exile360

Greetings, I'm sorry you're experiencing performance issues with Ransomware Protection but hopefully we can come up with a solution. Please start by excluding the program folder(s) for OBS and any other programs that are performing a large volume of I/O operations during streaming as this is likely why you're seeing the problem since Ransomware Protection watches in real-time for any ransomware activity on disk and in memory so anything with a lot of reading/writing to disk is going to spike up Ransomware Protection's resource usage. To do so, follow the instructions under the Exclude a File or Folder section of this support article, selecting the option to exclude the item from detection as ransomware. Do this for OBS and any other apps which are likely to be creating/modifying a lot of data on disk during your streaming operations and hopefully that will resolve the issue. Please let us know how it goes and if the issue is resolved or not. Thanks

Thank you for the compliments, I'm glad I could help I'm sure the forum guys could easily come up with a better/more condensed way of stating pretty much all of the info I provided (I tend to get kinda verbose in case you couldn't tell by the walls of text above ), but yes, if they find it useful to do so then they are certainly welcome to, whether by copying/pinning my posts directly or by paraphrasing them to convey any key information that they believe would be useful.

Yes, since you're still viewing third party websites (even though they're forwarded through a VPN), you'll still run across the same kinds of malvertisements, scams, ads and trackers among other things, that Malwarebytes Browser Guard would block. I use a lot of security for my connection, including both Malwarebytes Premium and Malwarebytes Browser Guard, and on top of all that I also use a large HOSTS file, uBlock Origin, HTTPS Everywhere and more because with so much financial motivation there's a lot of undesirable and hazardous content out there these days, so adding an additional layer like Malwarebytes Browser Guard to the mix is always a good idea, especially given its extended behavior based capabilities which I've found to be quite unique in the security landscape (in fact, I was the one who originally came up with the concept of behaviorally blocking tech support scam sites and the like which led to the original development of the browser extension which became Malwarebytes Browser Guard back when I was part of the Product Management team for Malwarebytes for this very reason because I saw the gap in this area left by other solutions and figured there must be some way to do it given the way these sites/threats behave).

I'm not sure what the image above shows as I cannot see it in my browser, however my perspective on why it cannot be integrated into Malwarebytes, at least not in such a way that it would no longer be a separate browser extension vs working the way the Web Protection component in Malwarebytes Premium is comes down to the fact that it must be an extension within the browser for many of its functions to work, particularly those which depend on analyzing website behavior for heuristically/behaviorally blocking things like persistent ad popups, tech support scam sites and several other categories of threats/undesirable websites. Website behavior cannot be analyzed outside the browser and the Web Protection component operates outside the browser plugged directly into the network stack via the WFP (Windows Filtering Platform) APIs (the same APIs/framework used by the built in Windows Firewall in modern Windows versions since Vista) and while it is great for blocking known bad sites through targeting blacklisted IPs, domains/URLs and even entire blocks of IP addresses, it cannot analyze the actual actions and contents of a website within any browser to determine if it might be malicious. Obviously they could include the extension as a part of the installer package for Malwarebytes Premium, however this would likely be problematic for some browsers which might require that the user manually install extensions by visiting the approved app store for the browser as a security measure (like Apple does and like both Microsoft and Google are likely to in the future). That said, perhaps they will advertise Malwarebytes Browser Guard in the user interface of Malwarebytes Premium somehow at some point to inform more users/customers of its existence so that they may visit the appropriate page for their browser and install it if they wish to, but that would be up to the Product and Marketing teams to decide if that would be a good option or not, though I wouldn't be opposed to it personally as I'm a big fan of the browser extension.

Thank you for the additional information. I'm sorry you're still experiencing this issue. Out of curiosity as it may help in diagnosing the issue, are you able to complete the scan in Safe Mode?

Excellent, thank you for the update

Greetings, No, it is a separate application/tool and adds additional protection on top of the Web Protection provided by Malwarebytes Premium and the two programs function very well together. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks

Greetings, Thank you for reporting this issue. Multiple users have reported this problem recently and the team is investigating the issue. Hopefully they will find a solution soon, but in the meantime you can try running a scan in Safe Mode to see if it is able to complete that way. Also, if you suspect that you may be infected you may try running ADWCleaner as well as Malwarebytes Anti-Rootkit and if signs of infection still persist you should read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and info by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any remaining threats. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks

The tray app should run on startup, launched by the service (the service is listed under services.msc and will not show up under normal startups; this is why you didn't see Malwarebytes listed in your startup apps; this is normal and expected). That said, if it wasn't starting up normally on its own then it is probably the result of having fast startup enabled; it's a feature in Windows 10 known to cause problems with Malwarebytes and many other applications. You can verify this by removing the extra startup you added to your system for Malwarebytes and then disabling fast startup. Instructions on how to do so can be found here as well as here. As for WinPatrol, I don't believe it monitors services or drivers which would explain why it wouldn't see Malwarebytes' startup entries. You can use a tool like MS Sysinternals Autoruns to see them along with most other startup locations, including many that aren't exposed in Windows' normal startup monitoring tools and which likely aren't listed in WinPatrol either.

Greetings, I'm sorry you're experiencing issues logging into the forums. Please try a different web browser as that usually corrects the issue. There are several options available including Chrome, Firefox, Edge (both the standard version and the new Chromium based Edge beta from Microsoft), SRWare Iron, Vivaldi, Opera and many others, many of which have portable versions which you can use without having to actually install them (you just download and extract the ZIP file for the portable build and run the browser from the location of the folder you extracted from the ZIP archive). Obviously this isn't the most convenient fix, however until the forum admins are able to determine what might be causing the issue and get it fixed it should at least allow you to log off and log back on again without having to reset your password assuming it works. I hope this helps, but please let us know if it does not. Thanks

The list of items to exclude from Bitdefender's real-time protection/antivirus component can be found in this support article, and for excluding Bitdefender from Malwarebytes, please refer to the instructions under the Exclude a File or Folder section of this support article (you'll want to exclude Bitdefender's folder(s) located under C:\Program Files and/or C:\Program Files (x86) as well as any Bitdefender data folder(s) located under C:\ProgramData). You might also try disabling fast startup as it has been known to occasionally cause issues with Malwarebytes and other programs. You'll find instructions on how to do so here as well as here. I hope this helps, but please let us know if you require further assistance or if the issue still persists after creating exclusions in the two programs for one another and disabling fast startup. Thanks

Thank you so much for helping us to track this down. I'll notify a member of the Support team immediately so that he may collect the logs for the Developers to analyze the data. @LiquidTension if you would, please take a look at the logs/data provided. Hopefully it will give the Developers some insight into what is causing these intermittent performance issues. Thanks

I don't *think* it would since an extension within the browser should be able to identify domains/IPs correctly based on the browser's own address bar etc., which should be transparent to things like VPNs and proxies etc. so if you are willing to use a Chromium based browser or Firefox and you install Malwarebytes Browser Guard you should be in pretty good shape, at least as far as web browsing is concerned (which is the primary use for Web Protection anyway, though there are a few additional corner cases that make Web Protection quite useful still). The new Chromium based Edge browser is one option, or you could go with something like SRWare Iron (which is what I use personally; the portable version of course), or Vivaldi among others. It is possible that I am wrong of course, and Kaspersky might just be messing with Web Protection in some other way. To know for certain, and to hopefully aid the Developers in finding a solution if it is possible, please open Malwarebytes and go to Settings>Application and enable the option for event log data, then restart your system, allow everything to start up, then try browsing to a site that should be blocked but isn't, then browse to one that should be blocked and is (one of the IP's you mentioned), then disable Web Protection, wait about 30 seconds, then enable it again and again wait about 30 seconds, then you can disable the event log data option in Malwarebytes (you don't want to leave it active as those logs can get pretty large pretty fast), then do the following: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks

Kaspersky is known to do some pretty strange/intense things with a system's network devices and connections and if one of those components is making it behave like a proxy resulting in the incorrect address/URL/domain being reported to the WFP filtering (the built in/native Windows APIs used for the Windows Firewall as well as the Web Protection component in Malwarebytes Premium) then that could easily cause failures in blocking any blacklisted address based on its domain name (rather than IP). I don't know if it is even possible to resolve it if my suspicion is correct, but if you disable any web filtering/traffic analysis components in Kaspersky and reboot and then Web Protection starts working normally then that would pretty much verify that this is indeed the cause of the issue. I'm not certain if the Developers can work around that or not, but my intuition based on my limited knowledge of the situation is that they probably cannot because it's basically the same as trying to block remote domains when all traffic is being routed through a VPN; it can't work because as far as any software on the system is concerned (such as the Web Protection component in Malwarebytes), the only remote server being connected to is the one belonging to the VPN provider, which in turn connects to the sites you are visiting in order to host their content to your system meaning the only web filtering that would work would have to be running on the VPN's servers. Anyone with additional knowledge may feel free to correct me if I'm way off, but having dealt with similar issues in the past with VPNs and the like, this is my suspicion.

They probably wouldn't publish a CMD based scanner for home use just to avoid cannibalizing their technician and business products.

Excellent, thanks for the update. If you would, please do the following so that the QA team can take a look at the data to try and hunt down the cause of the issue if you don't mind: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks

Yes, Chameleon has proven quite powerful in the past. It isn't in use with Malwarebytes today except for its self-protection driver, however I'm sure they would update it for the current version of Malwarebytes if the bad guys start trying to block Malwarebytes again the way they used to. Agreed, I try to avoid a format if possible, if only because I hate to lose. Unfortunately sometimes it is the only option, but only as a last resort.

Greetings, While I don't have a definite answer, I would speculate that it is likely stored in a data location used for all users since it is technically being executed by a system level service, so it is probably somewhere under C:\ProgramData or a similar location. I hope this helps, otherwise I'm sure a member of the staff will be able to provide a definitive answer.

Excellent, I'm glad you were able to find a solution. Please don't hesitate to let us know if there is anything else we can help with.

Greetings, So far an offline scan function hasn't been needed, especially with the self-protection and anti-rootkit components, however if such a function is required I am sure they will provide one.

Greetings, It looks like there is a problem with the quarantine process causing it to loop and fail. Please try restarting your computer, then scan again and see if any remaining threats are detected, and if so, have Malwarebytes quarantine them and hopefully this time it will work correctly assuming any threats remain. If the issue occurs again, then please restart your system once more and try running ADWCleaner and have it scan your system and allow it to remove anything it detects, restarting your system if prompted to do so to complete the removal process. Once that is done try one more scan with Malwarebytes and hopefully it will come back clean. If it doesn't and the problem with quarantine getting stuck still persists then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any remaining threats. Please let us know how it goes and if there is anything else we might assist you with. Thanks

No, it shouldn't have any impact on any third party software/AVs, only the built in Windows Defender because Microsoft made their AV to work this way.

Greetings, Unfortunately this feature is not available at this time, however I do know that the possibility of custom user created block lists for Web Protection have been discussed in the past but I don't know if anything ever came of it or if they intend to ever implement it. In the meantime if you use any sort of firewall solution that allows importing custom block lists then that would be the way to go, or perhaps using a custom HOSTS file on your endpoints to block access to custom sites.

If you trust it then just have Malwarebytes ignore it by adding to exclusions. No point in removing detection for something known to bundle adware.

Yeah, I always disable the power saving functions for all devices on my systems. That's something I've always done going all the way back to the XP days because I don't like the idea of any of my hardware going to 'sleep' and being unavailable/non-functional (USB devices, network devices, disk drives/HDDs etc.).