Telos

I'd suspect FP. Upload it to VirusTotal.

Did you check the scan recovery feature under "Advanced"? It is supposed to trigger the scan when the scheduled time is missed. For example, my scheduled scan is for 2 AM. But often my system is down at that time. Recovery ensures that the scan runs when the system comes back up. At least that's the way it's supposed to work, I don't see MBAM in Windows' Task Scheduler so I presume it is managed on its own. @RetiredChief... Selecting the scan does not activate it, Selection checkbox is for Edit/Delete.

F-Secure user here... Just enter the Malwarebytes folder as a "virus protection" exclusion. No need to delay MBAM. v3.0.5, Win8.1-64

You should contact support https://www.malwarebytes.com/support/ Before you do, if you are using version 3 you need to enter both your ID and License numbers you received with your lifetime license.

Is this the first time you've run the scan? If so, I'd suggest a reboot and try again. My first scan went nowhere. Unless you have an exceptionally large drive and/or an exceptionally slow computer, one hour should be more than enough for the standard Threat Scan.

Particularly if you opt for the free version (it's quite good).

The current release is 3.0.5. Check the top bar of the program to determine what version you have.

Glad to know that worked for you. I got the 3.0.5 upgrade notice a day or so ago, and let the program do its thing. The upgrade seemed to go smooth. I still have some known problems, but overall I'm OK.

FWIW, when Keepass is open I can toggle off, but not on without crashing Keepass and getting an MBAM notification. But if Keepass is closed, all toggling is fine. [Win8.1-64]

Just speaking from my own experience. I received tray notification that 3.0.5 was available and clicked the notification (with some apprehension) and the upgrade went smoothly. Since there's no clean removal tool for v3, you don't have many options apart from Revo Uninstaller and its thoroughness on v3 is untested.AFAIK. I realize my install is less problematic than others, but it's certainly not issue free. Hang in there.

@ultra07... Did you upgrade over v2? When I did that I had leftover v2 remnants and got notifications from both versions. I used the v2 clean uninstall tool, rebooted, ran CCleaner registry to check for leftovers, and the went to file manager to delete anything MBAM under "/ProgramData/", "/Program Files/" and "/Program Files (x86)/". Then following another reboot I installed v3. Be sure to deactivate any license before doing this. I forgot that, so I'm sure I'm on the edge of my registration count.

@Alpengreis... I followed your screenshot settings, rebooted and all is well without having to drop DeepGuard into compatibility mode. Very helpful. Thank you. It's hard to find users familiar with F-Secure. @Ried... With Alpengreis' solution, I can let MBAM start without delay. That sounds like the best outcome. Since MBAM is an alternative to AV protection, excluding it from F-Secure scans seems to have little risk.

I'd reboot and then install 3.0.5 on top of your 3.0.4 installation. 3.0.5 isn't perfect but some 3.0.4 issues have been resolved. Maybe yours.

I don't have a "Realtime Exclusion list" on my version (non-business), and there is no obvious way to add exclusions unless DeepGuard fully blocks them. I'm not sure why DeepGuard affects MBAM without popping up a notification. But I did find a way to run DeepGuard w/o conflict. On my F-Secure installation, there is a DeepGuard option to "Use the compatibility mode (lowers security)". When I checked that, and restarted MBAM service I was able to launch MBAM without the "unable to connect the service" warning. This is better than completely disabling DeepGuard, but I'm not sure how compatibility mode works. I guess I'll prowl around F-Secure to see what that's all about. Thanks for the links... they got me to dig a little deeper.

Reported here: I only have issues with one PUP exclusion. The other exclusions for Auslogics and Wise are always ignored.

In v3.... Settings/My Account... Deactivate license.

KeePass adds fine here [v3.0.5, Win8.1-64]

I believe this is on the debug list. Neither Edit nor Delete buttons are functional at v3.0.5

I had to disable DeepGuard as there is no way to add new exclusions to DeepGuard. I reported this separately to Malwarebytes and to F-Secure. I suggest you also report false positive to F-Secure so that they will update their DeepGuard database.

To follow-up... I removed the misbehaving Exclusion entry, rescanned, and re-entered it as "Ignore Always". After confirming it made it to the exclusion list, I rescanned again, and again it was NOT IGNORED. Maybe this is path related, or path length related?

On first scan I had PUP entries that I marked "Ignore Always". After doing so, they all appeared under the Exclusions tab. On subsequent scans one of these entries appears at the end of every scan. The others are ignored as intended.

FWIW I'm not seeing this problem w/PP2013.

I read elsewhere that someone using Privazer saw a similar effect. To see if you are affected, you'll need to give yourself rights to the hidden System Volume Information file located directly under C:\. If you see bracketed file names like those in my post above, and their modified date corresponds to recent vss program activity, then your are affected. If no bracketed file names appear, then you have no worries.

That worked ONLY the first time I tried it. A day later when I had left Ransomware active I got another vss remnant after imaging. So I attempted to delete it by taking another image w/Ransomware inactive... that failed, even with MBAM exited. I then had to disable system protection (toggle off/toggle on) to clear the leftover vss remnants. So now I get these leftovers with each drive image run (one for each drive partition) regardless of Ransomware's on/off setting.

I added a "custom" ant-exploit entry and then discovered that the Edit & Delete functions under Settings/Protection/Manage Protected Applications are non-functional (grayed-out). Even the custom application I added may not be deleted. I also observed that cycling the Exploit Protection button on-off-on causes the application entries under Manage Protected Applications to duplicate (see graphic) with each cycle. Apparently, this is corrected by cycling MBAM off and back on.