Jump to content

Core

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Chrome, phishing heuristic catch. We've recreated the site twice; both times, it's triggering. We are not phishing.
  2. I can confirm. MBAM staff are aware. Web Protection disabled only = Still had issue Web Protection and Ransomware disabled = No issue since. It's been 2 days now.
  3. SO FAR.. disabling "Web Protection" alone didn't work. Disabling Web Protection and Ransomware Protection has not caused a lockup since my previous post. Keeping an eye on it for now. That's the best i can offer short of total removal of MBAM.
  4. For sure, my main point being from the original bunch was that replicating it SHOULD be the hardest part. As long as you have access to the source code and the ability to repeat tests on various components while tracing code, it usually goes pretty fast from that point. So total agreement. It can, and may be, really difficult to replicate if they can replicate it AT ALL. I prefer to use my QA guys to find the issues in the first place. When they do find an issue the hope is they can replicate it. Issues that arrive from a 3rd party I try to rely on "mimicking" the environment/setup as much as possible. We mostly work with web thankfully. Back in the day having a VM of every known OS just to replicate issues for debugging was a pain.
  5. It's midnight. When i submitted all the logs (private message) i stated I was more or less irritated at the "it's really hard". Assuming everything is "really hard" usually doesn't help. I wish you all the best of luck in tracking it down. If there's anything else i can do to help. Let me know.
  6. That previous post was supposed to say "off" i'm turning Ransomware protection off. I honestly don't know if it will help. It seems EVERY time the MBAMCore is done updating, it loads the MBAMCore.dll, then when it goes to initialize everything freezes. Can't say for sure if it's the InitalizeInternal or the Initialize.. it depends on how they're writing their debug output. Either way, this isn't much of a "needle in a haystack". Speaking as a programmer with 2 decades of experience. Find a win7 machine. Install MBAM Trigger an automatic update. (don't tell me you can't pump out internal "junk" updates at a rapid clip to test the automatic update functions) Does? The system Freeze? Yes: Great! No: Try multiple machines with various versions of Win 7, Win 10. Have browser windows open. Leave the systems on. Keep going until you can get one of them to trigger a freeze. Once you can reproduce the freeze on demand, that's half the battle. From here it SHOULD be much easier. You can replicate it on command. Depending on what you're using to compile, get a test system that you can use to run and replicate the issue. Debuggers are fantastic. If you can replicate it with uncompiled code, you can step through it. Start stepping. I'd assume you guys are familiar enough with the code that you can find and start stepping from the "MBAMShimImp1::FinishUpdate" debug output line. Jam that step key like there is no tomorrow. As soon as it stops stepping and starts hanging, check out where you're at. Yeah, this is likely an external thing being initialized but HEY let's make sure you're looking in the right place to start with. If MBAMShimImp1::InitializeInternal really is where it's hanging, then hook MBAMCore and find out what the hell is slowing it down. It would obviously be during "start up" of it. This might sound complex, but it shouldn't be that hard for even a small team. A 1 man team this might take some time to replicate and get rolling. Obviously if they just can't replicate it no matter what then this is all moot. It took me a while to bother reporting it. Then because it was a freeze with no reporting, the crashes provided no info, I only caught on while watching CPU usage during a freeze (perfmon doesn't freeze for me). I've got.. 8 drives connected. 2x spin disk. 4x SSD via SATA. 2 M.2's one in a PCI-E socket with adapter, the other in an NVME slot and an 8TB WD drive attached via USB. (OS is on an SSD) That and 128GB of RAM. 3 monitors, 2 graphics cards. I can't think of how else my system could be "unique".
  7. Web protection off.. it happened again. Turning Ransomware protection per previous post. Seeing if that helps. 12/20/18 " 23:58:52.564" 137267385 0a60 0f00 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "mbamshimimpl.cpp" 131 "MBAMCore finishing update" 12/20/18 " 23:58:52.694" 137267510 0a60 0f00 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/20/18 " 23:59:50.369" 137325184 0a60 0f00 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
  8. Decided to post a few more: 12/16/18 " 04:38:21.239" 282051398 0ab0 2a04 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/16/18 " 04:39:19.089" 282109244 0ab0 2a04 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=-<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>." ---------------------------------------------- 12/16/18 " 06:26:19.039" 288529199 0ab0 0f70 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/16/18 " 06:27:16.637" 288586795 0ab0 0f70 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>." ---------------------------------------------- 12/16/18 " 16:26:19.260" 324529410 0ab0 0f70 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/16/18 " 16:27:16.100" 324586257 0ab0 0f70 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>." ----------------------------------------------- 12/17/18 " 02:26:18.918" 360529074 0ab0 0f70 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/17/18 " 02:27:16.873" 360587028 0ab0 0f70 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>." You get the point. Whatever is happening here is taking 50-60 seconds and locking up everything else.
  9. Signed up to just post here. Having this issue. It's always right here every time: 12/19/18 " 23:58:53.112" 50867932 0a60 0f00 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>." 12/19/18 " 23:59:46.746" 50921565 0a60 0f00 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>." It's always almost 60 seconds. The system updates like every 3 hours. Every 3 hours it's a hard freeze. I know it's MBAM as the service uses no CPU then it kicks up to 8% during the freeze for MBAM every time. Once i got to the logs, i found this for the exact duration each time it occurs. Once it never resolved and forced a hard reboot. Win7 Ultimate x64.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.