documents from network shares has also increased, now around 7 - 8 seconds...
  7. @exile360 Well, third-party A/V is no longer in the picture. It really makes me curious what could cause the network delay? I'll try disabling Ransomware protection and see what happens... Thanks...
  8. @LiquidTension So, the recommendation did change, thanks... Some details of the system in question... The OS is Windows 10 Pro 64-bits, version 1809 (OS bui;ld 17763.253), with Malwarebytes 3.6.1.271 with the latest component package. MBAM and Vipre on the same system seemingly caused some conflict, based on the application startup time for both from a local drive and from networked resource. As suggested, Vipre had been uninstalled. After rebooting the system, Windows Defender A/V activated itself with MBAM active, the applications had been retested. Opening a word document improved and shown below: 2.4065 0.9997 0.9895 1.0071 That's pretty much on paar with Vipre, when it's been the only third-party A/V that was active prior to removing it. Unfortunately, it did not fix the issue of opening documents from a networked resource. While there are no issues with browsing the network, just as fast as it used to be prior to MBAM, opening Word documents take 6 - 8 seconds, measured by stopwatch. Excel on the other hand takes more than twice as long to startup, when the spreadsheet opened from the local drive, With Vipre only on the same system Excel started up in a third of a second: 0.3898 0.3653 0.3741 0.3586 Excel with MBAM and WD A/V: 1.2636 0.7804 0.7960 0.7867 Opening Excel spreadsheet from network share is marginally better than Word documents, 4 - 5 seconds passes by before the spreadsheet is opened. The LAN is fully switched, gigi network, that had no issues prior to MBAM and it still does not. Disabling Windows firewall did not seem to matter, opening the file from network share still took a long time. Exclusions for Windows Defender A/V didn't help either, from an older link below: https://forums.malwarebytes.com/topic/200162-exclusions-for-windows-defender-users/ Is there anything else that can be done for removing the delay for opening documents from the network shares? As a reminder... There had been no issues with application startup time, be that local or from network share, LAN, regardless if the firewall had been active or not. TIA...
  9. As a follow up to the year old posting below: I did remove Malwarebytes 3.3.1.2183 last February and left Vipre only for protection against malware. The yearly renewal for Malwarebytes license arrived and reminded me to test the performance again. Installed MBAM 3.6.1.271 with the latest component package next to Vipre 11.0.3.20. The test results for MS Word 2013 are even worse than they have been with the year old version of Malwarebytes: 6.6401 5.0041 4.9077 4.9388 Was there a change in supporting/recommending "traditional" A/V solutions with Malwarebytes? Do you recommend having Malwarebytes the only security protection for the system and remove Vipre? TIA...
  10. I have installed the 3.4 beta premium on my Windows Pro, 64-bit PC released version, with Vipre AV, mainly to test the performance improvement. The applications did load faster, about 30-40% faster than the version 3.3.x, but did not measure the improvement. There was really no time for testing, the system locked up after about ten minutes. The 3.4 version was uninstalled and the leftover cleaned up by mb-clean. Yes, beta software can do this and that's fine. Hopefully, it is addressed in the final version...
  11. While I disagree with your statement... Would you admit that Malwarebytes software is slow, if I reinstall Malwarebytes, remove Vipre from my system, and the test results still indicate ~300% performance hit when Malwarebytes enabled? The answer is probably no, you probably would ask for reinstalling Windows... And keep in mind what Malwarebytes said about other AVs: They may have changed their stance for market reason, but do not guarantee that you don't need AV... Beefy or not, all system will experience some performance hit with layered protection. The question is the magnitude of the performance hit and that's where Malwarebytes has disadvantage vs. others from my perspective. And don't take me wrong, I do believe that Malwarebytes protection is excellent, I've been using it for couple of years. The gradual slowing down applications load time started couple of month ego and as of late, it was unacceptable. My guess is that Malwarebytes did not account for Windows built-in memory protections and there's a conflict, if and when the application started that causes the delay. Trying to disable these memory protections in Anti-exploit portion of MBA used to work, but it does not have the same effect now. After uninstalling MBA, downloaded, installed the Beta version of the Anti-Exploit and it had been worse than the full install of MBA, that includes Anti-Exploit. Yes, I know, Beta software, but still... And just as AV can be bypassed, so can be Malwarebytes: So you do need layered protection....
  12. I did not completely uninstalled Vipre and the computer restarted, simply disabled the services; here's the results: C:\Program Files\internet explorer\iexplore.exe - 4 executions 0.5463 0.4995 0.4994 0.5002 And here's the results with Vipre enabled from my earlier post: C:\Program Files\internet explorer\iexplore.exe - 3 executions 0.6554 0.5461 0.5463 This level of performance impact is acceptable in my view, certainly much less than the "<2 seconds of extra time to bootup these programs is expected and is within the threshold we consider to be adequate." for Malwarebytes 3.3.1 Completely uninstalling/rebooting may, or may not result in an other ~0.1 seconds improvement.
  13. Your product team seems to be inadequate, if they believe that 300% increase in program bootup time is adequate in year 2018. In the year where 4-6 core CPUs on desktop, SSD and/or PCIe x4 NVMe drives and even fast memory are the norm, they still hang on the old/archaic software model that will make the up to date system feel like it's back in the late 90's, or early 2000s. I do not accept any security product to decrease my system's performance by 300%, nor should anyone. I'll keep my licenses for the time being and may try the MBA version 4.x in the unlikely event, that the current product team will be able to come up with a product that does not increase the program bootup time substantially. There's always a chance....
  14. Here's the results of all five disabled, but MBAM service running: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - 3 executions 2.1395 2.1090 2.1090 That's worse than all five enabled and here's the results for MBAM service disabled: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE - 3 executions 0.7028 0.7339 0.7339 One thing worth mentioning. This Windows 10 is an update from Windows 8.1, 64-bits. Should I uninstall/reinstall MBAM? Maybe some of the settings/files from Windows 8.1 are not correct to Windows 10.
  15. I've done some testing, changed the advanced anti-exploit settings, just disabled protection one-by-one and all four. While disabling all four does improves the startup time, the improvement isn't to the level of disabling MBA service. Individually disabling the protections seemingly had not improved the delay.
  16. Here's MS Office 2013 Excel startup performance with MWB enabled: C:\Program Files\Microsoft Office\Office15\EXCEL.EXE - 3 executions 1.3639 0.4440 0.4460 And with MWB disabled: C:\Program Files\Microsoft Office\Office15\EXCEL.EXE - 3 executions 0.1867 0.1704 0.1760 And I could go on with other programs, not just MS Office apps on the system. The overall performance of the system is noticeably degraded, even managing the system, such as changing setting, opening event viewer are impacted. The opening apps time progressively increased, if and when MWB service is left active. Operational wise, MWB works just fine, it's the performance hit that unacceptable. As such, MWB is disabled on my system, while it had been uninstalled from the new Windows 10 PC. While I understand the security software will have a hit on the system and applications performance, the level of decrease in performance is not acceptable. And I just renewed the licenses at the beginning of the month...
  17. My system had marginal improvement, IE11 startup with MWB disabled: C:\Program Files\internet explorer\iexplore.exe - 3 executions 0.6554 0.5461 0.5463 Enabling MWB results in this: C:\Program Files\internet explorer\iexplore.exe - 3 executions 1.7342 1.7028 1.6556 Disabling Web Shield shows this: C:\Program Files\internet explorer\iexplore.exe - 3 executions 1.6927 1.6715 1.6692 The values are in seconds, each tests included opening/closing IE three times. The first opening in each tests has the highest value, the minor decrease by the subsequent starting might be due for Windows cashing the program in the memory.
  18. Windows 10 Professional, 64-bits with Malwarebytes 3.3.1.2183, running on a system with i5-330P CPU, 16 GBs memory and Samsung EVO SSD. The system also has Vipre Antivirus version 9.3.4.3. The system runs just fine, no issues with Malwarebytes except performance. If and when Malwarebytes protection enabled, MS Office applications, such as Word and Excel, have a substantial delay staring up. I've measured the the time it takes to start up with PassMark AppTimer V1.0 build 1010. With Malwarebytes active, this is the time it showed: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE 0.9636 That's one second that gets even a lot worse, if and when the word document is opened from a network share. Subsequent opening a different word document has no delays, as long as the first document is open. If it's closed, the delay is there. Stopping and disabling the "Malwarebytes Service" in services and re-running the test shows this: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE 0.1556 That's about six times faster, than the previous test and opening up word document from network share is just as fast. Excel shows the same delay at startup, if Malwarebytes enabled. I've just built a system with an i5-8400 CPU, 16 Gbs memory and Samsung NVMe EVO drive with Windows 10 Professional, 64-bits. Adding Malwarebytes slowed the MS applications the same way on this system too. Both systems have licensed installation, as shown in the attached image. Question... Is there a reason why MS Office apps are slowed down with Malwarebytes, at times to a crawl? Windows 10 has a number of built-in memory protections for apps. Could the some of the Malwarebytes memory protection, in "Advance Settings\Advanced Memory Protection" causing the conflict that slows the apps start up time down? TIA... PS: Internet Explorer 11 has an even worse start up time with Malwarebytes...
  19. It was neither... As stated previously, my scheduled scan runs on 15th of every month and I did not initiate a manual scan on June 04. I only do manual scan after major version updates and/or suspicions arise.The fact that MWB initiated on its own still troubles me. Yeah, I like to control what's going on on my system... What is the file you are looking for? TIA...
  20. In my scheduled scan, these options had already been configured: With real-time protections via number of different security protection active, I am not a believer of scheduling scans frequently There's little reason to do so, especially with SSD drive.... I understand why modifying the LSA keys cannot be stopped. Seeing how MB did it and the local authentication of the end user did not break, I guess it's OK. What I don't understand is why a dormant PUP in the download folder triggers this? It's not like that this PUP had been installed, active and detected by the scan As the matter of fact, the file in question is an archived/compressed file that had been downloaded about a week ego. Ever since it's been sitting there dormant, I forgot about it until MB detected the file as PUP. Interestingly, MB did not flag this file a week ego, when it was downloaded and saved. Go figure..
  21. The system in question is Windows 8.1 Professional, 64-bit OS... After starting up this system, the uncontrollable startup scan had found a PUP in my download folder: The file in question had been in the download folder for about a week, I am not certain why MB had found it today? Promptly, MB had quarantined the file in question, which is fine. What is not fine is that MB restarted the PC, after popping up a red warning in the system tray. The warning could not be captured, since it had been displayed for less than second and the system reboot started. Looking at the logs showed that MB had modified "Lsa" registry entries: Couple of questions: Is there any ways to stop system scanning at start up? Why a PUP detection results in a system shutdown, without giving time for saving documents and other work related programs? What is the purpose for rewriting LSA registry settings and can it be disabled?
  22. MB protection for Firefox includes the add-ons as well, no need to add it separately. Keep in mind that it is for the Thunderbird add-ons and not for the actual Thunderbird email program. If Firefox is not running and you run the Thunderbird program, MB will not protect it. You can add the Thunderbird program to MB protection, as a custom rule, just select the program type as "Browser". That's what I do with Outlook, not part of the default "Protected Applications"...
  23. Update... The Exploit protection did start up this morning. On the flip-side, the web protection did not start up this morning. Do you need the logs again? TIA...
  24. I'd say that the SSD in my W7 system is pretty fast too: The i5 CPU (up to 3.7 GHz) and G.Skill PC3-12800H are no slouch either. They may not be as fast as your system components, but the difference between the two should not result 3x longer system scan. My guess is that the system settings differences between the two might be the more likely reason for this. For example, in my systems the page file is disable among other changes. Isn't really an issue for me since the scheduled scan takes time once a month at off hours anyway. I've just happen to notice the performance difference between W7 and 8.1, after installing the beta version for both systems and running the initial scan manually.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.