Jump to content

exile360

Experts
  • Content Count

    25,806
  • Joined

  • Last visited

Everything posted by exile360

  1. Aha, that explains it. Well done I guess Windows Defender turned itself on once the other AV was removed and must have enabled that feature (Malwarebytes can't touch Windows Defenders' settings, but Defender does sort of have a mind of its own, especially when it thinks its the only protection on the PC).
  2. OK, thanks. Have you tried disabling the other protection components individually to see if that makes a difference? If that doesn't help then you might try disabling the self-protection component by opening Malwarebytes and navigating to Settings>Protection and toggling the Enable self-protection module setting to Off under Startup Options as that could also be the issue. Please let us know how it goes in your testing, both for the protection components and for uninstalling. Thanks
  3. Awesome, I'm glad to hear it. Please let us know if there's anything else we can assist you with in the future. Thanks
  4. Awesome, thanks, I'm sure this info will prove useful Hopefully they'll be able to figure out what's causing this and get it fixed quickly.
  5. The closest thing (besides the add-ons/extensions/plugins David mentioned above, which are quite common (also beware of fake "Flash Player" updates and similar scams and only download known valid plugins/updates from their original sources) would be exploits, which are essentially malicious scripts that run inside web browsers and often attempt to exploit a known vulnerability within the browser or one of the legitimate plugins you might have installed (such as Flash Player, Adobe Reader, Java etc.), however the Exploit Protection in Malwarebytes Premium is very good at stopping these kinds of 'drive-by' attacks as they are often called because it does not rely on any sort of signatures and instead looks at exploit behavior to generically block any exploit attacks in their tracks before they can do any harm to your system (including preventing them from downloading and executing any files/installers etc.) and Malwarebytes is very good at detecting PUPs as well thanks to Malwarebytes' aggressive stance on PUPs, which is much more aggressive than most other security vendors. I would also recommend the Malwarebytes browser extension beta as it is very good at stopping online scams such as tech support scam sites and many of the common types of fake/PUP browser plugin sites that try to convince you to install browser extensions that you shouldn't by making them appear to be legitimate updates for things like Flash etc. as I mentioned before. The extension is free so you don't need to wait to afford it; you can install it right now and put it to work at helping to protect your system. You can find out more and download the Malwarebytes browser extension beta at the following links; it is available for both Google Chrome (as well as other Chromium based browsers such as SRWare Iron and Vivaldi) as well as Mozilla Firefox: Chrome Firefox
  6. He asked for a screenshot of Event Viewer but I don't believe you ever provided it, and besides, that tool I posted above will collect much more than just those particular events so it could be far more helpful diagnostically speaking. You can take your time and do it whenever you have a free moment. You don't need to interrupt anything important for this. I'm just trying to help get the problem figured out and solved.
  7. So after testing for a while with Web Protection disabled and Ransomware Protection disabled, here are my findings: Installed .NET monthly preview update, a def update for MSE and an update for Silverlight Rebooted and Malwarebytes took several minutes to start and prevented one of my system startup programs (Hotkey Control Center; a hardware control/overclocking app for Clevo laptops like mine) from starting I terminated Control Center via Task Manager and tried launching it again After around 30 seconds it finally launched at the same time the Malwarebytes tray icon showed up It looks like Malwarebytes was having trouble starting and was preventing Control Center from launching; this is an issue I've never encountered before today (not coincidentally I have Ransomware Protection enabled and Web Protection disabled where I usually have it the other way around with Ransomware disabled and Web Protection enabled) and experienced no issues whatsoever running the system with Malwarebytes configured that way. I also keep self-protection disabled though I don't know if that is related or not. I replicated the issue by shutting down and later starting my system again. This time I waited and after Control Center threw an error that the system needed to be restarted for it to run, I created dump files of its process as well as MBAMService.exe (mbamtray wasn't running yet) After waiting for a few minutes mbamtray finally loaded along with Control Center (again, simultaneously as before) with the tray icon showing up at the same time as the Control Center UI Dumps were too large for the forums so I've uploaded them here. I'm glad I didn't have to force the system to shut down, but obviously it's still not ideal. I also noticed that every time I'm shutting down the system MBAMService takes much longer when Ransomware Protection is enabled to shut down (I have verbose shutdown/logoff/logon messaging enabled so I see it taking longer than usual during the Malwarebytes service shutting down phase).
  8. Nope, not really. It just prints out the last few of them to one of its logs. The tool I posted above is much more comprehensive. It also may prove helpful to have Malwarebytes output its verbose logs when the issue is occurring to see if it reveals anything helpful. To enable it, open Malwarebytes and navigate to Settings>Application and toggle the option under Event Log Data to On then restart the system and wait for at least one crash to occur, then run the Malwarebytes Support Tool again to have it gather the logs then attach the archive to your next reply: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply I'm hoping that it will be able to log more details about what's going on with the service/drivers etc. when the crash is happening which might help the Devs in figuring out the cause and possibly help LiquidTension as well in troubleshooting further.
  9. OK, thanks. It might help to get some of the Event Viewer logs just in case there's one or more related issues happening as it might give them a clue as to what might be causing this so please do the following if you wouldn't mind; this tool will grab some of your most recent Event Viewer logs: Post Event Logs: Please download VEW by Vino Rosso from here and save it to your desktop Right-click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt. Click the check boxes next to Application and System located under Select log to query on the upper left Under Select type to list on the right, click the boxes next to Error, Warning, and Critical (not XP) Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run Once it finishes it will display a log file in notepad Please copy and paste its entire contents into your next reply, or if you prefer you may save the text file to a convenient location and zip and attach it instead Thanks
  10. You're welcome Nope, since you disabled telemetry, the only kind of checking in it should do would be for licensing/subscription validation, database updates, product version updates/upgrades, and of course all the cloud/AI detection stuff I mentioned. If there's anything else we might assist you with please don't hesitate to ask. Thanks
  11. It's likely traffic from the cloud component in Malwarebytes which is a part of the new heuristics/Machine Learning/anomaly detection engine which was added to Malwarebytes 3 a while back. You may find the information in this support article to be of use. Also, at least as far as I know, the amazonaws and cloudfront addresses are both parts of the CDNs (Content Delivery Networks) used by Malwarebytes for hosting databases and program updates and are likely also the same systems/servers/connections used for the cloud components I mentioned. That's just my hypothesis though, so someone from the staff may need to respond with more detail/confirmation.
  12. Yep, I just wanted to make sure just in case. Did you try disabling Ransomware Protection alone to test/verify that it's the component causing the issue?
  13. Also, please make certain that fast startup is disabled, otherwise that could also potentially cause this behavior as it may be keeping the service in memory since it prevents the system from fully shutting down. You can find out more and find instructions on how to disable fast startup here and here. This feature has been known to cause issues with Malwarebytes as well as many other programs as well as some hardware drivers due to Microsoft's implementation of the feature.
  14. It sounds like it's probably the Ransomware Protection component interfering with it based on your description. That module isn't nearly as proactive as the other components in Malwarebytes and rather than attempting to prevent infection, simply monitors process and file activities in memory and on disk to look for ransomware infections that have already infected the system to stop them, hopefully before your files get encrypted. Considering the fact that virtually all ransomware infections get onto systems through the use of exploits, the far more proactive Exploit Protection and Web Protection components (not to mention the Malware Protection component) are far more likely to stop any such attacks before they ever get to the point where the actual ransomware is downloaded and installed/executed on your system so you may safely disable it without greatly increasing your risk of infection. In fact, I've kept that module disabled almost entirely since it was first integrated into Malwarebytes (due to past performance issues with that module; though most of those have now been resolved, and because I trust the other components to keep my system safe) so if necessary, you should be OK disabling it while using your program, assuming that module is in fact the cause of the issue. You can also try excluding the program folder for your music application from Malwarebytes using the Exclude a File or Folder option and leaving the default option selected which excludes it from detection by all of the modules (which I believe you already did) and you can add the folder it is using for temp files to your exclusions, but for that one just select the Exclude from detection as ransomware only to see if that helps. It may be necessary to also exclude the data folder used by the music application which is likely located somewhere under C:\ProgramData or under C:\Users\Your Username\Application Data or possibly both.
  15. Sorry, I saw where you mentioned it had been disabled, but I didn't see where you said you'd removed it. My apologies.
  16. OK, as long as you have the trial running it's good for 14 days so even if something weird happens and you aren't able to get help from Support before you leave (very doubtful as I expect them to assist you today given how quick they usually are with these things) you'll still have protection while you're travelling. You can also ensure that Windows Defender is turned on (it won't conflict with Malwarebytes, even with protection active) by opening Malwarebytes and navigating to Settings>Application and selecting Never register Malwarebytes in the Windows Action Center below the Windows Action Center section. It isn't essential, but Defender does add another layer of defense on top of Malwarebytes which may help you to feel safer (many of our users run it this way since Defender is generally pretty light on resources as well and the two tend to work well together without conflicts).
  17. Greetings, I believe that as long as Malwarebytes is running during the same Windows session the most recent entry will continue to be displayed. You might be able to work around it either by restarting your computer or by quitting Malwarebytes and launching it again (right-click the Malwarebytes tray icon and select Quit Malwarebytes then launch it again via the desktop or START menu shortcut).
  18. Hmm, it sounds like maybe it's happening as a consequence of some automated background task given the frequency. That makes me suspect Kaspersky, as I don't know of any background task that Malwarebytes performs at that interval (updates are set to the default hourly rate according to your logs for Malwarebytes). Have you already followed the instructions in this support article to see if that corrects the problem? If not, then please do so. I'm also aware of this support article which recommends removing Kaspersky completely, however I do not believe that is necessary any longer as I know of several users running Kaspersky alongside Malwarebytes without any issues (though they likely have exclusions configured between the two as you now do).
  19. Thanks for the info, I was not aware that the older lifetime license keys could be added to/managed under the My Account feature/interface. Does that also include lifetime licenses purchased directly from the Malwarebytes site back when they were still available? I ask because it specifies outside purchases, though that may be due to the fact that there were some remaining lifetime keys in other channels for a while after Malwarebytes stopped selling them directly, I just want to be certain so I know what to tell customers.
  20. OK, did you already use the free 14 day trial of Malwarebytes? If not, then go ahead and install the free version and it should activate the free trial automatically so that you will be protected while awaiting your license/Support. In the meantime I'll ping a member of the Support team directly here and he should be able to assist or at least get you in touch with someone from Support who can; @LiquidTension would you please assist this customer with retrieving their recently purchased license key? The activation email hasn't arrived yet so someone from Support will likely need to look it up. Thanks
  21. Yes, Web Protection was enabled. I haven't tested with Web Protection disabled but I will shortly.
  22. OK, just wait on Support, they should email you back today assuming the ticket queue isn't too large, which it usually isn't. Be sure to check your spam/junk folder(s) in your email as well just to make sure nothing gets placed in there by your email provider by mistake as that does happen sometimes unfortunately.
  23. OK, that helps. MwacLib.dll is a file component of the Web Protection module, so at least that helps to further isolate where the issue is, so if you haven't yet, I'd recommend trying disabling Web Protection to see if that eliminates the issue assuming disabling fast startup didn't correct it (though it may have as we have seen many issues with protection/startup related to that before which is why we so often mention it). Please keep us posted on how things are going and I'm sure LiquidTension will have further instructions for you soon.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.