Jump to content

Protection Module Turns Off When User logs off...


Recommended Posts

  • Staff

First request:

I have purchased the malwarebytes software. It worked this morning and the protection is enabled. But a couple of hours later I found out that the protection is disabled everytime I close the Malwarebytes icon on my desktop and gives me error code:2 When I click "start protection", it gives me error code:2.

I directed user to Protection module thread, here upon which she said it worked, until she logged off again.

Once I logged off and logged on again, the protection module becomes disabled in a couple of minutes. At most within 5 minutes after I connect to the internet. I am running as the administrator account and Norton did not/ does not give me any alerts regarding MBAM. (well it did give me an alert regarding "my signature" but it said it adjusted it). I really have no problem with the malwarebytes after I start or restart my computer. Its only when I log off and log in again (WITHOUT turning off or restarting my computer) that I get those Error codes. So in order to have the protection code "ON" always, I never logged out.

Anyone have any ideas on this one?

Link to post
Share on other sites

That's a wierd one for sure. The only thing I can think of would be that for some reason a kernel mode driver is being unloaded on logoff but having an error when trying to reload when logging back on because it needs to load at a stage earlier than other components. It could also be another driver conflicting with it when logging off and on again (I know some video drivers in particular act funny sometimes when doing a log-off/log-on vs a clean boot). I'd start by investigating the video drivers, then probably the sound and networking drivers to check for possible conflicts.

edit: Does the event viewer show anything?

Link to post
Share on other sites

  • Staff
That's a wierd one for sure. The only thing I can think of would be that for some reason a kernel mode driver is being unloaded on logoff but having an error when trying to reload when logging back on because it needs to load at a stage earlier than other components. It could also be another driver conflicting with it when logging off and on again (I know some video drivers in particular act funny sometimes when doing a log-off/log-on vs a clean boot). I'd start by investigating the video drivers, then probably the sound and networking drivers to check for possible conflicts.

edit: Does the event viewer show anything?

Thanks, and I didn't think of checking Event Viewer. I'll have them take a peek
Link to post
Share on other sites

I have notice the very samething within the last couple days also of this very same thing happening , whenever I turn the protection module on it activates but for some reason if I decided to turn it off I can no longer turn it back on without geting an error and then button that I click on is no longer detailed (as if its active but its not) , If I restart computer I can reactivate the protection module no problem and as long as its active no problem with anything , but turn it off and can no longer turn it back on with out geting this same error I think. I have not yet tried anything mentioned above as just now seeing this thread and someone else having the same issue which looks like to me as more of an conflict then anything else perhaps a gliche or something like,really dont think its a malware type think just seems like I would be having other weird stuff going on which I am not . I will try what is reconmeneded in the first post when I get home and see if the issue gets resolved as it is my only issue ,at work now first time seeing this thread.

Link to post
Share on other sites

Hello, all is good again with my MBAM and completed a quick clean scan just to make sure but I expected it would be clean and tested several times exiting module and enabling module without a reboot needed works like a charm again, following instructions in post #1 about using that special tool as well, :D

Link to post
Share on other sites

  • Staff

You know it just struck me that this has begun on Tuesday the 10th..... Patch Tuesday.

I wonder if something Windows did that has begun to affect these machines\user log ons\off. :P

Not a hint of anything like this before then. I'm jus' sayin is all.

Link to post
Share on other sites

I have notice the very samething within the last couple days also of this very same thing happening , whenever I turn the protection module on it activates but for some reason if I decided to turn it off I can no longer turn it back on without geting an error and then button that I click on is no longer detailed (as if its active but its not) , If I restart computer I can reactivate the protection module no problem and as long as its active no problem with anything , but turn it off and can no longer turn it back on with out geting this same error I think. I have not yet tried anything mentioned above as just now seeing this thread and someone else having the same issue which looks like to me as more of an conflict then anything else perhaps a gliche or something like,really dont think its a malware type think just seems like I would be having other weird stuff going on which I am not . I will try what is reconmeneded in the first post when I get home and see if the issue gets resolved as it is my only issue ,at work now first time seeing this thread.

I have this same issue. I've done the recommended uninstall, clean, reinstall a couple of times now. The issue has returned both times. I think this has only been a problem in the last couple of weeks (possibly related to the 360V3 update). Logging in and out of profiles is fairly common for me as I use a limited account for most of the the web surfing I do. I'm running XP Pro Sp2, Norton 360V3, CounterSpy, and Webroot Spy Sweeper. Malwarebytes and 360 are the only apps with active protection running.

Link to post
Share on other sites

  • Staff

From another user in support:

Ok, so I uninstalled all 3 Windows XP updates dated 11/03/09, then just to be sure, I uninstalled & reinstalled Malwarebytes as per instructions and still the same problem. Even once the reinstall was just complete, the M icon did not show up in the taskbar (bottom right-hand near the time). It was only after I logged off, then logged back in that I got the icon. Switched user to test, and the 2nd log on still does not get the logo & gets the error message.....??? The updates I removed were KB958690, KB938464-v2 & KB960225.....

The more data we can try to collect the better to try and narrow down the problem.

@calintexas, Norton 360 does not like our protection module, we've had a few users say it won't run at all.

It's so bad one of our developers has been working on it to try and narrow down that bug by trying to get others to run N360 and try all they could to make the problem present a solution.

Link to post
Share on other sites

:P @ TeMerc

.......I forgot to add my computer info then if you guys are charting this issue to narrow down issues on troble shooting stuff I am running windows OS XP Pro SP3, using KIS 2009,and MBAM as my protection I mostly use MBAM as an scanner a few times a week but have/can activate the protection module from time to time , still can with no issues except when noted in post #4 and that's has been the only issue since installing in November of 2008 otherwise all good here :P

Link to post
Share on other sites

Same issue here when logging off and logging back on. After restarting the computer, I can re-enable MBAM protection without any further issues. This issue has only very recently appeared.

XP Pro + SP3 fully patched through March 10th + Windows Firewall + Windows Defender + MBAM (paid)....no other AV or AS software

galileo

Link to post
Share on other sites

There is a solution to avoiding a reboot...simply restart the MBAMService...


  1. 1. Logon as usual
    2. Go to "Start" > "Run"
    3. Type: %SystemRoot%\system32\services.msc
    4. Scroll down to "MBAMService" - select this and click "Start" in the left hand pane

The MBAM icon will reappear in the tray and MBAM protection will remain enabled....

This issue appears to occur because the MBAMService typically is "not" running unless there are MBAM tasks to perform. Apparently, the service may (?) start when the machine is initially booted and thus, makes it possible for MBAM protection to enter/start its running/enabled mode - and then the MBAMService goes into a "dormant" mode. The service is apparently not being started when there is only a "logon" and thus, MBAM protection cannot restart itself.....????

If this is the case, the coding fix should be simple... :P

galileo

Link to post
Share on other sites

@galileo

Thanks for that additional tip on that if it happens again I will remenber that(and TeMerc I think Tuesday was the day messed up on me as well after updating) maybe I wont have to uninstall an reinstall then like I did the other day

Also I noticed your location, and a first time to see someone on the internet forum like MBAM and live in the same city as :P

Link to post
Share on other sites

@galileo

Also I noticed your location, and a first time to see someone on the internet forum like MBAM and live in the same city as :P

I am near Charlotte (Gaston County) and having the same problem. The thread "Protection Module Errors" is about this same issue. Malwarebytes' has been a good tool for me until now. I hope someone comes up with a fix soon.

Link to post
Share on other sites

Looking in Computer Management/Services (Vista), I see MBAMService with StartUp Type = Manual. Because Malwarebytes' is suppose to start with windows, I changed this to Automatic. Under Status, it was not started so I started it.

Under Dependencies is the message -

This service depends on the following system components:

MBAMProtector

MBAMProtector is not listed as a service though. :P This should be a major problem.

Link to post
Share on other sites

Looking in Computer Management/Services (Vista), I see MBAMService with StartUp Type = Manual. Because Malwarebytes' is suppose to start with windows, I changed this to Automatic. Under Status, it was not started so I started it.

Under Dependencies is the message -

This service depends on the following system components:

MBAMProtector

MBAMProtector is not listed as a service though. :P This should be a major problem.

"Services" on my system shows "MBAMService" with the startup type as "Automatic" - this is from the default install of MBAM. There are no "Dependencies" indicated under the "Properties" for this service. You may want to follow some earlier comments regarding a complete uninstall and cleanup and then reinstall MBAM. Your "Services" does not appear to match those of any of the installations that I have....FWIW.

galileo

Link to post
Share on other sites

"Services" on my system shows "MBAMService" with the startup type as "Automatic" - this is from the default install of MBAM. There are no "Dependencies" indicated under the "Properties" for this service. You may want to follow some earlier comments regarding a complete uninstall and cleanup and then reinstall MBAM. Your "Services" does not appear to match those of any of the installations that I have....FWIW.

galileo

My MBAMService shows as Automatic startup type also. In addition, starting MBAMService as Galileo recommended (7:55AM post 03/13/09) re-enabled protection and restored the toolbar icon after I had turned off protection. Previously only a restart would re-enable protection. Thanks Galileo!

Link to post
Share on other sites

If this issue continues, you can create a .bat file to start the service for you and save it to your desktop so you won't have to go through the Services console every time. Copy the following into Notepad:

net start mbamservice

Then save the file as Type: All files and name it something like MBAM Start.bat. Now all you'll have to do is double click it to start the service when this problem occurs.

Note: If using Vista, you will need to right click the .bat file and select "Run as administrator" for it to start the service

Link to post
Share on other sites

My MBAMService shows as Automatic startup type also. In addition, starting MBAMService as Galileo recommended (7:55AM post 03/13/09) re-enabled protection and restored the toolbar icon after I had turned off protection. Previously only a restart would re-enable protection. Thanks Galileo!

More Info: MBAMService won't start when trying to start it in a limited account (XP) after logout of a profile and login (See message below). MBAMService starts fine after a login to an administrator account after a logout from another profile.

Hope that makes sense. Short Story: Galileo work around works with admin accounts, but doesn't with limited accounts.

3352964592_2de9cb596a_o.jpg

Limited Account start falure message

Link to post
Share on other sites

"Services" on my system shows "MBAMService" with the startup type as "Automatic" - this is from the default install of MBAM. There are no "Dependencies" indicated under the "Properties" for this service. You may want to follow some earlier comments regarding a complete uninstall and cleanup and then reinstall MBAM. Your "Services" does not appear to match those of any of the installations that I have....FWIW.

galileo

My computer is running Vista 32. If you are running Vista too, then both installations should have the same dependencies for MBAMService. :P

I noticed that MBAMProtector shows up in the registry at:

HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Root/Enum/Root/LEGACY_MBAMPROTECTOR

I could not delete this entry with regedit. I get a shget error when I try to run the MBAM cleaner program.

Are you running XP or Vista?

Link to post
Share on other sites

More Info: MBAMService won't start when trying to start it in a limited account (XP) after logout of a profile and login (See message below). MBAMService starts fine after a login to an administrator account after a logout from another profile.

Hope that makes sense. Short Story: Galileo work around works with admin accounts, but doesn't with limited accounts.

3352964592_2de9cb596a_o.jpg

Limited Account start falure message

To solve the Limited User issue, use the "runas" command from either a command prompt or from a command script file (batch file). Here is an example:

runas /noprofile /env /user:machinename\administrator "net start mbamservice.exe"

You must substitute your computer's name for the "machinename" indicated above. For example if your machinename (i.e. computer name) is "Bob123" then the command would be:

runas /noprofile /env /user:bob123\administrator "net start mbamservice.exe"

The parameters above are explained from "runas /?" from a command prompt. Note that you will be requested to supply the administrator's password when you run this. Note also, that you can just make a simple script file by placing the entire command string above in a simple text file and use a "cmd" extension in place of the "txt" extension for the file. Then, you can just double click the file or file link to execute it....you will still need to supply the admin pword....

galileo

Link to post
Share on other sites

My computer is running Vista 32. If you are running Vista too, then both installations should have the same dependencies for MBAMService. :P

I noticed that MBAMProtector shows up in the registry at:

HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Root/Enum/Root/LEGACY_MBAMPROTECTOR

I could not delete this entry with regedit. I get a shget error when I try to run the MBAM cleaner program.

Are you running XP or Vista?

I should have mentioned earlier, I am running XP Pro. To delete the reg entry you may need to grant permission...it may be a protected reg entry under Vista....

galileo

Link to post
Share on other sites

To solve the Limited User issue, use the "runas" command from either a command prompt or from a command script file (batch file). Here is an example:

runas /noprofile /env /user:machinename\administrator "net start mbamservice.exe"

You must substitute your computer's name for the "machinename" indicated above. For example if your machinename (i.e. computer name) is "Bob123" then the command would be:

runas /noprofile /env /user:bob123\administrator "net start mbamservice.exe"

The parameters above are explained from "runas /?" from a command prompt. Note that you will be requested to supply the administrator's password when you run this. Note also, that you can just make a simple script file by placing the entire command string above in a simple text file and use a "cmd" extension in place of the "txt" extension for the file. Then, you can just double click the file or file link to execute it....you will still need to supply the admin pword....

galileo

Wow! Thanks again galileo. I know nothing about scripting, but I was able to create a .CMD script as you advised using Notepad. I did drop the .exe off of mbamservice (don't know if it matters or not). It works great when I'm using a "Limited User" account.

Link to post
Share on other sites

galileo,

It is my understanding that the LEGACY entries do not require removal. It is possible to remove them but not easy because the system owns them. Microsoft recommends leaving them alone. I have trouble ticket open with Malwarebytes and was not told to remove the LEGACY/MBAMProtector entries.

I appreciate your script work-around to start/restart the Protection Module but my limited users would forget to launch then enter the administrator password. I will wait for a revision of Malwarebytes that works properly. I have done computer repair work for people since I was laid-off from my engineering job, and loaded Malwarebytes' on several PC's. Some of them purchased the product for real-time protection and now I am getting calls from those people about this problem. These are not the type of users who will visit a forum like this for help.

I understand that the problem is probably the result of an update by Microsoft but all commercial programmers must deal and adapt to those changes. Whatever the change by Microsoft, Malwarebytes is the only program I have that is not working so I suspect that it is doing something uniquely different that makes it incompatible now. I does seem that all XP Pro and Vista systems with the latest Microsoft updates would be having the same problem.

I am confident their developer will figure it out soon.

sys-eng

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.