Jump to content

exile360

Experts
  • Content Count

    26,338
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, Thanks for testing and providing feedback. I'll report your request to the product team for review and consideration. I agree that some kind of status indicator in the tray for protection would be nice.
  2. No problem, I just wanted to make sure in case the rootkit scan driver was somehow working on your system. Thanks for checking and letting us know
  3. Hello again I checked your logs and unfortunately I'm not seeing what I expected with issues like this. Typically it is a problem with the application compatibility registry settings (located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers) but your logs don't show any entries there so the problem may be elsewhere. There are a few other things to try and we'll likely check those keys manually as well just to make sure there's nothing there that shouldn't be which could account for this issue, but first just to eliminate the most obvious causes please try following the procedures outlined in this article the next time the issue occurs to see if that helps. Once that's done, assuming the issue returns again, please go ahead and get an export of the registry keys I mentioned by doing the following: Create a Batch File: Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor): @echo off reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /s>"%userprofile%\desktop\CompatFlags.txt" reg query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /s>>"%userprofile%\desktop\CompatFlags.txt" "%userprofile%\desktop\CompatFlags.txt" del /f /q "%userprofile%\desktop\CompatFlags.txt" del /f /q %0Once you've done that click on File and select Save As... In the Save dialogue box click on the drop down menu next to Save as type and select All Files Name the file check.bat(the .bat extension is very important) Save the file to your desktop and double click it to run it. Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.
  4. Do you have rootkit scanning enabled (it is off by default)?: If not, then no, you shouldn't have any problems with scans. It is only when rootkit scanning is enabled that some users are seeing issues with scanning because the rootkit driver is being prevented from loading the same as the protection components.
  5. Excellent, I'm glad that it's fixed (again), and hopefully it stays fixed this time but let us know if you have any further issues and require our assistance. Thanks
  6. No problem. I'll make sure the team is aware of this issue and hopefully they'll be able to replicate it.
  7. It looks like something went wrong when gathering logs with the support tool. Do you have User Account Control disabled by any chance? I ask because I think that may be causing issues with it. If so, please try re-enabling UAC then try gathering the logs again and attach them to your next reply. Thanks
  8. Interesting, thanks. Did you upload the logs to WeTransfer and do you have a download link for them? Next, please also try disabling self-protection in Malwarebytes to see if that makes any difference. It can be found under Settings>Protection under Startup Options called Enable self-protection module. That's the only other loaded component I can think of that might be affecting things, especially since you killed the service and the issue was still present. If that makes no difference then let's gather some more data for the Devs (in addition to the Process Monitor logs which I hope you've uploaded): Create Process Memory Dump using Windows Task Manager on Windows Vista/7/8/8.1/10: Open Task Manager by pressing Ctrl+Shift+Esc on your keyboard Click Show processes from all users at the bottom to enable that option and click Yes if prompted by User Account Control Click on the Image Name column near the top to sort the list of running processes by name Replicate the issue by trying to open an Office document from your network drive While the CPU usage is high/the program is trying to load, locate the MBAMService.exe process and right-click on it, selecting Create Dump File Wait a moment while Windows creates the dump file Once it completes it will inform you of the name and location of the dump file (typically C:\Users\Your user name\AppData\Local\Temp\MBAMService.dmp Navigate to this location and right-click on the MBAMService.dmp file and choose Cut Right-click on your desktop or some other convenient location where you'd like to place the file and choose Paste Right-click on the MBAMService.dmp file you just moved and hover your mouse over Send to and choose Compressed (zipped) folder Attach the MBAMService.zip file you just created to your next post or if it is too large, upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply That last one may take a couple of tries to get the timing right so please be patient and do the best you can to get a dump file while the performance issue is occurring. Finally, one more method to gather info would be to enable verbose logging in Malwarebytes and replicate the issue. To do that, open Malwarebytes and navigate to Settings>Application and enable the option under Event Log Data then replicate the issue a few times, then run the Malwarebytes Support Tool and have it gather logs, then attach those logs to your next reply. Once that's done be sure to disable the enhanced log collection option in Malwarebytes so that it doesn't continue creating those verbose logs as they can get pretty big after a while and end up taking up a lot of unnecessary space on your drive.
  9. Hmm, yeah, I suspect that is being caused by the driver not being able to load. In fact, if you open Malwarebytes and go to Settings>Application and enable the option under Event Log Data then replicate the issue once more by trying to run a scan again it should log what happened. Once that's done, go ahead and run the Malwarebytes Support Tool again and have it collect the logs then post the ZIP file. Once that's done, go ahead and disable the option under Event Log Data again that way it doesn't continue its verbose logging (those logs can get pretty big fast because it logs a LOT of stuff, so we only advise using it temporarily for support and troubleshooting).
  10. Excellent, I'm glad that it worked for you and that I was able to help It's just a common problem with the way that DNS caching works. Basically, to try and speed up your internet browsing, Windows will cache the routes to websites you have connected to in the past so that it doesn't have to look them up again (websites are looked up using DNS, or Domain Name Service which translates domain names/URLs to their physical IP addresses; i.e. the numeric address of the server that the website you are connecting to is hosted on. For example, www.malwarebytes.com uses the IP address 23.49.12.71 so whenever you try to connect to malwarebytes.com, Windows checks the DNS cache to get the IP, but if you've already connected to the site recently its address will be stored in the DNS cache so that Windows doesn't have to look it up to find out the IP again and instead just goes directly to 23.49.12.71 which allows you to get to the website faster, however whenever a website is blocked by Malwarebytes it gets redirected to the block URL/IP used by the Web Protection component in Malwarebytes (located at block.malwarebytes.com) and so even though you had excluded the website from Malwarebytes' Web Protection, the DNS cache was telling Windows that the server it should be connected to is the one where block.malwarebytes.com is located rather than the actual IP address of the website you were trying to reach. Clearing out the DNS cache solves the problem because it forces Windows to look up the DNS/IP address again from scratch, and since Malwarebytes is no longer blocking it, you are now able to connect to it properly .
  11. Greetings, This is a known issue with the WIndows 10 Insider Preview build 18323 and is being investigated/worked on by Malwarebytes and Microsoft. Please refer to this post for details. There are a couple of topics in that area of the forums (including the one I linked to) where the issue is being discussed in detail and users are working with the team to investigate the issue. If you wish you may post your logs there as well and I would recommend keeping an eye on that topic for updates from the Malwarebytes staff to find out when a fix becomes available.
  12. Rootkit scanning works a bit differently which is why I asked that you try a scan. The driver doesn't actually try to install itself when you turn the feature/switch on unlike the protection components as the rootkit scanning driver is only loaded when rootkit scanning is enabled and you attempt to run a scan. As long as you were able to scan and the scan log shows rootkit scanning was enabled and you saw that portion of the scan complete without any errors about the driver then it should be working.
  13. Greetings, You may contact Malwarebytes Support directly via the form found on this page or if it is during the hours of 2AM-2PM PST you may use the live chat option by clicking CHAT WITH US on that page above the form. If you end up filling out the form a member of Malwarebytes Business Support will contact you via the email address you provide on the form as soon as they are able to. I hope this helps and if there is anything else we might assist you with please don't hesitate to ask. Thanks
  14. You can verify whether rootkit scanning is enabled or not by attempting to perform a Threat scan. Just open Malwarebytes and click Scan Now on the Dashboard and see if it is able to install the anti-rootkit driver and scan for rootkits (it should throw the DDA driver error if it isn't able to), and if it works you should see it performing the Scan for Rootkits portion of the scan near the beginning just after Pre-Scan Operations if you view the Scan tab while the scan is going.
  15. Just do it the same way as it shows for Windows 8 and it should apply to your OS as well If you have any trouble just let us know.
  16. Thanks for the status update. I'm glad to hear that you guys are working directly with MS to resolve the issue.
  17. In case you were not aware, it has been reported recently that Google planning changes to Chrome that could break ad blockers. This comes on the heels of Chrome's limited release of their own in-house ad blocker which is to be released in July of this year. Whether this is an anti-competitive move on their part (and likely to push users away from products that would be more likely to block their own ads and tracking/telemetry servers) or just a coincidence I do not know, but either way it may mean that Malwarebytes may need to make changes to remain compatible with Chrome going forward, assuming they aren't already using a method compatible with the upcoming changes (apparently Adblock Plus is already compatible, though not all ad blocking extensions are).
  18. Thanks for providing these. All this data should prove very helpful to the team troubleshooting the issue and will hopefully lead to a prompt resolution.
  19. Thanks, yes, I do suspect it's an issue with one of the modules. If disabling Ransomware Protection doesn't eliminate it then I'd suggest disabling the others one at a time to see if that helps. It may be an issue with Ransomware Protection, Web Protection, Malware Protection or even Exploit Protection (particularly since those MS Office apps are all shielded by Exploit Protection by default). A capture of the process when attempting to open one of the programs/documents via Process Monitor could also prove useful as it should reveal what Malwarebytes and other programs are doing when the issue occurs which could help the Devs in trying to improve things. Create a Process Monitor Log: Create a new folder on your desktop called Logs Please download Process Monitor from here and save it to your desktop Double-click on Procmon.exe to run it In Process Monitor, click on File at the top and select Backing Files... Click the circle to the left of Use file named: and click the ... button Browse to the Logs folder you just created and type MB3 Log in the File name: box and click Save Then click on File and select Capture Events to start logging Replicate the issue by opening one or more of the documents Close Process Monitor Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder Please attach the Logs.zip file you just created to your next reply, or if it is too large, please upload it to WeTransfer and post the link to the file
  20. It sounds like the individual assisting you in Support wasn't aware of this issue yet so they were trying some of the common fixes that often resolve similar problems when the cause is a common issue such as a software conflict or timing issue on system boot with the drivers/services. I suspect that it will be Microsoft who ends up having to resolve this issue as it was a change in their latest Insider Preview build that caused this and given their track record recently with these updates I have no doubt that they broke something yet again. That said, the Malwarebytes team is working on this trying to find a solution (even though they do not normally support any pre-release/beta builds at all, including Insider Preview builds) and many users have reported the problem to Microsoft so hopefully whatever the cause may be, it will be resolved soon.
  21. It's possible that this issue is being caused by caching in the system's DNS cache. You can either run a temp/history cleaning tool such as CCleaner or you can clear the cache manually. To do it manually you may follow the instructions on this page for your operating system (the instructions for Windows 8 and 10 should be identical). Once that's done, check to see if the block still comes up or not, but it shouldn't if my theory is correct. You can also try restarting your system to see if that eliminates it as well.
  22. You don't need to send it to an email address. In WeTransfer click on the ... circular button and select Send as link and it should provide a URL for you to copy/paste when it's done. Just post that link in your reply here on the forums.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.