Jump to content

DougCuk

Honorary Members
  • Posts

    58
  • Joined

  • Last visited

Everything posted by DougCuk

  1. False positive for file C:\Windows\System32\drivers\networx.sys This is part of the NetWorx Internet Bandwidth monitoring utility Its purpose is to monitor all network traffic and display transfer speeds and log the amount of data transferred. The detected file is an old freeware version not the current release and has been in use for the last 5 years without triggering Virus or Malware warnings. Malwarebytes v4.3.0 Free using detection update dated May 9th 2021 Malware.AI.1892063303, C:\Windows\System32\drivers\networx.sys, No Action By User, 1000000, 0, 0.0.0, 953F5BC3510BBFA670C69847, dds, , CF29EDDACF75576AB82A683554AA4DD2, 50482EFCD2EC96D016E0C09753093BAB8F3A408D5D2B2477112217AAF1A6AB35 Virustotal scan shows 5 vendors out of 60 show as suspect https://www.virustotal.com/gui/file/50482efcd2ec96d016e0c09753093bab8f3a408d5d2b2477112217aaf1a6ab35/details networx.zip Mbam_v4_Scan.txt
  2. Have added Instagram to the "Allow List" - but Browser Guard is still triggering a Phishing warning. With the Allow List entry added you can open the Instagram.com front page or a specific user account OK. But as soon as you attempt to open any posts/image you again get hit with a Phishing warning screen - which you can over-ride (by clicking the "I want to continue to this site anyway" link - but you have to do this every time. There appears to be no way to make this choice permanent.
  3. I have now traced the problem to an interaction with another security application that I was trialing - that application is the Free version of "0patch Agent" ( www.0patch.com ). Either program running by itself works fine - but when both are running the problem with Winword.exe surfaces. Both applications are attempting to protect Winword in different ways - and also 0patch lists MBAE as something it is capable of protecting - although I am unclear if it is actively "patching" MBAE in the free version. Disabling the protection for Winword.exe inside 0patch doesn't seem to eliminate the problem - but disabling the shield for Winword.exe in MBAE does resolve the issue. One additional observation is that the problem does not appear to affect Excel 2003 (XLS files) only Word 2003. I will evaluate whether I wish to continue using 0patch as it is obviously capable of causing weird problems running alongside other protection software - and there may well be other hidden problems that might arise. Constructing a layered security software setup is not always easy and strange interactions and instabilities are to be expected from time to time. Just to complete the basic info I am running Office 2003 Pro inside Win7 x64 (fully updated) with Malwarebytes v2.2.1 Pro and Avast Free Antivirus v20.2 I consider this issue "resolved" at this time.
  4. I am experiencing a problem with build 164 that affects MS Word 2003. With MBAE running and with Winword.exe shielded there is a problem with double clicking DOC files to open them in Word. Most often the first DOC file will open in Word - but thereafter attempting to open any other DOC file just hangs - and Word doesn't open - although Task Manager shows Winword.exe is actually running as a process, but no window is visible. These failed attempts to open DOC files just create additional Winword processes - but with no visible windows. After a long delay an error window appears with the wording "There was a problem sending the command to the program." - the window title just shows the full path to the DOC file - and Task Manager shows the error is coming from Explorer.exe. Starting Word directly via its shortcut is not affected (once any non-functional Winword processes have been closed in Task Manager) and DOC files can be selected and opened from within Word even when the shield is active. Disabling the Winword.exe shield in MBAE rectifies the problem.
  5. I had to resort to uninstall and reinstall to regain the Allow List editing icons. Unfortunately this particular case doesn't allow you to use the sliders to reverse the Allow List addition. This is because the entry is the actual download link - which doesn't display a web-page, it just triggers the download. Also for this download you can't complete the download without ticking the box to add to Allow List. Unless you tick the box to add the Allow List entry you get stuck in a loop - with two repeating warnings - the first one for the full download link itself - and if you override that you get the second warning for the domain url (s3.amazonaws.com). The only way out is to tick the box to add to the Allow List. One plus is that if you tick the box on the second warning (domain url) then the entry in the Allow List is a normal length and the editing icons display as normal. You can test this by using the PC & Mac Download button on this page https://www.amazon.co.uk/kindle-dbs/fd/kcp The s3.amazonaws.com domain needs white-listing.
  6. I have just encountered the same issue. I tried to download the Amazon Kindle reader for PC and Browser Guard blocked the download as suspicious - so ticked the box to over-ride and it added the whole download URL string including the filename - http…amazonaws.com/kindleforpc/55076/kindleforpc-installer-1.26.55076.exe As noted the GUI doesn't cope with such a long entry and you can no longer see either of the two delete options (Remove All or the Trashcan icon)
  7. Thanks for the whitelisting. But it would still be helpful to know what specifically was triggering the warning. I hand code the whole site and would like to understand what to avoid in any future projects.
  8. Stargateuk.info website is blocked as a Malware/Scams risk This is my own simple website - all hand coded - with no fancy features. I am at a loss to understand why it is triggering this warning I get the message "Website blocked due to possible suspicious activity" I have to disable the Malware/Scams protection to gain access The Malwarebytes main program (v2 & v3) have no issue with the site Virus Total shows no problems either: https://www.virustotal.com/#/url/fb6769f68b6840b5c1bdb4186d9a6889e794b6d6b870b001d16cbb9a07e0e609/detection Would be helpful to know what specifically is triggering the warning This is a new economy hosting plan from Godaddy With simple hand coded HTML pages There are no scripts, counters, trackers or other apps running
  9. Agree - there are big problems with Chrome v67 and v68 Opening links in a new tab gives blank page (endless loading), attempting to add extensions freezes during "Checking", attempting to open internal chrome pages freezes with blank page (eg Extensions, Settings) and chrome.exe modules remain resident after closing program - preventing a reload. Reverting to build 90 solves all issues.
  10. I have now had this problem on two different occasions several months apart - on two different Win7x64 computers. When the problem manifests the symptoms are: The Notification Area icon disappears and manually running the mbae.exe results in no GUI window Protected programs no longer trigger a confirmation popup and mbae-test.exe shows protection non-functional Restarting Windows makes no difference (this usually fixes one of cases of MBAE not working) The odd thing is there are no error messages and nothing is recorded in the Windows Event Logs. The MBAE service is started (and responds stop/start commands) and the Task Manager shows the three normal MBAE exe files are running A simple uninstall and reinstall does NOT fix the problem On both occasions the fix was: To run uninstall and then manually delete the "C:\ProgramData\Malwarebytes Anti-Exploit" folder - which the uninstall had left behind - and then run the installer to reinstall the program. A reboot was not required. I am wondering if a corruption of one or more of the files in the "C:\ProgramData\Malwarebytes Anti-Exploit" folder is behind this problem - as this folder and its content survives a normal uninstall - and deleting this folder has allowed a successful reinstall on two different computers that suffered this problem. I had been setting the config option "Log Protection Events" which I think writes to that folder - maybe when that log gets too big it causes a problem?
  11. Not sure if this issue has been resolved - but I also had similar symptoms and error messages on a Win7x64 system running MBAE build 43. I experienced MBAE loading but not working - the MBAE driver Failing to load with the error message quoted above - and the Notification Area icon failing to appear. I just posted about the issue & fix on another thread here: Issues with Win7 & Google Chrome The fix for me was to install MBAE build 57 - despite no related issues being listed as fixed - and all is now working fine.
  12. I too can confirm that installing build 57 has solved all my issues - MBAE is now working perfectly once again. I was also suffering the same "Unknown Software Exception" error - with Win7x64 using MBAE build 43 - on 2 almost identical Win7 desktop computers. The issue appeared to start after the Feb 2018 Cumulative Rollup (KB4074598) - and/or the update to Google Chrome v65...181 (x64) from v64. Initially MBAE (build 43) appeared to recover after dismissing the error - but for unknown reasons the problem then progressed over the next few days to a situation where MBAE was loading into memory but failing to trigger when a protected app was started. Then the GUI stopped working - none of the shortcuts (desktop or notification area) worked and even running the EXE direct would not open a MBAE program window. Finally even the notification area icon stopped loading. Alongside this I also began to experience Google Chrome crashes - which stopped when I uninstalled MBAE build 43. I tried uninstalling and then reinstalling MBAE build 43, and build 40, but neither worked and I also tried a full uninstall and removal of all MBAE registry entries - but never succeeded in getting build 43 to work again. However installing build 57 over the top of the non functioning build 43 has solved all the issues - everything is now working fine. I didn't try build 48 as the change log didn't appear to list any fix for this problem - but maybe that would also have worked. Setup: Win7x64 Home Premium, Intel Core i5 3570 (3.4Ghz Quad Core) - Ivy Bridge Chipset - MBAM v2.21.1043 - Avast Free v18.2
  13. Just collected database update v2018.01.27.07 - which so far looks good I am still using MBAM Premium v2.2.1.1043 which was suffering the same problems as v3 I was seeing blocks on IP range 172.217.23.xxx plus many Facebook, Google and AdBlock-Plus URL's Disabling Web Protection was effective but not ideal - but latest database update appears to be OK
  14. I really do not know what you are seeing - if the following doesn't deal with your query please post more details or a screen shot. The menu runs down the left side of the screen - select the Scan "Tab" This has the same three options as previous versions of the program - Threat Scan, Custom Scan and Hyper Scan Hyper Scan is only available to users of the Premium or Trial modes
  15. I agree - the new "Database Version" numbering system is a pointless downgrade of the available information.
  16. And I had much the same concerns as yourself "WhatMeWorry" - which was why I authored the topic that 1PW suggested - which now has a MalwareBytes Staff reply from Celee So for those of us who "prefer to defer" the upgrade we have some more time before we are forced to jump.
  17. OK so to summarize that very comprehensive reply from Celee: 1. Database updates WILL continue after the June 8th ("End of Life") date for MBAM v1.75 and v2.2.1 - however there is no guarantee as to how long that will continue. 2. And MBv3 only shows the "Database Version" in the "About" tab - where it is titled "Update Package Version"
  18. Re question 2: I was looking for a "Database Version" item - I had assumed the two "Package Version" items referred to program modules not Database updates. Will look at this again on a live system - where I assume the Update Package Version should change multiple times a day if it is in fact the Database version number. Re question 1: The "End of Life" date in the linked Lifecycle page is shown as the 8th June 2017 for BOTH v1.75 and v2.2.1 (and v3.0.4) - so the implication would be that all these versions cease to get updates as of that date (the "End of Maintenance" date shows as December 2016 for all three). I assumed this was a heavy handed way of forcing everyone onto v3.1 - which is fine if that version is stable and de-bugged for all OS platforms and security package combinations. But could be a problem for those of us still using older OS's and/or combining Malwarebytes v3 with less popular security packages. MBAM v2.2.1 works well on older slower systems and plays happily with most other security packages - I am yet to be convinced about installing v3.1 onto these types of systems - so the June 2017 date is a concern.
  19. I have multiple Malwarebytes (Anti-Malware) licences - but I have been holding off on allowing the upgrade from v2 to v3 - basically waiting for the v3 product to become fully debugged and stable before swapping over. I have two questions: 1. The Home Products Lifecycle page https://www.malwarebytes.com/support/lifecycle/ appears to indicate that support for MBAM v2 will cease on the 8-June-2017. Does this mean that all database updates will cease for installed copies of MBAM v2.2.1 - as from that date? 2. I have run a few tests installs of the v3.1 product - and one thing I can't seem to find is any display of the currently installed database version number/date - it just displays "Current". In MBAM v2 the database version info was shown on the tooltip popup from the notification area icon and in the Dashboard display. Where is this info now shown? When there is an issue with a false positive or bugged database update it was always possible in the past to state the database version you were using when reporting the problem - not sure how you would do this for v3.1 - where is this information now?
  20. Latest database 2017.5.5.1 detects Unchecky.exe Utility is an adware install blocker from www.unchecky.com Virustotal report https://www.virustotal.com/en/file/9087d96d56527d3e310420cde70ca23b6e3fbf4683882b8dcf29af174218df71/analysis/1493966153/ unchecky.zip Unchecky_detection.txt
  21. Checking the Protection Log in MBAM on my system this issue started immediately after an IP Database update from v2017.3.2.1 to v2017.3.2.2
  22. The problem with the MBAM Scheduler not working during the bootup sequence is system dependent. Which is why it was so difficult to replicate and identify the fault. I have been investigating this problem in conjunction with a Malwarebytes staff member and we established that most faster computers and virtual machines seem to work ok. However many slower (older) systems and those using wireless internet connections do often fail to complete a "recover if missed by" update task during system startup. There are two reasons for this failure of the update task: 1. The MBAM Scheduler is attempting to run the update task too early in the boot sequence On slower systems the Windows networking services have not finished loading and initialising The failure is invisible to the user with no error message - but the attempt is recorded in the MBAM Scheduler config file and can be seen using the mbam-check utility. This is compounded by the fact that the scheduler (at present) is only running the update task once - admittedly it does make multiple attempts over a second or two to find a working server - but it then gives up and waits for the next scheduled update event. 2. The second problem is caused by the MBAM Scheduler running before the internet connection has re-connected to the router - this again is a system dependent problem - and can also vary from startup to startup. Encrypted wireless connections being the slowest to re-connect. The suggested file by Exile360 (MBAM Product Manager) is to have the MBAM Scheduler retry the failed attempt after a few minutes. This will not affect those fast systems that already work correctly - and it should eliminate the problem for the slower systems. ------------------------------------------------- I never had a problem with the "recover if missed by" option in MBAM v1.75 - it just worked - and the reason for that is it waited long enough for the system to boot and the internet connection to re-connect. Once the proposed scheduler fix is made the "recover if missed by" option should then work as it did in MBAM v1.75 As for the "correct" use of the "recover if missed by" option: My understanding is that if you set the repeat frequency and the "recover if missed by" to the same value that should give full catch-up cover, with no gaps. Thus setting a 6 hour repeat frequency - with "recover if missed by" also set to 6 hours (once the scheduler is fixed) should cause MBAM to update at boot and repeat every 6 hours. Setting the "recover if missed by" to a higher value than the repeat frequency should do no harm but provides no extra cover. Setting the "recover if missed by" to a lower value leaves gaps in the schedule - which means the system will not always update at startup - but may wait until the next scheduled update. Once the scheduler is fixed the popup warnings about databases being out of date should be largely eliminated - in the mean time change the setting in the "Update Settings" panel if it is bothering you.
  23. Many, many thanks Samuel !! Automatically re-attempt the update task after a few minutes should solve both the issues I described: 1. My original finding that the MBAM Scheduler tries to run the "recover if missed by" before Windows services have fully loaded 2. The MBAM Scheduler attempts to run before the WiFi connection has re-established a link to the router - when waking from sleep. I know how tricky it can be to re-create all the tweaks and tricks of a previous software version when writing a new version - it's easy to miss a few - but extremely frustrating for the users who were used to the previous honed and bullet proof version.
  24. The results I posted above hold true for a cold start - where the Delayed Start option has an effect. However when resuming from sleep/hibernation the results are not so good: - all the services are already loaded and just wake up without going through the boot sequence - the scheduler triggers immediately it wakes and runs the "recover if missed by" update task - but wifi internet connections normally take a number of seconds to re-established - so the update can fail I suspect that a wired internet connection may re-establish faster and thus allow the update attempt. Changing the MBAM Scheduler service to Automatic - Delayed Start can be effective during cold starts However the task must be delayed for much longer - as it was in MBAM v1.75 - to stand a chance of running in all startup situations.
  25. Apologies KenW - I was just a little cranky last night - having spent many hours tracking down this bug. Your offer to test my suggestion will be very helpful. Also there is of course one further scheduled update task that attempts to run as Windows starts (which I overlooked) - and that is if you select the Schedule Frequency option "On Reboot" - which I tried once but it failed to work. Now for the **** UPDATE ****On my Win7 laptop- 100% success rate - three successful "recover if missed by" updates performed. I also tried the same Delayed Start mod on another Win7 laptop I have on loan- and observed one "recover if missed by" failure and one success. The failure was due to a delay in the Wireless LAN configuration completing- so no valid network connection was active by the time the scheduler triggered.A longer delay - before running the scheduled task - would have avoided this failure. This problem was actually mentioned earlier in this thread (post #16 - see the link below)- by a MBAM Staff member Exile360 (Samuel Lindsey - Product Manager) https://forums.malwarebytes.org/index.php?/topic/151214-mbam-is-not-performing-database-update-at-power-on-after-being-off-overnight/#entry846509- he suggested using a utility called Startup Delayer to delay the MBAM Scheduler service startup by 2 minutes or more.- this was to allow time for the internet connection to activate - he was on the right track, and his solution would have worked - such a long delay is not always required but in some cases may avoid a failed update attempt. The scheduler in MBAM v1.75 had a much longer delay before the "recover if missed by" task triggered - and always seemed to activate after the internet connection had fully established. So it appears that:As a "quick and dirty solution" changing the MBAM Scheduler service to Automatic Delayed Start will in most cases allow the scheduled task to complete.But a more full-proof solution will need a code change in the way the scheduler triggers after the computer starts.The Delayed Start utility could also be used if you find it necessary - while we wait for the scheduler to be fixed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.