Jump to content


Honorary Members
  • Posts

  • Joined

  • Last visited

Posts posted by throkr

  1. Hi @exile360,

    Thanks a lot for this detailed and useful explanation.

    Just for info, I made the following test: uninstalled MB with the Support Tool (without new installation after the reboot), installed the latest stable version with the online installer, updated to the latest beta version.

    This time program and CU were updated at the same time (meaning: in one step), no reboot required.

    Again, thanks for your time ... :)


  2. 10 hours ago, exile360 said:

    I can only guess that they updated the main program as well as the modular components in this version and that's the reason for the new version numbers for both values, however that is just speculation.

    I guess I wasn't clear enough in my first post; here more explanations ...

    In previous versions, the updates happened in 2 steps as described in this topic: https://forums.malwarebytes.com/topic/260121-update-to-version-41171-cu-10927/?tab=comments#comment-1386375

    This time it all happened in one step through a required reboot.

    So my question is: will this be the standard procedure from now on ? Thank you. :)

  3. 31 minutes ago, boombastik said:

    Can you enable it , restart and then shutdown?

    After you start your machine run in admin powershel this command:

    Get-WinEvent -ProviderName Microsoft-Windows-Kernel-boot -MaxEvents 10 | Where-Object {$_.id -like "27"}

    If the answer is 0x0 the hybrid shutdown dont work.

    I tested it and no problem here (result is 0x1) as you can see from the screenshot.



  4. Hi,

    Installed on top of the previous version without any problem.

    I noticed a new intermediary window (proposition to install MBG); to end the installation a reboot was required and after that I noticed that, this time, the program and the CU were updated at the same time. This wasn't the case with previous versions but I suppose that this will be now the new procedure (?) ... 

    Just asking ... :)


    - Win10 20H2 - Build 19042.572 -

  5. And it was the case in the past; the mention "Beta" was present just after"Premium" in the title bar (that's why I included the screenshot in my first post).

    If I remember well it was still present in the beta versions 4.0 and got lost with the beta versions 4.1 .....

  6. On 6/1/2020 at 3:08 PM, LiquidTension said:

    This is expected as the report was generated before you disabled Ransomware Protection.

    I understand that; my point is (was) that a reader of this report could think that it was made with ransomware protection enabled (which isn't the case), unless I tell him that I disabled the protection whilst MBST was running ..... Or am I missing something here ?    

    On 6/1/2020 at 3:08 PM, LiquidTension said:

    Could you elaborate on this? What do you mean by position "OFF"? Where did you see the drive letters change? Was this a permanent change?

    My external HDDs are connected but not always running (= powered ON) and not visible in File Explorer. After running MBST, if I make them visible again in File Explorer (by turning the power switch on the HDD to ON), I see that the drive letter has been changed.

    BTW today I made a test: I left the HDDs ON (visible in File Explorer) whilst running MBST and this has the same effect; once you set the HDD to OFF and again to ON, the drive letters in File Explorer are changed.

    On 6/1/2020 at 3:08 PM, LiquidTension said:

    Some additional information would be useful.

    Attached you'll find the logs, except the Process Monitor Log (apparently not allowed, file to big) so I uploaded it here: https://www.transfernow.net/Ba0joK062020

    On 6/1/2020 at 3:08 PM, LiquidTension said:

    Also, whilst still in the issue state (so before you disable Ransomware Protection), please open Task Manager and look for the FRST process.
    Expand it if there are child processes running and take a screenshot of what you see.

    Here you go (no child processes present)


    MB ARW + LOGS.zip mbst-grab-results.zip

  7. @LiquidTension

    The new beta CU 1.0.931 did not fix this issue;  ransomware protection still has to be disabled before starting the tool to have the zip file created with the correct infos (*) (this is important !).

    I have now more important infos for you:

    • with 1.0.931: if you rerun MBST after a first complete execution (with ransomware protection disabled), you'll still have to disable ransomware protection (this wasn't the case with CU 1.0.927, as we saw earlier)
    • if you don't disable ransomware before starting the tool, it gets stuck at the second step "Run FRST" (as I mentioned it earlier in this topic). If you disable ransomware protection whilst the tool is stuck (= still running), it will immediately go further and the logs are created  (*) BUT they are incorrect as they don't reflect the reality: in mb-checkresults.txt, under ARW Controller Config it says Protection State: enabled (which is wrong as the protection was disabled whilst MBST was running). My attached logs reflect this "wrong" situation.
    • After running the tool, I noticed that all the drive letters of my non-connected (position "OFF" during the scan) external HDD drives were changed (this doesn't affect USB drives, at least for me). This is important as I use one of these external HDD drives for my backups ...

    Well, I hope that my explanations are clear enough and that it will help ..... :)


  8. 2 hours ago, LiquidTension said:

    Thank you for the information. We're looking further into this. It appears to be related to the registry backup functionality in FRST.

    If you run MBST again with Ransomware Protection, do you still encounter an issue? Now that FRST was able to complete successfully and perform the registry backup, there's a good chance it will run successfully now.

    Correct, the second time I ran MBST, it went through all the steps without problem with the ransomware enabled.

    It should be noticed that during the initial scan (on Win 10 2004), MB didn't react in comparison to Win 10 1909 where MB opens an alert window. 

    Another good feedback: scans (quick + threat, for me) are significantly faster with this version 4.1.1 compared to version 4.1.0, at least for me.


    52 minutes ago, Porthos said:


    Thanks @Porthos, but MB is obviously not reacting in the same way on Win 10 1909 and on Win 2004 (which I'm using); see my answer just above to @LiquidTension

  9. 23 hours ago, throkr said:

    Well, I already used the MBST to reinstall MB without any problem but now I can't collect the logs.

    After clicking on "Gather logs", the scan gets stuck in the second step "Run FRST" and never ends; I had to cancel it. I even tried with the real-time protection  temporarily disabled in Microsoft Defender antivirus.

    I really don't understand why this is happening ....

    @AdvancedSetup, @LiquidTension,  I finally found out the culprit who was blocking the execution of the MBST: the ransomware protection module of MB ! :P            

    Once the ransomware protection temporarily disabled before starting the tool, there was no problem and the zip file was created ...

    But, is this normal ???  :blink:


  10. 16 hours ago, AdvancedSetup said:

    If you can upload the MBST logs that may help us with future updates to prevent issues.

    Upload Malwarebytes Support Tool logs offline



    Well, I already used the MBST to reinstall MB without any problem but now I can't collect the logs.

    After clicking on "Gather logs", the scan gets stuck in the second step "Run FRST" and never ends; I had to cancel it. I even tried with the real-time protection  temporarily disabled in Microsoft Defender antivirus.

    I really don't understand why this is happening ...


    53 minutes ago, LiquidTension said:

    Thank you for the feedback! We have a defect filed for the issue with Self-Protection.

    Thank you for that.

  11. Hi,

    In the MBG guide (Settings screen) it is said: "Ads/Trackers: This is mainly a privacy settings, and has no effect on your safety. Turning this setting off may slow website access".

    • As I disabled this setting for some sites, is it normal that the concerned pages are now slower to load ?
    • I noticed this in Microsoft Edge Chromium only, not in Firefox ..... is this normal too ?

    I'm using latest MBG v 2.2.4 in both browsers.

    Thanks ! :)


    - Win 10 2004 - Build 19041.264 -

  12. The update happened without problem in 2 steps:

    1. clicking on "Check for updates" updates only the CU from 1.0.924 to 1.0.927 and this message shows up in the main UI.


    2. clicking  on "Mettre à jour maintenant" (Update now) updates the program from version to version No reboot needed.

    Be advised that I had to re-enable the self-protection module.


    - Win 10 2004 - Build 19041.264 -



  13. Hi,

    I received this beta update today (not announced yet ...).

    I'm referring to this  still existing issue: 

    As @LiquidTension said, you are aware of it; I just want to be more specific as I found out these details today.

    In fact, the language of the message is correct except if you combine background Cityscape with themes Use system default  / Light.

    As I am now using System default + Data Web, the message appears correctly in French.

    - Windows 10 2004 - Build 19041.264 -




Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.