Jump to content

exile360

Experts
  • Content Count

    29,969
  • Joined

  • Last visited

  • Days Won

    32

Posts posted by exile360

  1. The only public info I'm aware of regarding Malwarebytes' communications/updates etc. can be found in this support article, though it only references updates and licensing; I do not know how items for the marketing module are pushed out, however I do know that there are multiple database files that get pulled down with updates along with any config file updates so it is likely that any changes to the marketing module come down with them, but all of that data is encrypted within the databases and configuration files as far as I know.

  2. Greetings,

    I don't believe the Excel add-in has any control over the information in the actual Nebula console; it's just an export of that information, so making changes to the spreadsheet won't impact the information stored in the console itself.  That said, you should be able to manage and remove endpoints via the options documented in this support article as well as this support article.

    The full administration guide for Nebula can be found here for reference.

    I hope this helps and if there is anything else we might assist you with please let us know.

    Thanks

  3. That's unfortunate.  Did you create a support ticket with the helpdesk yet?

    If not, did you try disabling the kill switch option and restarting yet to see if that makes any difference?  If not, please try doing so to see it that helps.  You might also try turning the kill switch off, then uninstalling Privacy, restarting the system, then reinstalling the latest version again.  Once that is done, test to see if you're able to connect.

  4. Greetings,

    You can actually keep the option disabled and use both Windows Defender and Malwarebytes if you wish, however see below if you want to just run Malwarebytes alone and keep Defender disabled.

    It's possible there was an issue with it failing to register for some reason.  Please try toggling the setting off in Malwarebytes, then restart the system, then try re-enabling it again and reboot once more to verify that it works.

    If it still fails, please try a clean install to see if that fixes the issue:

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

    Please let us know how it goes and if the issue is resolved or not.

    Thanks

  5. Greetings,

    What issues, if any, are you having with the software?  The log/text file you posted is blank.  Please provide a description of any issues you are experiencing and we'll do our best to help, and if you are able to, please do the following assuming the Support Tool is able to run and complete properly on your system:

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

    Thanks

  6. Yes, unfortunately adding the IP to your Allow List or disabling notifications entirely would be the only two options in Malwarebytes at the moment as there is currently no way to disable notifications for a specific module or specific IP/detection.  Switching to a different port for RDP would actually be a pretty good idea from a security perspective since the entire reason those specific ports get scanned is due to known vulnerabilities in RDP that impact some systems, so using a different port would at the very least shield your system from any of their scripts/scans which rely on targeting the default Windows/RDP configuration.  I do not know whether doing so would impact any of the tools you might use with RDP though, so that also may not be an ideal solution if you use any utilities or applications which rely on the default ports/configuration for RDP.

    In fact, changing ports for RDP is one of the security measures recommended in this Malwarebytes Labs article on the subject, in addition to several others you might find useful for helping to secure your devices against attack.

  7. Greetings,

    The Web Protection component uses a WFP filter/driver which is the same API/framework used for the built in Windows Firewall and most modern firewalls and network filtering tools in Windows so your firewall and the Web Protection in Malwarebytes actually see the connection attempts at the same time.  To avoid the block notifications you could try blocking those particular ports (if you don't use RDP) and/or IP addresses in your router/modem if it has such functions available so that the connection attempts/port scans never reach your system.

  8. Well that's unfortunate; whatever is causing the issues might be different between the two systems, but hopefully we will get it figured out.

    In the meantime you could also try removing or disabling some of the other network related apps on the system to see if it's one of their services or drivers conflicting and causing issues.  Your logs show that you have TeamViewer, FileZilla, DivXMediaServer, as well as Bonjour installed.  I'd suggest trying to remove each one at a time, then restarting the system and testing to see if your connectivity with Privacy comes back online, or you can wait to troubleshoot the issue with the specialist in the malware removal area and they'll guide you on the next steps to try and fix it.

  9. Try disabling the kill switch function in Malwarebytes Privacy before uninstalling it (the kill switch option is located under Privacy's advanced settings as described in this support article), then open Malwarebytes Premium (the AV) and go to settings by clicking the small gear icon in the upper right, then select the Security tab and click the Advanced link under the Windows startup section and toggle the Enable self-protection module option to the OFF position, click Yes if prompted by UAC, then try removing Privacy again to see if you are now able to delete it (self-protection might have been guarding it, preventing you from removing the folder manually).

    If you still can't uninstall it, try using the Malwarebytes Support Tool to do so; I suggest having UAC enabled when you attempt this so that it has the appropriate permissions to perform its tasks:

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes and Malwarebytes Privacy and re-activate using your license keys

    If you run into any issues getting either software to reactivate, access your account at My.Malwarebytes.com (if you haven't created an account there yet, please do so by following the instructions in this support article, making sure to use the same email address you used when you originally purchased your licenses as this should allow it to automatically pull up your license info), then use the option to deactivate one or more of your previous installations/devices so that you may reactivate it on your current installation.  Instructions on deactivating can be found in this support article if needed.

    Hopefully that will get it up and running again, then you should be able to deactivate UAC again (though we do recommend against it for security and compatibility reasons, as it helps prevent threats from automatically gaining admin level access to your device and helps with compatibility for most modern software apps since they are developed with UAC compatibility in mind).

    Please let us know how it goes and if the problem still persists.

    Thanks

  10. I'm not aware of any links from Malwarebytes to download previous builds unfortunately, but if toggling UAC doesn't help, please follow the instructions in this topic, skipping any steps you are unable to complete, then create a new topic in our malware removal area by clicking here and I will request one of our specialists to take a look and guide you in more advanced diagnostics and repairs which will hopefully lead to a resolution of the issue.  Post back here to let me know once you've done so and I will ping one of our malware removal specialists to take a look.

    Thanks

  11. Thanks, it sounds like it is likely an issue with the most recent build.  I have reported the issue to the Product team.

    In the meantime, please provide the following logs in case they require them for analysis and troubleshooting:

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

    Thanks

  12. You have User Account Control disabled; please re-enable it, set it to its default, then restart the system and try uninstalling and reinstalling Malwarebytes Privacy and hopefully that will correct the driver issue (it's digitally signed so it shouldn't have shown that error message).  Also, is the system fully up to date with Windows Updates?  Microsoft has released some updates that affect security certificates, so please ensure that Windows is fully patched to see if that has any impact on the issue.

    In the meantime I will also be reporting this issue to the Product team in case there is anything they can look into on their end.

    Thanks

  13. By the way, I just noticed these entries in your logs which indicate that Malwarebytes' licensing servers are being blocked.  This may be impacting Malwarebytes Privacy's ability to get online as well:

    Hosts File Blocks
    ==================================
    Host data:    # 0.0.0.0    keystone.mwbsys.com
    Host data:    # 0.0.0.0                   telemetry.malwarebytes.com

    Removing the entries and restarting the system should correct it if this is the cause of the problem.  If you need instructions, details on resetting the HOSTS file can be found in this Microsoft support article.

  14. Greetings,

    Does changing servers help at all?  We've seen some cases where changing servers allowed the VPN to connect, then you should be able to switch back to your preferred server and have it work.

    If that doesn't fix the issue, if you are using Malwarebytes Premium in addition to Malwarebytes Privacy, please open Malwarebytes Premium and navigate to settings by clicking the small gear in the upper right, then select the Security tab and scroll down to Exploit Protection and click the Advanced settings button, then click the Restore Defaults button and restart the system and test to see if the VPN is now able to connect or not.

    If the problem still persists please try uninstalling Malwarebytes Privacy, then restart your system and reinstall the latest version and test to see if it now works or not.

    Please let us know how it goes.

    Thanks

  15. I'm sorry to hear that, I was hoping that would work.  Do you use the scan function at all, or just printing for your network printers?  If you just use them to print, disabling SNMP should allow you to access and use your printers on the network with Web Protection enabled.  There should be an option to disable SNMP in your printers' options, please try disabling it, then restart your system and see if it now works consistently with Web Protection active.

  16. Greetings,

    Please try disabling fast startup as detailed on this page, then restart your system to see if that fixes the issue.  If it does not, please try uninstalling Malwarebytes Anti-Exploit Beta, then restart the system, then reinstall Anti-Exploit again and test to make sure it starts up properly and that the icon is visible in the tray.

    If that doesn't help, please try disabling the memory integrity setting as instructed on this page then restart the system and see if Anti-Exploit is able to start.

    Please let us know how it goes and if the issue still persists or not.

    Thanks

  17. Greetings,

    I'm sorry you encountered this issue.  Please do the following to see if it helps:

    • Open Malwarebytes and navigate to settings by clicking the small gear icon in the upper right
    • Select the Security tab and scroll down to the Exploit Protection area
    • Click the Advanced settings button
    • Click on the Restore Defaults button on the lower left
    • Re-enable Web Protection and restart the system to test and see if your printers are now accessible without having Web Protection disabled

    Please let us know how it goes.

    Thanks

  18. There's another point I thought I should add about how Malwarebytes does things differently from most other entities in the PC security industry.  While many major AV vendors keep massive databases of threats, often going as far back as the early days of Windows 95 and/or 98, Malwarebytes instead focuses on relevant threats that can actually infect your system today on the net, also known as 'in-the-wild' threats.  This difference in threat targeting means that those databases I referred to that are stored in memory to optimize performance and reduce CPU cycles are much smaller than the typical databases/signatures in use by most other security products (which often reach sizes of hundreds of megabytes or more on disk; a major reason they typically don't adopt Malwarebytes' approach to keeping their databases in memory).  Malwarebytes' Research team will also periodically cull out older threat signatures that haven't detected anything for a while (a clear indication that a signature is no longer needed since it is no longer getting any hits against the threats being faced by Malwarebytes' users/customers) which reduces database size and has the added benefit of reducing the amount of RAM used by Malwarebytes' primary process in memory.  It also typically reduces scan times, making those scheduled scans and manual scans faster, again potentially saving battery life and freeing up more resources, and most importantly time for the user to do the things with their PC that they want and need to such as working, streaming videos or playing games.

    Malwarebytes strikes a good balance between providing top tier protection without sacrificing performance.  In an age where so many apps want to run in the background constantly to collect that all important telemetry data and display alerts and notifications, and where games and other applications are more resource hungry than ever, it is a breath of fresh air to have a security app that runs so light that you often don't even notice when it's running, quietly protecting your PC in the background.

    Protecting their customers from the latest threats is obviously Malwarebytes first priority as a company, but doing so without hindering the system's performance seems to be a close second, and I'm glad that it is.

    • Like 1
  19. I just copied over a large folder of driver files for my PC (around 4GB) from a folder saved on my desktop (installed on a 1TB Samsung 970 Pro NVMe PCIe SSD) to a secondary drive (a 1TB Samsung 960 Pro NVMe PCIe SSD) and noticed the speed of the file copy operation was quite sluggish, only topping out around maybe 60MB/s (that's even slower than real-world USB 3.0 drive speeds and would be slow even for standard SATA SSDs, much less NVMe; the fastest consumer drive interface available at the moment) and bottoming out in the tens of KILOBYTES range (that's awful).  I knew something had to be off, so I checked CPU usage via one of my monitoring gadgets and confirmed my suspicions that Windows Defender was the culprit.  Sure enough, around 20%+ CPU usage from the process MsMpEng.exe which is the background process for Defender's real-time protection, used for monitoring, among other things, disk activity in real-time (including file create and file copy activities) to check for viruses/malware.

    Since I knew the sources of all the files in this folder (all downloaded directly from the system manufacturer's website as well as the sites of the creators of certain specific components such as Intel and NVIDIA) and because I knew everything in that folder had already been scanned (when it was originally downloaded and placed there on my desktop), I went ahead and disabled Defender's real-time protection at which point the file operation sped up MASSIVELY, hitting around 600~700MB/s according to Explorer and completing in a matter of seconds (like less than 10) which is much closer to the performance I would expect from such high-end hardware.

    So what?  This is a well known issue with most virus/malware protection applications; they slow down file operations, especially when many files are involved (like a folder full of drivers, installers and ZIP archives of driver packages) so it's just a fact of life, right?  Well, the thing is, I didn't need to disable Malwarebytes to get back that performance, and that's the point I want to bring up.  From the beginning, Malwarebytes has had a very different approach to protection when compared to most other AV/AM vendors, choosing to focus primarily on activity in memory (such as process execution attempts) and using a decoupled/separate on-demand scan engine for the manual and scheduled scans the program runs (the same scan engine given to everyone who uses the free version) and sharing only its databases with the Malware Protection component in Malwarebytes' real-time protection, and this has huge benefits when it comes to system performance.  It means that, while Malwarebytes will still occasionally hit your CPU a bit when a process is executing tasks in memory to check for things like exploits, and while it will hit the CPU a bit during certain specific disk/file operations to monitor for any potential ransomware/encryption behaviors, it generally won't hinder your system's performance when performing normal file and process operations such as copying/moving files or reading large files into memory (like when you load up your favorite PC game and it has to load all those pretty textures, models and map assets into VRAM, or when you launch your favorite photo editor, video editor or office application and it loads up all of its various plugins, assets, templates, filters and other components) which can be a huge time saver.  Not only that, but because of this reduced resource usage, your battery life will also be impacted in a positive way since each time you see a process cranking on a percentage of your CPU, that chip is drawing more power from your battery, reducing your overall available uptime in the process.

    This lightness on resources is something that doesn't get as much attention as other aspects of the software, but having been a Malwarebytes user since the days of Windows XP, and having previously used nearly every AV/AM app under the sun at one point or another (partially because I'm so darn paranoid, and in part because I liked to test them and see what they had to offer), I have to say that it is one of the biggest benefits to users when it comes to their everyday computing experience.

    A part of how this 'lightness' on resources is accomplished is actually through a heavier use of system RAM; a resource which is generally available in much more abundance, especially these days in most modern systems, by enabling Malwarebytes to keep most if not all of its threat databases loaded into memory so that it doesn't have to halt the execution of a process or other in-memory operation to load up its signatures to check and determine whether a process or activity is malicious (a trick many modern AVs use to make their resource usage/RAM usage seem lower, but hitting the CPU and disk much harder; a poor trade off, at least in my opinion, especially since most PCs have far fewer cores/threads than they do megabytes of RAM and you don't 'feel' when an application is using a lot of RAM unless you run out, but you can definitely feel it when your CPU is being taxed, as everything you try to do becomes more sluggish, especially if you're doing anything CPU intensive like gaming or encoding video).  Given the direction PC hardware has gone in, with a cap of around 5GHz for CPU clock speeds, the number of available cores increasing at a fairly slow pace (the first consumer level dual-core CPUs became available around 2004~2005 and we are just now at the point where most systems have at least 4 cores and 8 threads (thanks to SMT/Hyperthreading) while the amount of RAM shipped in even low-end PCs averages around 8GB or more).  A faster CPU also costs a LOT more than adding more system RAM, and it's much harder to swap them out (assuming it's even possible on your current platform/motherboard, as many recent chipsets top out at 4 core CPUs for compatibility and many laptops use soldered mobile CPUs that can't be upgraded at all).  That doesn't even account for cost, since getting a faster CPU is going to cost you anywhere from $150~$800 depending on the platform and chip you're upgrading to, yet doubling the RAM in an 8GB system to 16GB or even quadrupling it to 32GB is much cheaper, so RAM is both cheaper and more readily available, and I believe this is at least in part why the Developers made the choices they did when it came to implementing Malwarebytes' engine (compatibility with third party AVs was another reason, but the performance benefits are undeniable, at least in my opinion).

    Malwarebytes' approach also makes a lot of sense from a marketing perspective.  They have always engineered the software with not only normal humans in mind, but also enthusiasts like PC techs and gamers; a crowd that's hard to please if you start consuming all their CPU cycles whilst they're about the serious business of gaming and tweaking (and sometimes breaking 🤪) their PCs (seriously, if you haven't tweaked your system to the point of breaking your OS at least once, you're doing it wrong 😜).  I'm both, and I love the fact that, while I did have to disable Defender to get my drives' full performance back, I was able to leave Malwarebytes running active in the background the entire time without a hitch.

    So, for the TL;DR version: Malwarebytes real-time protection runs light on CPU so that you can get the performance out of your hardware that you paid for rather than making it feel sluggish like a PC from the days of Windows 98 and I'm glad that it does.  Thanks to Malwarebytes, when asked of my PC "But can it run Crysis?" I can honestly respond: "Why yes, yes it can!"

    • Like 1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.