Jump to content

exile360

Experts
  • Content Count

    25,813
  • Joined

  • Last visited

Everything posted by exile360

  1. Yeah, sorry I couldn't be more helpful. It's unfortunate that there's no way to just exclude a process as you can with some tools like firewalls etc. Malwarebytes implemented this functionality some time ago for the Web Protection component and it's proven to be very useful for cases where users are running peer-to-peer applications such as Bittorrent clients and some online games that connect to a wide range of IPs/servers.
  2. OK, thanks. Unfortunately this thread is full of users affected by both issues as all of the Windows 7 freeze issues got merged into a single discussion so separating it out for fixing the Ransomware Protection issue may prove problematic. In fact, I believe most of the recent reports came from users affected by the Ransomware Protection issue, not the Web Protection issue (and I also believe the latter is much more frequently a case of AV web filter conflicts than anything else, though this is not always the case).
  3. That's more difficult since much if not all of the content Malwarebytes uses/hosts/connects to comes from CDNs so the IPs and ranges can likely vary wildly (this also makes it much more difficult for the bad guys to target/block Malwarebytes' servers for updates etc.). I guess you could try pinging the listed addresses or use Wireshark to try and capture the IPs that way, but there's no guarantee that the IPs would always be consistent. For example, I believe the update servers Malwarebytes connects to will vary depending on your location as it tends to connect to the one closest/with the lowest ping from your current location to ensure updates come through as quickly and reliably as possible. I also believe that they use multiple CDNs, not just one, for hosting updates etc. so even the hosting providers can vary from one connection to another depending on the load etc.
  4. Greetings, You may find this support article to be helpful. It lists the sites that Malwarebytes needs to connect to. If that doesn't resolve the issue or if there is anything else we might assist you with please let us know. Thanks
  5. Hey Becky, thanks for the info. Have you guys figured out of the freezes caused by Ransomware Protection are connected at all to the freezes caused by Web Protection or are they two completely unrelated issues with similar symptoms?
  6. The issue with Malwarebytes seems to happen on affected systems regardless, but there do appear to be some situations where some configurations/software/hardware can trigger it more frequently/reliably, and I suspect Macrium may be one of those, at least in your case. Regardless, the freeze will still happen on both systems as long as that build of Malwarebytes is installed unless you determine which module is causing the freezes (Ransomware Protection or Web Protection) and disable it, or of course work around the issue altogether by using the previous version of Malwarebytes as you are now.
  7. Thanks, hopefully that will help. It may be that in your case the freezing was being caused by the Ransomware Protection component. That would fit with Macrium making it worse/more frequent etc. since, at least as I recall from what I know of Macrium Reflect, it performs a lot of filesystem activity in the background to monitor for changes to files/data for its incremental backups and these are precisely the types of operations that the Ransomware Protection module looks at in checking for ransomware activity (file access, creation, modification, deletion etc.). That's just my hypothesis, but it seems reasonable based on your description. Either way I'm sure this data will prove helpful so thank you again for providing it and hopefully we will see a fixed release of Malwarebytes soon.
  8. Thank you for the info/logs. If you wouldn't mind, could you also grab Support Tool logs from the system you rolled back? You don't have to reinstall the affected component package, but getting details/logs from both environments/systems could prove helpful in determining the cause for the Developers.
  9. A Good American Summary courtesy of IMDb.com: A Good American tells the story of the best code-breaker the USA ever had and how he and a small team within NSA created a surveillance tool that could pick up any electronic signal on earth, filter it for targets and render results in real-time while keeping the privacy as demanded by the US constitution. The tool was perfect - except for one thing: it was way too cheap. Therefor NSA leadership, who had fallen into the hands of industry, dumped it - three weeks prior to 9/11. In a secret test-run of the program against the pre-9/11-NSA database in early 2002 the program immediately found the terrorists. This is the story of former Technical director of NSA, Bill Binney, and a program called ThinThread. Netflix IMDb Wikipedia
  10. Sure, that's one way to address it assuming that doing so wouldn't result in the same formatting problem, but either way it would be up to IPS to implement the solution regardless.
  11. This is likely an issue for IPS, the provider of the forum software that we use here. I'll drop a line to the team about this so that they may report it to IPS. Hopefully they will be able to fix it in a future forum software release.
  12. Great, thanks. Yep, I missed it under the images. I just checked and the logs don't show the extra scheduled scan, just the one you created that starts at 7:45 so I'm guessing it was created after deleting it. That's OK as I did find this in one of the logs from the program: 01/04/19 " 07:37:06.332" 31109 0dd0 113c INFO ScanControllerImpl mb::scancontrollerimpl::ScanScheduler::UpdateScheduledScans "scanscheduler.cpp" 1091 "License state changed from Free to Licensed and there are no scheduled scans. Adding a default daily scan." I also found this: 01/08/19 " 07:45:00.000" 159781 0fcc 1de4 INFO ScanControllerImpl mb::scancontrollerimpl::ScanControllerImpl::StartScheduledScanNotification "scancontrollerimplhelper.cpp" 466 "Another scan is in progress, cannot start the scheduled scan at this time." It looks like something may have gotten messed up with the license/configuration files similar to what I mentioned as a possibility in my first reply above, so I'm thinking that's what's causing it. As for how to address it, I suspect the new build that was just released might correct it as they mention this in the changelogs, so it may be that the software is losing its registration, reverts to free mode, finds it again, returns to Premium, then adds the default scheduled scan back because at the time it fails to see the existing scheduled scan you had already created: Please download and install the latest version from here over the top of your existing version then restart if prompted to complete the installation process and keep an eye on things and let us know if the issue returns, but hopefully that will fix it.
  13. You're very welcome. Hopefully they'll have a fixed build out soon and if there's anything else we might assist you with please don't hesitate to let us know. Thanks
  14. Can you get any memory dumps from the process when this happens? Do you have any dumps/minidumps from these events by any chance? If so, that could be helpful in tracking the issue down. If they're too large to attach you can upload them somewhere like WeTransfer.com and post the link. Thanks
  15. Greetings, The only thing I can think that might cause this would be if the software was being reset to default settings or if it was having some kind of issues with its configuration files/data files and falling back on the backup files containing the default settings. It may be useful to get a set of logs showing the details of your installation to see what might be happening: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply If the extra scan is still scheduled then please get a set before as well as after removing it. Thanks
  16. Sure, and if they're too large you can upload them somewhere like WeTransfer.com and post the link. I'm sure the Developers would find them useful in tracking down these issues. Thanks
  17. There was an issue with the last version of Malwarebytes (the one preceding component update 1.0.508) that would show errors in the even logs every time the system was shut down. I'm not aware of any other errors in the newer builds.
  18. OK, so the problem is present even with the older build of Malwarebytes? I guess you'll need to keep Ransomware Protection disabled until this gets fixed then but at least you can install the latest version of Malwarebytes (assuming there are no other issues with it on your system) and hopefully they'll have this resolved in the next release (version 3.7).
  19. That's OK, they might be storing their data files somewhere else like under one of the local user data folders under C:\Users\<user name>\Application Data. You can try to locate it to exclude but the main thing is excluding its primary program folder which you already did. As for the support tool, it can take a while to run sometimes. It has to download FRST and run that (you'll likely see an icon in your system tray while it's running/scanning to create the logs) and it should finish after a few minutes unless something is preventing it from working properly.
  20. That's correct, the issue with the errors in Event Viewer from Malwarebytes during shutdown occurred in the last version as the result of a bug that was actually fixed in build 508 that was related to the self-protection driver and/or MBAMService.
  21. No worries, if your hypothesis is correct about it not scanning then chances are that if they do address it, they'll likely build it with the same kind of heuristics that most of their other scanning components use meaning it will be likely to catch a lot of undesirable items and they've already got a pretty good collection of known malicious sites, ad servers and other undesirable websites thanks to the Web Protection component, the hpHosts database as well as the new browser extension beta (which you might try by the way if you haven't already, as it may block these, but even if not, it will still add a lot of protection to your browser). You can check out the Malwarebytes browser extension beta here: Chrome Firefox
  22. Greetings, I'm honestly not certain if it does or not, though I do know that it does scan Chrome's preferences for malicious plugins/extensions and the like. I'll have to check with the team to see if it checks the notifications/allowed list or not and will request that it be added if possible if it turns out that it does not. If you have any further suggestions please don't hesitate to let us know. Thanks
  23. Thanks for the additional info and links guys. I will be sure to report them to the staff for you so that the Devs are made aware. I hope these issues are resolved soon, I'm anxious for all the bugs to get squashed.
  24. OK, please run the support tool again and use the repair option to see if that corrects it, if not, then please run it once more and collect a fresh set of logs and attach the resulting ZIP file so that we may take a look at what's going on. Thanks
  25. Greetings, It's most likely the Ransomware Protection component causing this issue, so if you disable that for the time being that should alleviate the problem. The other workaround would be to revert to the last build of Malwarebytes until they get this issue fixed. As for why they are requesting logs, it is because the Developers are still working on this issue and attempting to track down the exact cause, so the more data they get from affected users the better, however if you do not wish to provide any logs/data then of course you don't have to and you can just wait for the fixed version to be released. Instructions on implementing each of the workarounds I mentioned can be found near the top of this pinned topic. As for why they released the build like this, unfortunately even though they did perform extensive testing via their QA team, including testing on every OS which is currently supported (including Windows 7; both x64 and x86), they didn't experience any of these issues during their testing and only became aware of it once reports from users started coming in and they realized that the typical fixes for issues weren't working, thus indicating that it was a bug in the software and they have been attempting to locate and fix the bug ever since and plan to have it fixed in the next release, though I do not know of any ETA on when it will become available because of course they must first fix the issues, then test the build, and then finally release it, but I'm hoping that it will be soon of course, as I'm sure everyone affected by these issues is.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.