Jump to content


  • Content Count

  • Joined

  • Last visited

About Pluto

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You have made "Architecture" look for a value "ig.exe" which will never be true, hence a blank report. "Architecture" can only ever be 32-bit or 64-bit. To examine the doings of "ig.exe" you need to set "Process Name" "is" "ig.exe". You can leave "Architecture" untouched unless the MB folks have asked you otherwise.
  2. Muchas gracias. I trust the observations and reports were of use. Is it apparent to the backroom what was going on here?
  3. All I have to do to get things working normally is to place a "ransomware only" exclusion for Adobe Audition.exe, as I stated five days ago in post #5
  4. Oh, and if possible, use the 64bit version (both are contained in the package). It is reasonable to assume that the x64 version is somewhat more resilient than its 32bit sibling.
  5. I can only speak for myself: obviously the opinion of the Malwarebytes staff may be different. The problem with Process Monitor is that, eventually, it has the potential to consume all your system resources! Okay not really, because it has certain safeguards built in but I'm sure you get the idea. By default, it records the actions performed by most processes running on the system, principally file system operations and registry activity. It does have a sophisticated filtering system to enable the user to limit the amount of data collected but with this, obviously, comes the potential to miss something that might be relevant. You can leave it running, silently collecting data, but it would be sensible to open the user interface every hour or so and clear the buffer if there have been no significant events. If you were to allow Process Monitor to run ad infinitum without hindrance, assuming it caused you no operational problems, you would end up creating a data file impossibly large to interpret. If you are running Process Monitor and an event of significance happens note the time because Process Monitor logs every event against system time and this is how you separate the needle from the haystack in this case.
  6. OK -- I have done as requested and will be sending the files to your private MBX. Please note the following with regard to the Process Monitor logs which, I hope, will make things easier: in the interests of keeping the file size manageable, I have restricted the capture, on this occasion, to the Audition process and the MBAM service. There are two Process Monitor logs, one captured with MB anti-ransomware ON, the other with it OFF and you will see they are very different. At no point were any changes made to the audio 'documents'. To assist you, please note the following event times: with Anti-Ransomware ON -- file open operation commences 13:09:00 and took a few minutes GAP file close operation commences 13:12:00 and took a few minutes with Anti-Ransomware OFF -- file open operation commences 13:28:00 and took a few seconds GAP file close operation commences 13:29 and took a few seconds Observe, if you will, the number of Process Monitor entries connected to the creation (and eventual destruction) of file Audition13BlockRecovery which, although a normal part of the way Audition seems to do things, is not in one of the usual places to build what appears to be a temporary file of some kind. Could you be mistaking this for possible ransomware-like behaviour? Happy hunting!
  7. Thanks, @AdvancedSetup for your advice. The reason Anti-Ransomware would not install was because of the firewall (your firewall incidentally, which I think is superb). I usually don't allow installer programs access; my bad in this instance. Running the installer a second time got it moving. That's the good news. The not so good is that MB Anti-Ransomware has exactly the same deleterious effect on Audition's file loading as the anti-ransomware module within MB Premium. I cross-checked at least a dozen times and can state with confidence that either exclusion of Audition's main executable (within the exclusions area of the interface) or disabling the Anti-Ransomware software returns Audition's performance to normal. Good luck in the pursuit.
  8. @AdvancedSetup -- logs sent as requested by PM
  9. Yup, arw-setup-consumer- having first completely uninstalled Premium. "Your license failed to activate". Get Details goes here, start protection does nothing. I think this beta still has some way to go 🥺
  10. So far, I cannot get past the opening screen of the AR product as I do not have a valid license. The blue text "start protection" implies a link (the cursor changes) but nothing happens. I await.
  11. Do I need to truly do a full uninstall or will a full switch off suffice? So far I have down the latter and there appears to be nothing left of Malwarebytes in the works and the service is stopped.
  12. I shall go ahead and try this, first of all on a virtual machine so I don't loose all my settings within Malwarebytes Premium. Is there a way of storing all my Malwarebytes Premium settings to easily restore them later?
  13. Thanks. The reason I am posting this here in the beta test department is that at the time I last used Audition, several weeks ago, I was on the release issue of Malwarebytes and all was well with Audition. I went over the beta build when discussion of the slow DNS problem arose (which I have experienced) and now have this issue with Audition. Taken together, these two facts imply that the problem which slows the loading of files in Audition is something that has happened recently, hence my posting here in the beta test area.
  14. Audition does appear to do an awful lot of writing to a file called… \Users\*********\AppData\Roaming\Adobe\Audition\13.0\d0bee765-f847-45fc-9253-6bd98732a5a9changes every run\Audition13BlockRecovery which ends up as several MB when the file load is completed and is deleted as and when the file is unloaded. Observing this happening under Process Monitor, it suggests that Malwarebytes is taking its time to scrutineer this file.
  15. @Porthos – yes, excluding the main executable from detection as ransomware only does fix the problem. Just to dive a bit further down that rabbit hole: when you exclude a particular executable, does that also exclude DLLs. etc. subsequently called by that executable? I would assume not, as to do so strikes me as a vulnerability! @LiquidTension – in the light of the above, do you still need logs? As I explained earlier, there are no positive or false positive aspects to the process so I doubt the logs will show anything other than a slow scan! The problem seems consistent regardless of the audio file format being loaded. Performing a simple file manager scan of the files goes through like a shot. For the sake of absolute accuracy, Audition actually loads the files as it ought – it's the subsequent process of scanning the files for the creation of waveforms that takes about 15× longer than expected.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.