Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by exile360

  1. Yes, I know. I wasn't saying that DEP was exclusive to Vista+, just that it was a built in function in the OS implemented by Microsoft just like ASLR.
  2. Good insight, I bet you're right. This also explains why, since 3.x was first released, that Vista and 7 (though especially 7, likely because so few stuck with Vista once 7 was released) have been plagued by performance issues, lockups and just overall bad behavior of MB3 under various conditions across several releases. It also explains why so many of those same issues did not seem to impact Windows 8/8.1 or Windows 10 in most cases. I've been watching these issues since 3.0 was first released and I've been keeping a close eye on them since I'm a Windows 7 user myself (with absolutely no intention of ever downgrading to Windows 10) and I kept wondering why it seemed that so often issues with Malwarebytes would be isolated to Windows 7. I'm sure it's not the only reason, but it would explain a lot considering how similar so many of the issues appear to be, with either the entire system or Malwarebytes itself locking up/freezing or just taking a long time to load or unload and delaying and/or freezing everything else in the process. I hope that the Developers keep this in mind going forward because I suspect this is not the only module to be impacted by this limitation in 7.
  3. You're welcome Yep, basically the way it works is it will remain bold as long as you have not viewed the most recent post/reply to a topic. Once you have read the most recent reply it will no longer be bold until there is a new reply from someone.
  4. Well, I just tested trying to delete one of Malwarebytes' data files from its data folder and the driver did prevent it, even when using admin privileges so at least that's working as it should. I wonder why they changed how it protects its processes? Maybe they encountered a compatibility issue with third party AVs etc. and were forced to change it to avoid those issues or something. I can't think of any other reason why they'd limit its protection like that.
  5. It should show in bold with a dot or star next to it if there is one or more replies in a topic since the last time you viewed it. A star means it is a topic that you have posted in and a dot means it is a topic you haven't posted in. See the example below which shows at least one example of each: The first topic is one I haven't read yet or haven't seen the most recent response to yet and that I have not personally responded to. The second is a topic I've read with no new replies so far and that I have no posted in. The next 3 are just like the first one; topics I haven't posted in with one or more posts I haven't seen/read yet. The last one is a topic I've personally posted in with no new replies/posts since the last time I read/viewed it.
  6. I have an Intel chipset and raid controller as well, and while I did see similar behavior with regards to switching windows/clicks and the cursor, I saw no errors or issues related to the disks or Intel IRST software. As for reporting/replicating the various activities that seem to trigger it, it may lead to a clue as to the cause if it is at all reproducible as was the case with the Battle.net game launcher (one of the first means the QA team found that allowed them to reliably replicate it thanks to reports from users). That's on the QA/testing side though, so you needn't worry about the Developers being sidetracked by what does or doesn't reliably trigger the issue to occur. They are looking at the code because that's their job, but any reports and data that indicates a possible consistency in how to reliably reproduce the issue can in fact lead to a fix because it can indicate more precisely where the issue lies with regards to the functions of the Malwarebytes drivers, processes and services even if the issue is also random/semi-random under other conditions/on other systems. I know all of this because I used to be QA for Malwarebytes and worked directly with the Devs on countless issues throughout the years, and while they would indeed comb through the code and analyze changes from one version to another just as you mentioned, they also relied on me to reproduce the issue reliably to help point them in the right direction with regards to precisely where in the code it was occurring and most importantly why it was occurring because knowing that a change they made is causing an issue is not enough since there is no doubt a good reason for the change such as adding new capabilities and/or improving performance etc., so they can't just roll back the code to the old version by sacrificing every change they've made to the software in the most recent release because of such an issue. They need to know precisely why the issue is happening and then correct or work around the issue while retaining the improvements and changes that they made to the code in the latest release so that the users get the benefit of the fix as well as the benefits of the new features/capabilities (such as augmentations to protection, which is likely what this change was that caused this considering the driver(s)/component(s) it's related to).
  7. They must have changed it then. It used to prevent any Malwarebytes process from being terminated this way and would show an access denied dialog/error, otherwise it would be trivial for the bad guys to terminate it then block it from restarting itself which was the entire point of self-protection in the first place.
  8. Hey, you never know. I assumed that because MS hadn't added that feature until Vista (and I believe it's also exclusive to x64, though I may be wrong on that point) that it didn't apply to XP, but if they did it in EMET then perhaps they did it in MBAE/MB3/MBAM as well. I'll make a note of it and ask the Product team and get you an answer for sure one way or the other.
  9. Thanks for the info. I'll be sure to report that to the team for additional troubleshooting/investigation.
  10. It is normal to be able to stop the service using Services.msc, but you shouldn't be able to kill it using Task Manager if self-protection is working.
  11. It shouldn't make too much difference and you can verify that it's working by trying to terminate any of Malwarebytes processes using Task Manager (you should get an error/access denied message box because of the self-protection driver blocking it).
  12. You may be correct. I will ask the Devs to find out if Malwarebytes is doing something similar on XP.
  13. Greetings, It's possible that the issue you're experiencing is similar to the one being discussed in this topic. If you would, please try each of the workarounds mentioned in this topic under the Known Workarounds section to see if that resolves it or not, particularly the second one involving reverting to an early build of the program. Please let us know how it goes. Thanks
  14. You must have written it with that disappearing ink
  15. Greetings, While it is very unlikely that you were infected with anything, just for your peace of mind I'd suggest going ahead and following the instructions in this topic and then creating a new topic including the requested logs and information in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking your system for any threats and helping you to remove any that are discovered as soon as a specialist is available. Please let us know if there is anything else we might assist you with and we'll do our best to help. Thanks
  16. You're welcome, and please keep us posted on how it goes and let us know if you have any questions.
  17. It could also be that there's another issue with your system preventing it, possibly the same thing preventing the anti-exploit driver from loading though I'm really not sure.
  18. Greetings, It's likely due to the fact that the current version is no longer officially supported on Windows XP but I don't know for sure and don't have an XP system to test with at the moment unfortunately. This is a direct quote from the official Process Monitor page on Microsoft's website:
  19. It was a minor update to address an issue with licensing. You can find the details in this post.
  20. Greetings, It's possible that your browser has some kind of PUP (Potentially Unwanted Program) installed such as a plugin or extension causing Chrome to connect to unwanted sites. To check, please open Malwarebytes and click on the Scan Now button to allow it to scan your system, then have it remove anything it detects and allow it to restart your system if prompted to do so to complete the removal process. If the issue still persists or Malwarebytes didn't find anything then please run ADWCleaner and likewise have it scan your system and have it remove anything it detects, restarting your system if prompted to do so. Once that's done, if the problem still remains then please read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking your system and browser for any threats and help you to remove them. Please let us know if there is anything else we might assist you with. Thanks
  21. You can also install the Malwarebytes browser extension if you use Chrome (or another Chromium based browser like SRWare Iron or Vivaldi) or Mozilla Firefox. It contains the same block database as the Web Protection component in Malwarebytes 3 and also includes some additional functions such as ad blocking, anti-phishing, clickbait site blocking as well as behavioral blocking for certain common threats like tech support scam sites and fake/PUP browser plugin sites. It's compatible with Malwarebytes 3 so once this issue is resolved you can continue using it. Its only limitation is that it only guards your browser rather than your entire system the way that Malwarebytes 3 does. You can find out more and download it at the following links: Chrome Firefox
  22. I believe the OP is asking if, since ASLR is a feature implemented starting in Windows Vista by Microsoft and didn't exist in Windows XP, is there any point to this setting/function in Malwarebytes Anti-Exploit when running on Windows XP, and I believe the answer is "no" since there is no system default ASLR to be enforced, at least if I am understanding Malwarebytes' implementation of this feature correctly in that I believe, just as with their DEP enforcement feature, it relies on the system's in-built functionality to work and simply augments/enforces the system's function as implemented by Microsoft in Windows. For reference: https://en.wikipedia.org/wiki/Address_space_layout_randomization#Microsoft_Windows
  23. I switched back to my previous configuration since I get less performance issues that way (not to mention faster startup and fewer/no errors) so I've got Web Protection on again, Ransomware Protection off and self-protection off (though I don't think that module is related to the issues, I just see no point in it since I don't expect to get infected).
  24. It most likely is pretty normal depending on what you're doing at the time since the various protection components will talk to the cloud while doing their work such as the Web Protection component while browsing and the Machine Learning/anomaly detection component I mentioned which will analyze any new/unknown process it doesn't recognize leveraging the cloud to determine if it's malicious and to help train the module/system further for improving its classification/detection capabilities.
  25. Aha, that explains it. Well done I guess Windows Defender turned itself on once the other AV was removed and must have enabled that feature (Malwarebytes can't touch Windows Defenders' settings, but Defender does sort of have a mind of its own, especially when it thinks its the only protection on the PC).
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.