daledoc1
-
Posts
22,820 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by daledoc1
-
-
I too run McAfee Enterprise, and the only way to make sure it runs something together is to have the delayed start.
Hi, Firefox:
It's me again!
I actually started this thread several days ago about MBAM and my other computer's ISS (McAfee).
Given that the WISE FW is blocking MBAM at startup on my Win7 laptop (see other thread, just started), I'm reluctant to upgrade on this other computer for the same reason. So, I am picking up this thread again....
FWIW, I this is NOT McAfee Enterprise -- it's OEM Consumer Security Suite (VirusScan 13, Security Center 9, Anti-Spam, Firewall, Parental Control) on my Dell desktop PC. MBAM Free 1.44 is working just fine.
From what you suggest, McAfee is going to misbehave with MBAM Pro at startup, as well, just like Webroot?
So, I will have to either:
1) Disable MBAM to run at Windows startup?
or
2) Install the reg tweak and hope that resolves the conflict?
or
3) Something else?
I'm impressed with your product and with the helpful folks here at the forum and at MB, so I'd like to add the protection module.
But since this is my main workhorse computer (and since it runs <!!!> Vista Ult SP2 32), I can't afford any hangups/conflicts/crashes/BSODs.
So, before I upgrade to MBAM Pro, I'd appreciate your recommendations.
Thanks!
daledoc1
-
Hi:
Just upgraded from MBAM 1.44 Free to Pro on my Win7 Pro 32 laptop running Webroot Internet Security Essentials (FW/AV) and it appears the FW is blocking MBAM at startup. System specs are in my signature below.
Details:
I had to uninstall/clean/reinstall MBAM Free 2 times last week to get it to work. I had to do some troubleshooting.
That eventually entailed disabling the WISE suite FW/AV during installation, manually checking to be sure the MBAM EXE files were allowed (WISE wouldn't let me exclude the DLL, SYS or REF files).
But after that, Free worked fine.
Today, I upgraded to Pro, but I probably erred b/c I did not disable the FW/AV during the activation of the protection module features.
Even though the MBAM EXE files are still listed as "allowed" in the FW and even though MB is still listed as a trusted publisher, MBAM hangs on startup if I set the protection module to run @ Windows startup.
The WISE firewall doesn't seem to be all that configurable for the end user in terms of adding the other MBAM files.
I talked to Webroot TS last week and got a guy who runs MBAM Free on his system with WISE. Like me, he had/has no problems with Free, but I suspect WISE FW isn't going to cooperate with MBAM loading at startup.
AFAIK, MBAM Pro is working OK, so long as I don't try to run it at startup.
So, I guess my options are:
1) Disable MBAM to run at startup and just start active protection as soon as the system has booted.
2) Get the registry tweak from you to delay MBAM startup (assuming that will fix the problem, even though I really hate the idea of a REGEDIT).
3) Uninstall/clean/reinstall MBAM Pro again, this time being sure the FW/AV are disabled during install (even though I'm not sure this will resolve the problem).
4) Something else???
Would sure appreciate your help!
(Everyone here has been super nice and super helpful, and the program is great, which is why I upgraded today!)
Thanks,
daledoc1
-
To upgrade to the full version, there is no need to uninstall the free one. The free one and the full version use the same installer file. All you do is like you said, open MBAM Free > Protection > Purchase and go from there.
You could also go to Malwarebytes Main Site and click on the Green Purchase Full Version button located on the left (down about the middle of the page). Once you receive your email with your purchase info enter your ID and Key and it will unlock the full version features.
Well, I guess I need to start a new thread -- getting firewall blockage on MBAM Pro on my W7 laptop (Free was working OK).
I set all the EXE exclusions, etc (they were already set from the Free install; I couldn't find the REF and SYS files in Firewall/AV, so I couldn't exclude them.
I tried manually resetting the EXE file exclusions, to no avail.
I'm going to try to disable the protection module at Windows startup for now and see if that helps.
FYI, the ISS is Webroot Internet Security Suite, not NIS.
Start a new thread?
daledoc1
-
My bad, there is a typo in there, the rules file for Vista and Windows 7 is located in:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
and as far as the mbam.sys maybe an expert or developer can help us on that one, I too can not find it from the Antivirus program to exclude it even though I am going to the C:\Windows\System32\drivers\mbam.sys, but if I use Windows Explorer I can find the file listed just fine in the same folder.
EDIT: maybe its something in the 64bit version of windows cause I see them ok in Windows 7 Pro 32bit.
Hi, Firefox:
OK, that works for the .REF file (at least on the Vista machine -- W7 machine is powered off at the moment).
I can find all the listed files (at least in Explorer, but I haven't tried from within the AV/Firewalls yet) on the VISTA machine, but could not find the "swissarmy" file on the W7 machine (again, just in Explorer, haven't tried from within AV/FW yet), even with hidden files/folders set to view.
Perhaps it's a different file path in Win7?
Stupid, stupid question:
I assume that, to upgrade, I can just open MBAM Free > Protection > Purchase and go from there?
IOW, I shouldn't go out to the website and purchase a full version "separately"?
Will I have to UNinstall Free, and then install Pro, or does paying for the full version merely activate features already installed in the Free version?
TIA,
daledoc1
-
Hello ManBearPig, and welcome to Malwarebytes....
First you will get the edit feature after your post count reaches 50.
Second, your antivirus will work with malwarebytes so long as you add the exclusions in the right locations as listed below. Also if you have any conflicts after doing these, the folks here will get you up and going.
Please exclude the following files from your antivirus:
Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well
For 32 bit versions Windows Vista or Windows 7:
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
- C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
- C:\Windows\System32\drivers\mbam.sys
- C:\Windows\System32\drivers\mbamswissarmy.sys
Please post back and let us know how it went.
Hi, Firefox:
Same question here.
Looking to upgrade to MBAM 1.44 Paid on both computers (specs below) (Vista 32 running McAfee and W7 32 running WISE).
Even with all the hidden files/folders (including the OS files) set to "view", I cannot find all the files you list: cannot locate the *.ref file on the Vista machine, and cannot find that one or the "swissarmy" file on the W7 machine (though I can find it on the Vista machine if I type the path into the search box from explorer).
My install of MBAM 1.44 Free was uneventful on both machines, but I realize there are some issues, esp with the ISSs and MBAM Pro running together at startup.
Any suggestions?
Thanks!
daledoc1
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-
No, there's no need to restore a SR snapshot.
All MBAM did was remove a single registry key, and once you've restored it from quarantine you'll be absolutely fine.
Bob/Tony/everyone:
All fixed here.
Restored the item on both computers, then updated to new defs and rescanned -- both computers clean.
Just checked and my "add/remove" screens are fine.
(I assume when you say "add/remove programs" screen you mean CP > "programs and features" (Vista) and CP > "programs" > "programs and features" (7)?
It's been so long since I've used XP, I don't recall what anything was called.
)Y'all are GREAT!!!!
Super fast and responsive.
I like the program a lot.
I like the MBAM Free so well and it seems to be running fine on both machines, I think I'll have to uograde to the paid version!
I'm running different ISSs (McAfee & WISE) and different OSs (Vista & 7) on the 2 systems, but, aside from perhaps either NOT configuring MBAM protection module to run at startup or tweaking it for delayed startup (which requires a reg edit?), I should be fine, right? (OK, I probably need to move this question to the other board.)
Thanks!!!
daledoc1
-
Please do, or you may end up with a blank Add and Remove Programs List...
Hi, Tony:
Thanks.
I restored it from quarantine on both computers.
(And I had created Windows RPs on both of them before the quarantine, just in case.)
As you can tell, although I'm reasonably OK with running computers, I really have NO CLUE about malware and nitty gritty details, such as registry keys and such. Kinda weird, b/c these 2 computers are running different Windows OSs...
So, should I consider this FP as "reported", or is there something else I need to do?
And is there a way to mark this permanently for "ignore", so that it won't turn up on every scan from now on, or should I assume it will be fixed on the next defs version?
Thanks!
daledoc1
-
Same here.
This looks to be a False Positive with a rather huge capital "F"
Hi, Tony:
See my reply above (clarifying what I meant to ask <LOL>).
So, having quarantined it, should I now "ignore it"?
Thanks,
daledoc1
-
OOPS!
What I meant to say, is "is this a real pest (IOW quarantine it), or is it a FP (IOW ignore it)?
AFAIK, I never installed this rogue product (and it did not turn up until installing today's def version). Moreover, the laptop is very new, so I find it oddly coincidental that this "infection" turned up on both machines. (Kinda makes me think it's a FP?)
Thanks for bearing with me, and would appreciate your advice,
daledoc1
-
Hi:
Query: Is this real or a FP?
Just installed MBAM < 1 week ago on both platforms.
Deep scans yesterday were both clean.
Quick scans today (after updating to today's defs (3591)) picked up the following on both computers (full log file is attached):
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (Rogue.ControlCenter) -> No action taken.
Should I remove it, or is this real?
(And sorry if I am posting on the wrong board with this -- I am new to your software and to your forum.)
TIA,
daledoc1
-
<snip>
Yes, you understood me correctly. I'm running both MBAM with active protection and McAfee antivirus with active protection. While you're right in thinking that you shouldn't run two antivirus programs simultaneously or two firewalls simultaneously, MBAM is neither an antivirus program nor a firewall. It's an anti-malware program that is specifically designed to work WITH these other programs and, especially, to supplement the antivirus program. So yes, you can run it in real-time along with McAfee. Of course, only the paid version of MBAM offers the real-time protection. That's the version I have.
"I see," said the blind (wo)man, as she picked up her hammer and saw!
Makes sense!
<snip>
Once you've got MBAM installed, you should update the definitions and run a scan. <snip>
Well, so far, so good.
Install went fine, GUI opened fine, updated fine, quick scan ran fine (clean) and so did deep scan (also clean).
So, it looks to be working fine.
I'll stick with "free" for a few days, to make sure it's all OK, and then I'll upgrade, at least on this machine.
(I have a sneaking suspicion that the Webroot ISE on my Win7 laptop may not be as friendly as McAfee has been, in terms of playing well with others. But, if I don't configure MBAM to "load at startup", then perhaps I can avoid any startup issues...)
Thanks for your help!
I really appreciate the hand-holding!
Daledoc1
-
Hi, daledoc1. Let me just say that I've been running McAfee Enterprise and MBAM Pro with real-time protection enabled for over a year, and all is going smoothly after I followed Malwarebytes' instructions about adding some items to McAfee's exclusions list and setting MBAM to start on a delayed startup (since I'm on WinXP, not on Vista). I've had no interference between McAfee's protection and MBAM's. Bear in mind that MBAM is set to supplement what an antivirus program does, to detect the kinds of malware that many antivirus programs miss.
Hi, whatme...:
That's good to hear.
Funny that XP is more problematic than Vista. (I was dragged kicking and screaming into buying this machine @ Xmas 2008 when my 8-year old XP PC finally needed the HDD wiped, and it wasn't worth it (slow, little RAM, no DVD drive), wanted to wait for W7. Overall, for my needs, Vista hasn't been all that bad, but it still stinks, compared to my new W7 Pro laptop.)
I *think* I can blunder my way through adding the exe files (and perhaps the sys & dll files) to the exclusions (I think -- have yet to attempt something like this with McAfee). (The ISS on my laptop -- Webroot ISE -- would only let me add MBAM's EXE files, not the DLL, SYS or REG files, but it seems to be working OK.)
But I'm not sure about the "delayed startup" thing -- if I understand you and DT500 correctly, I shouldn't need to do this with Vista?
Was that the REG file DT500 was referring to earlier, IOW, it's not a setting in the MBAM configuration, but rather some sort of programming change I'd have to implement?
And when you say "delayed startup", that would only apply if I configure MBAM to run at startup, so that it won't try to load at the same time McAfee is loading?
If I'm not running it at startup (regardless of the OS), then I shouldn't need the delayed startup?
And, just to be sure I understand, you run active protection with MBAM *and* active protection with McAfee simultaneously? (I understand the thing about MBAM adding a layer to catch pests not routinely caught by standard AV; but I thought that running *2* programs with active protection can create problems. Or is that just firewalls? Or does it vary, case by case, depending on *which* products are running?)
Assuming I can figure all this out (with everyone's outstanding help!
), I think the steps are:1) Set a rollback point (just in case);
1A) Set folder options to "view hidden files and folders"
2) Download (but don't run) MBAM (and for extra measure the MBAM-cleaner tool, just in case);
3) Temporarily disable the McAfee FW, AV and as many "shields" as I can (and ignore the nasty prompts from McAfee);
4) Install MBAM;
5) Manually exclude the MBAM EXE files (and the others, if possible) in McAfee FW and AV, and add MB to the "trusted publisher" list;
6) Open MBAM and try to update defs, configure settings, run a scan, etc.;
7) Enable the McAfee security settings;
8) Reset the default for folder options to hide the hidden files and folders
9) Cross my fingers and toes?
Did I forget any important steps? Or is anything totally wrong?
Sorry to be so dumb, but I'm just an old geezer who's been burned so many times over the years with computers (esp security apps), that I am bit overly cautious now, esp with Vista. I try to be pro-active when I can, rather than having to panic in the middle of the night with a BSOD.
Thanks in advance!
Everyone has been most helpful here at this board!
daledoc1
-
The consumer editions of McAfee (at least the last time I checked) do not have an exclusions list.
Hello, GT500:
Thanks for your quick response.
Actually, I think they *do*? (See the attached screenshots) There seems to be the ability to add programs to the exclusion list of the FW and even to add programs to the "trusted" list for the AV. Unless I am misinterpreting what I'm seeing in these dialog boxes? What do you think?
If there is a conflict that causes freezing on startup, then I can give you a .reg file that will tell Malwarebytes' Anti-Malware to wait 10 seconds to start it's protection module.
Sorry, I'm not a computer geek, so I'm not sure what you're talking about, what it would do, or how I would apply it. Overall, I'm not particularly ecstatic about any "regedit" interventions, if I can avoid it (system restore points and other protections notwithstanding).
On Vista there are usually less complications, as the protection module will not start until most of the other services (including the McAfee protection) are already running. This really helps prevent freezing issues on Vista with pretty much any anti-virus.
That's good to know about Vista. The McAfee Suite was OEM, and would not ever have been my first choice. Largely b/c of bad "childhood experiences" with uninstalling and replacing ISSs, I've stuck with it for the past year, with little problem. I hate to rock the boat or corrupt anything that's currently working OK. That said, I don't really trust McAfee for its level of protection, which is why I also use Counterspy for an added layer. Unlike the old days, when one typically loaded up one's system with 5 or 6 AV/AM products, these days I realize there can be too much of a good thing.
Anyway, I'd like to try to install MBAM on this system.
And I *think* I can either automatically or manually set at least the major .exe exclusions in McAfee.
So perhaps I'll swallow hard, set a rollback point, back everything up, and give it a whirl...
BTW, I'm planning only to install the free version at first, since I don't plan to use the active protection feature; I'll probably leave that to McAfee for now.
If all goes well, then I will upgrade (but will still probably disable the MBAM active protection mode, to avoid conflicts.)
I'll let you know how it goes.
Thanks,
daledoc1
-
Hi:
Y'all were SO very helpful in getting MBAM 1.44 installed and running properly on my W7 laptop, I'm now prepared to install on my Vista Ult SP2 (32) desktop PC running OEM McAfee Security Center (v9), VirusScan (v13), Personal Firewall, Anti-Spam, Parental Control (No Site Advisor).
The only other security product on the system is Counterspy 3.1 (manual scans only).
Windows FW and Windows Defender are disabled.
I noted in the FAQs specific instructions for McAfee VirusScan 8 ENTERPRISE, but nothing that applies to my HOME USER suite that includes VirusScan 13 and Security Center 9.
Aside from the general recommendations to temporarily disable the firewall, anti-virus and anti-malware during install, and to set as many firewall exclusions as possible, does anyone have any SPECIFIC tips?
Or is there additional info somewhere else on the boards that I just didn't find?
Your assistance is most sincerely appreciated!
Thanks in advance,
daledoc1
-
FYI, I "fell" for your clever little animated avatar, the first time I saw it.
daledoc1
No problem, daledoc1. I enjoy helping out where I can.
-
Well, that's definitely a good indictment for Malwarebytes. A Webroot support worker who also runs Malwarebytes on his machine.
Yup.
Here's how to show hidden files in Windows 7, in case it might be something to do with that.
http://www.bleepingcomputer.com/tutorials/tutorial151.html
I'm still not sure whether or not WISE FW will allow you to add non .exe files, though.
*** Yup, been there, done that.
I'm back on "hold" with Webroot now to look into this. But, when I try to navigate to those non-exe files from the WISE GUI to "add" them, they aren't visible, even though I've turned on hidden files/folders (even the system ones). The only file type options in the drop-down menu are "executable" and "command".
So unless Webroot has another suggestion, I'm probably stuck with directly allowing only the exe files.
Well, I just ran a quick scan OK and it was clean. Seems to be working. But this is what happened last time -- worked for a while, then became wonky. The major diff this time is that I didn't get any popups from WISE about allowing MBAM. So, it seems smoother. Time will tell.
TTFN and thanks for your help!
daldoc1
Best of luck, daledoc1.
EDIT: daledoc1, I just noticed your post above. I'm glad everything is working OK now.
-
Well, so far, so good.
I followed all the steps, as instructed.
The only glitch was that I couldn't find the non .exe files to manually allow them in the WISE FW. I think it might relate to "show hidden files and folders" or something?
# C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
# C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
# C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
# C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
# C:\Windows\System32\drivers\mbam.sys
# C:\Windows\System32\drivers\mbamswissarmy.sys
I can't recall how to do it W7 (new to this OS).
I will try to figure it out while there's still time (before WISE detects MBAM as a nasty and tries to cripple it again).
Anyone know how? (Yes, I have admin privs on this machine and am logged on as admin.)
If someone could reply soon, that would minimize the chance that the original problems recur and help to ensure a happy, happy MBAM experience.
Thanks!
daledoc1
UPDATE: I figured out how to turn on "view hidden files and folders", but it looks as though WISE will only let me exclude "executable" and "command" file types. IOW, when I try to add these other files (dll, ref, sys), they don't appear for me to select them. I know they are installed on the computer OK, b/c when I search for them in Windows Explorer, they are "there".
So, as of the moment, MBAM does appear to have installed properly. I've gotten no error messages yet, and I was able to open the GUI and update to today's defs without any annoying messages from WISE (which I have turned back on in training mode, as Webroot suggested). I am about to start a scan.
I guess I'll have to do without having manually allowed all the other MBAM files?
THANKS,
daledoc1
-
Well, so far, so good.
I followed all the steps, as instructed.
The only glitch was that I couldn't find the non .exe files to manually allow them in the WISE FW. I think it might relate to "show hidden files and folders" or something?
# C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
# C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
# C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
# C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
# C:\Windows\System32\drivers\mbam.sys
# C:\Windows\System32\drivers\mbamswissarmy.sys
I can't recall how to do it W7 (new to this OS).
I will try to figure it out while there's still time (before WISE detects MBAM as a nasty and tries to cripple it again).
Anyone know how? (Yes, I have admin privs on this machine and am logged on as admin.)
If someone could reply soon, that would minimize the chance that the original problems recur and help to ensure a happy, happy MBAM experience.
Thanks!
daledoc1
-
daledoc1, hopefully you will not have to any further than step 3 in your post above. But if you do decide to go all the way to step 9. Best of luck, my friend.
I'm certain you've got it pretty much figured out what you might have to do to try to resolve this problem. Basically just set as many application .exe/publisher exclusions as you can. And if it allows you to somehow exclude non .exe files as well, so much the better.
Hi, again:
Well, I *might* be in luck.
I just got off the phone with Larry at Webroot TS.
Not only did he not have a cow when I told him I was calling for help configuring WISE for another product, he said <get this> that he runs MBAM on his system that runs WISE.
So, he confirmed your suggested plan, WITH ONE SIGNIFICANT addition:
Larry said I should turn on the firewall training mode functions (except those related to emails) for a couple of days once I reenable the firewall after the MBAM install. (see attached)
He said that I *can* navigate to and select all the relevant MBAM file paths (at least the exe files) for adding to the firewall exclusions.
SO, I am about to set a Windows RP, backup my files, download MBAM, try again!
Wish me luck -- I'll be back later with results.
If you don't hear back, assume I committed seppuku, or something.
cheers,
daledoc1
-
Good point, daledoc1.
Unless your antivirus/firewall allows you to paste exclusion paths into a box (like NOD32 does, for instance)
I haven't found a definitive answer on this, yet, but I think not.
Webroot has good, N American-based tech support, but in my experience, calling them about issues/conflicts/tweaks re: OTHER security products is a non-starter with them. They basically "pass" on anything that has to do with another product and provide the usual "you can't have more than 1 security product on your machine" line.
I suspect that this ISS doesn't allow a sufficiently granular level of user control/configuration for me to do this.
you will have to install Malwarebytes before you set the exclusions. Just make sure that your antivirus/firewall is disabled when you install Malwarebytes and then set the exclusions as soon as possible afterwards. If you could set the exclusions when your antivirus/firewall is still disabled, that would be the best possible scenario. But I am not that familiar with Webroot products so I'm not sure what you can or cannot do with them regarding exclusions and disabling etc.
So, I'm NOT crazy then! <LOL>
I have a feeling this isn't going to work.
I may not have done all the needed steps exactly in the correct sequence the first time, but AFAIK, I did configure the WISE firewall/AV to "allow" MBAM, allow the publisher, etc.
So, IOW, I will actually need to:
1) Disable firewall/AV.
2) Download and install MBAM.
3) Quickly configure firewall/AV to allow the program, the publisher, the specific file paths (if possible and ideally with the firewall/AV still disabled) before it detects MBAM as a problem and tries to disable it.
4) UNinstall MBAM.
5) Run the MBAM cleaner tool.
6) Redownload and reinstall MBAM.
7) Verify the MBAM exclusions.
8) Re-enable the firewall/AV.
9) Cross fingers and toes???
(with all the necessary reboots at the appropriate times).
However, I think I am going to get stuck after step 4 -- if I set the firewall/AV to allow MBAM and then UNinstall it and reboot, I suspect all those exclusions/file paths that I configure in WISE will be wiped when I uninstall MBAM and run the cleaner.
So, I will be stuck in a vicious cycle...?
UGH!!!
Sometimes, I just hate computers!
daledoc1
-
Hi daledoc1,
Please configure your antivirus AND firewall to exclude/trust ALL of these files.
SO (AND THIS IS A REALLY STUPID QUESTION), I ASSUME MBAM MUST BE INSTALLED ON THE COMPUTER FIRST, SO THAT THESE WILL BE VALID FILE PATHS FOR ME TO SELECT AND TO ADD TO THE FIREWALL/AV EXCLUSIONS? (That's why MBAM has to be installed, then the firewall needs to be configured, then MBAM needs to be UNinstalled and reinstalled???)
OR CAN IS THERE SOME WAY I CAN JUST COPY/PASTE THESE DIRECTLY INTO THE FIREWALL CONFIGURATION BOX, EVEN THOUGH -- B/C MBAM IS NO LONGER INSTALLED - THEY ARE NOT CURRENTLY VALID FILES PATHS?
IOW, I understand how to allow PROGRAMS and PUBLISHERS (see attached sshot), but I'm not sure how to allow specific FILES.
Still puzzled....
daledoc1
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
- C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
- C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
- C:\ProgramData\Malwarebytes' Anti-Malware\rules.ref
- C:\Windows\System32\drivers\mbam.sys
- C:\Windows\System32\drivers\mbamswissarmy.sys
Then restart your computer. <SNIP>
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-
Hi!
Agree with Jack -- y'all are not "JUST" forum helpers. IMHO, forum helpers are usually MORE helpful than formal tech support in many cases these days.
So, thanks!
daledoc1
EDIT: Please also make sure that you read Jacktivity's post above. He is from official Malwarebytes Corporate Support but I am just a forum helper.
-
Hi, noknojon:
Yes, I've read through all of that and I undestand the principles.
However, there is no section for WISE (Webroot), so I have to figure out how to set up the exclusions on my own.
I have only been using WISE for a few weeks, and there are instructions @ Webroot on how to allow entire programs and publishers, but not specific dll files.
I assume MBAM has to be installed first, so I can navigate to the specific files (in whatever folder they may be located), in order to select them for the exclusion? (IOW, I don't think I can just type or paste the relevant file path names into the firewall program allowance box?)
Moreover, even when I told WISE to "allow" MBAM after install, and clicked "allow" every time a dialogue box appeared about the program/parent, etc, apparently it was still conlicting with & blocking MBAM.
I had used Webroot AV/AM programs in the past on previous PCs, and they were a bit pesky about program conflicts, esp other AV/AM apps.
So, I'm not sure this will work, even with all the tweaks to the firewall.
I'm a little confused, as well by the instructions.
If I set all the program/file exclusions in the firewall/AV to allow MBAM, and then I uninstall MBAM in order to do the clean install, will these firewall/AV exclusions/allowances "stick"?
Anyway, I guess I'll try again later today.
It's been far more problematic than I expected.
Short of writing code, editing the registry or getting into involved command line instructions, I didn't think it would be this much of a chore to install.
While the GUI is quite user-friendly, I might need something a bit more user-friendly for the non-computer geek to install and configure.
Thanks,
daledoc1
@ daledoc1 -Please look at this link below to our FAQ section - Below the main heading Items E,F,H and I will show you how to exclude the items refered to from your Antivirus or firewall -
http://www.malwarebytes.org/forums/index.p...ost&p=49525
Thank You -
-
Hi, Jacktivity:
Yes, I have administrator privileges on this machine. I work for a university. Believe it or not, they are in the 1800s when it comes to IT (it's a medical school, not a full university with undergrad or computer engineering dept). They never supported Win Vista and have yet to sign on for Win 7 (forget about Mac!). Seriously, unless you have WinXP on your computer (desktop or laptop), one is -- quite literally - on one's own, esp re: integrations of software in the Novell environment...
It's a REAL disaster. Even our own departmental in-house IT guy is unable to provide any help -- mine was the first Win7 machine in our entire department, and he knows less about it than I do. He's kinda out of date with all this, couldn't possibly keep track of everything for all 100+ machines and just doesn't offer much concrete help. So we really are on our own. Scary!
Anyway, I didn't know about the "free for home use only" thing -- I fully expected to pay for the full version once I had tried/tested the free version. (Really. I had to go out and buy my own ISS, since I would have had to wait weeks for a boxed version under a P.O. and they couldn't even tell me what to buy!)
I may have misspoken -- during installation, one is prompted about creating an MBAM folder in the Windows Start Menu (with an option to check the box or not). So, I was surprised to find that ABAM was not listed under "All Programs", or anywhere in the Windows Start Menu (as I had selected the option to create the folder). In retrospect, it seems all of the issues derived from the need to set all those exclusions.
No, I don't think WISE didn't remove MBAM. I did. Aside from the icon and missing folder issues, MBAM actually did work OK initially. I had disabled WISE during installation and confirmed that it was "allowed" by the firewall afterwards. That said, I didn't realize there were additional tweaks needed with the firewall/AV settings -- that was likely the problem. So, it might have been conflicting/blocking it at some level, but I don't think it uninstalled it, at least not completely. But I understand what you're saying.
As for the error message with the cleaner -- that makes sense. I had already uninstalled pretty completely before I ran the cleaner tool.
AFAIK, There is no malware on the machine. I am a scrupulous and very careful user, run scans often, and don't install questionable software. So, I don't think that was the issue.
I guess it boils down to the firewall/AV settings.
Well, I think I'll take a time out and perhaps try it again in a day or so.
It might be more work than it's worth.
Thanks for getting back to me so quickly!
daledoc1
Hi daledoc1, and welcome to Malwarebytes.orgI notice in your signature that you use this as a work computer. Just so you know, MBAM is not free in any type of work environment. Free is for home use only.
Which leads me to ask are you the administrator on this PC? MBAM needs to be installed from an administrator account.
I'm confused when you say you configured this to start from a Windows Start Menu folder. I wonder just what exactly you did. When MBAM installs, it creates it's own sub-directory in C:\Program Files. MBAM only provides realtime protection on the paid version and doesn't start with Windows until it is registered and configured that way. The free version is an on-demand scanner only.
I'm not familiar with Webroot Security Essentials (haven't used Webroot for 4-5 years since I left my last company) but I suspect that it possibly falsely determined that mbam was a threat and removed it without notifying you. My last company also silently monitored our installed software with additional remote tools and removed anything they hadn't obtained licenses for. I would look along these lines or similar. The missing executable would explain the wonky desktop icon you got. You can look farther down the page of the FAQ to see how to make exclusions for MBAM in several security programs. We don't have one for Webroot, but you should be able to adapt your situation.
The reason you got the SHGetValue Failed error is because the clean program couldn't find the files/registry entries it was looking for to delete.
There is also a chance that some type of malware got on the laptop and deleted the file.
Assuming you are an admin on the machine, go ahead and re-install MBAM and run another scan.
WISE Firewall conflict @ startup with MBAM 1.44
in Malwarebytes for Windows Support Forum
Posted
Yes, thanks!
I'm almost an expert on uninstall/reinstall now!
I had to do all that at least twice last week before I got Free to install and work OK -- mostly b/c I didn't know about the cleaner, I hadn't disabled the FW/AV during the 1st MBAM install, and b/c there were also a couple of FW tweaks needed (beyond program exclusions) and for that I had to get help from Webroot.
I have a feeling this won't solve this particular issue, though, because all the program exclusions are already specified (to the extent that WISE FW will let me), and b/c it's only a "startup" issue -- IOW MBAM and WISE play fine when they don't try to load together.
Since it's all working OK (aside from this), I might just sit tight for now.
My brain is on the verge of exploding.
Kinda bummed.
It's not a problem to manually start the protection module after booting up, but I wish WISE and MBAM would play nice together when loading.
Oh, well!
Thanks!!!!
daledoc1