Jump to content

MBAM.exe hangs during start, 100% usage of one core

Recommended Posts

I am trying out the free version of MBAM with the possibility of purchasing a corporate license. I'm installing it on a Windows 2003 x64 Standard Server that is running Citrix Presentation Server 4.5 (our users always manage to get junk in their profiles even though the system itself is locked down).

One important oddity to note - our Citrix server does not have a C: drive. The system drive has been renamed to M: - this is a common practice on older Citrix systems. I'm wondering if MBAM is trying to explicitly do something with C: and failing?

When I try to run MBAM, mbam.exe just sits in task manager with 25% CPU usage, which is 100% of one of the 4 cores on the server. The GUI never displays, at least not after letting it sit there for 5-10 minutes. Is there any logfile I can look at to try to determine what is going on here? I've poked around %userprofile%\application data\malwarebytes and there's nothing. The working set keeps growing as well (according to procexp.exe) - it's now around 900MB and still growing. I am seeing the stack change when examining it with Process Explorer, but I'm not skilled in the ways of debugging so I'm not sure exactly what is going on there.

Eventually it did pop up and complain that the definition file was invalid or corrupt. It downloaded a new file, and now the download window is sitting at 100%, mbam.exe is still chewing CPU, and nothing is happening. Watching it with Process Monitor, I see 500,000 + attempts to QueryOpen the Temp folder of my account (logged in as domain admin on the system, and it's querying "M:\Docs & Settings\administrator\local settings\temp" over and over and over). It then finally stopped doing that and it appears to have queried the temp folder of many of the other logged in users on the system, and then finally played with the various files in the All Users profile for MBAM (rules.ref, config.conf, build.conf, etc). Now Process Monitor is quiet, no new activity, but mbam.exe is still eating CPU. When I attempt to get properties on it with Process Explorer now, it causes procexp to crash/force quit without any error messages.

We have 6 different identical Citrix servers, and I get roughly the same behavior from MBAM on all of them so I don't think it's anything specific to one system.

Any ideas or places to start looking?

Link to post
Share on other sites

Hello and :welcome:

As your statement seems to indicate that this is a business please contact corporate support and they will assist you with this.

Please send an email to corporate-support@malwarebytes.org

Also make sure you have malwarebytes.org and salesforce.com in your Safe Sender list in email.

In order to assist you better please provide the following information when contacting them.

Cleverbridge Order Reference Number:

Organization name:

Approved Contact name:

If you no longer have access to the order number you can contact Cleverbridge to obtain information about your order.

Cleverbridge customer service

Thank you

Link to post
Share on other sites

As your statement seems to indicate that this is a business please contact corporate support and they will assist you with this.

I have not yet purchased the software, hence I do not have an order reference number. I was attempting to run it for trial purposes in order to determine if we wanted to purchase. Should I still contact corporate support, and if so what should I give them for an order number?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.