Automatic database updates will not work in 2.0.1.1004.

[cayennejim]

 I recently installed Malwarebytes PRO for windows 7 that was purchased from Amazon.com. The install went without problems I think and it updated to Premium 2.0.1. okay. The dashboard indicates that Real Time Protection is enabled. However, the automated database does not work. The date and time are scheduled in the automated scheduling box for updates. The Dashboard Scan Progress indicates the time of next database update. But it does nothing. It does update though when a scan starts or by using Check for updates. Also the Automated Threat Scan seems to work. Dashboard shows that I'm licensed. I did notice that even though the MBAM icon is in the system tray, MBAM is not in the MSConfig startup tab. Thought that was strange. I have been noticing other posts in the forum with the same problem but no fixes yet. Will appreciate any help given. Thanks. 

[daledoc1]

Hello and , cayennejim:

 

First, please make sure your system time and date are correct, and that your AV/firewall software give MBAM full permissions.

 

If that doesn't work....

• Please try the following and let us know if this corrects your issue or not. MBAM Clean Removal Process 2x
• Please try installing the new beta which has corrected some previously reported issues: - Malwarebytes Anti-Malware 2.0.2 Public Beta
• If that does not correct the issue, then please read the following and post back the requested logs. - Diagnostic Logs
• NOTE: There is an FAQ section with valuable information located here: - Common Questions, Issues, and their Solutions

Let us know if this resolves your issue.

 

Thank You,

 

daledoc1

 

P.S. As this post is in the wrong area of the forum, the mod team will likely move it to the support section >>HERE<<.

[cayennejim]

Daledoc1

Just for the heck of it, I unchecked the "recover missed tasks" box in the update settings box. Now the "if missed" box shows N/A and the updates are working for the first time. Every 3 hours there is a new update version. That's the only thing I've changed. Go figure. I'll monitor it for awhile just to be sure it's not me being delusional. If so, I'll get back to you. Thank you for taking the time to help an old guy.   

[BarryWilliams]

I had the same issue about the updates not working. After reading what cayennejim did, I started looking for the same setting. Having not found a setting named "Recover Missed Tasks", I continued to think about the problem and it occurred to me that I had some unresolved threat reports from my last scan. I decided that I should resolve them to see if there was a connection. I reasoned that the items were a "missed task" since I had not dispositioned them. Sure enough, updates were working again after I selected "Ignore Once" for the 8 or so items and hit "Apply Actions".

 

I did another scan and the same items were reported as expected. I waited for the update attempt to see if it would fail again and it did. Then I went to the "Dashboard" and sure enough the "Update Now" item next to "Database Version" was disabled (greyed out). "Check for Updates" is also disabled in the context menu when right-clicking the Taskbar notification icon. Also, the Dashboard says "Your databases are out of date" and the button says "Fix Now". Pushing the "Fix Now" button does nothing.

 

When I clear all of the messages on the "Scan" page, the update actions come back again. If this is a feature, the program should notify me to clear those items so the updates can complete. I have invested considerable time trying to figure out why my databases would not update. I tried the Help button and it took me to Malwarebytes.org. From there I went to the Knowledge Base and I read the topics. Under "Basic Troubleshooting" I found the topic "I'm trying to update but the 'Check for Updates' button is grayed out or unable to be clicked, why?" The only suggestion there is that the user lacks sufficient privileges.

 

I also spent time reading other forum posts including those that had instructions for uninstalling and updating the program and doing other fiddlybits. I am glad I decided to not try those methods! At one point I was so discouraged I considered bagging Malwarebytes altogether. I am a sophisticated user as I have worked as a programmer and system admin in the past. I am also doggedly determined. I fear that many users may lack the knowledge and determination I possess which may lead them to abandon Malwarebytes. That would be unfortunate for them as I think Malwarebytes is an important and valuable tool that is dirt cheap considering what it can do to protect Internet users from the criminals preying on them every day.

 

Please make the operation a bit more clear by providing feedback to inform the user that the "Detected Threats" must be cleared before updates can be performed. Or, allow the updates to take place without regard to incomplete actions regarding threats.

 

Thanks for the excellent software and the contribution Malwarebytes has made to the safety of Internet users. I am going to install your other tools both to help me and maybe to help Malwarebytes as my contribution.

 

Barry Williams

Malwarebytes Premium user

 

More info:

Malwarebytes Anti-Malware 2.0.2.1012

Build Date: 5/12/2014

Database Version 2014.06.04.12

[Artietude]

This solved my problem too!  I agree with Barry on this - it needs to be stated somewhere in the docs.

 

 

Please make the operation a bit more clear by providing feedback to inform the user that the "Detected Threats" must be cleared before updates can be performed. Or, allow the updates to take place without regard to incomplete actions regarding threats.

[JamesNewton]

Same issue here. Really poor user interface design. 

[Firefox]

Hi, and , JamesNewton:

Sorry to hear you are having issues.

Each computer is unique.

Problems that sound "the same" most often are not.

The same is true for solutions.

They most often need to be individualized.

It is less confusing for everyone if we try to stick to "one user per topic".

Please start a NEW, SEPARATE topic using the button.

The staff and experts will be able to more easily provide both you and the OP with individual help to get you both up and running.

Thanks for your patience and understanding,

Firefox

[exile360]

Thank you for making us aware of this issue. We will see to it that this problem is corrected in a future release.

To recap, this is the issue being described and the action we will take to correct it:

• A scan has been performed which has detected one or more items (malware or non-malware) either manually by the user or through the scheduler
• No action has been taken regarding the scan results so that a decision of what to do with the detection(s) is still pending from the user
• This results in the program being unable to update through any means including the Update Now>> link on the Dashboard, the Check for Updates menu item in the system tray as well as the scheduler

This will be corrected by allowing the program to perform updates even when action on detected items from a scan are still pending so that the user will still be able to update through any of the means mentioned above, including through automatic updates performed via the scheduler.

[Firefox]

Thanks for that exile, will there be some sort of notification added to inform the user that some action needs to take place with the detected items?

[exile360]

Thanks for that exile, will there be some sort of notification added to inform the user that some action needs to take place with the detected items?

There already is one, but it's possible in this case that the user had dismissed it as that notification remains visible until the user either clicks the 'x' on the notification to close it/dismiss it, or they click on the body of the notification which launches Malwarebytes Anti-Malware's main UI and opens it to the scan results screen where they would see the detected items in their scan results with the call to action buttons (e.g. 'Apply Actions', 'Quarantine All' etc.).

[Firefox]

Maybe I am missing something here, if the user failed to act on those detected items, do they keep getting notified?

Some folks that have not been able to update had no clue that they could not do it because of the detected items. Some have even mentioned they did not know there were items detected (of course its quite possible that they just ignored the message)

[exile360]

Maybe I am missing something here, if the user failed to act on those detected items, do they keep getting notified?

Some folks that have not been able to update had no clue that they could not do it because of the detected items. Some have even mentioned they did not know there were items detected (of course its quite possible that they just ignored the message)

They do not get repeated notifications of it, but as I said; the initial notification that is displayed remains visible until the user either dismisses it by clicking the 'x' on the notification or by clicking on the body of the notification itself, which launches the main UI and displays the scan results screen showing the detections.

Here are what the notifications look like, depending on what types of items were detected by the scan:

Neither of these notifications will timeout regardless of how long they have been visible.

Now, all of that said, what would you guys think if we changed the behavior of scheduled scans so that they always automatically removed any detected items but still had the option to notify the user when something was detected and removed by the scan? This would make it very similar to the autoquarantine function which is on by default for Malware Protection. Of course it would not automatically reboot the computer when required to complete the threat removal process so we would still prompt/notify the user when a reboot is needed for removal so that aspect would not change. The difference would be that the behavior (at least by default) would be consistent and would allow scans to automatically perform the recommended actions on any detected threats, thus reducing the need for user intervention.

[daledoc1]

 

Now, all of that said, what would you guys think if we changed the behavior of scheduled scans so that they always automatically removed any detected items but still had the option to notify the user when something was detected and removed by the scan?

 

I would not like that at all.

I prefer to have full control.

Really bad FPs have been rare, but I would not want to lose the option to disable automatic quarantine.

 

I'm willing to wager that most users reporting this behavior have clicked away the notification of the scan detections without taking action.

Just a hunch, but "advanced users" ought not to be penalized for the behavior of other users who don't address their scan detections.

There needs to be a limit to the "automaticity" and "set-it-forget-it" programming.

 

JMNSHO.

 

Thanks!

[exile360]

I would not like that at all.

I prefer to have full control.

Really bad FPs have been rare, but I would not want to lose the option to disable automatic quarantine.

 

I'm willing to wager that most users reporting this behavior have clicked away the notification of the scan detections without taking action.

Just a hunch, but "advanced users" ought not to be penalized for the behavior of other users who don't address their scan detections.

There needs to be a limit to the "automaticity" and "set-it-forget-it" programming.

 

JMNSHO.

 

Thanks!

Yes, I would never remove the ability for advanced users to decide whether or not to remove any detected items, however I'm simply proposing modifying the default behavior so that it removes them rather than prompting the user to take action. As it is, if the program is left in this state, not only does it prevent updates (which we can and will fix, as I stated previously), but it also causes one of two behaviors which is unavoidable depending on which choices we make with regards to the user experience. Either the user has to deal with the detections in order for another scan to be possible, or the user can't manually control which actions are taken for items detected by scheduled scans.

What if we modified the scheduler like so?:

• Scheduled scans which are completed and have detected items which require the user to take action have a timer at the end of a scan
• The scan provides a notification to the user once the scan is completed, prompting them for action just as Malwarebytes Anti-Malware does now so that the user may click on the notification and see the scan results and decide what to do with the detected items
• But now, rather than waiting indefinitely for the user to take action, Malwarebytes Anti-Malware instead waits a specific duration of time (like perhaps 5 minutes or so)
• If the user has not taken action on the detected items within that time limit of 5 minutes after completion of the scan, Malwarebytes Anti-Malware simply saves the scan log and resets the scanner back to its normal pre-scan state
• This would mean that the user would still have the log files showing what was detected by the scan and would include the information No action by user for the detections so that the user would know what the result of the scan process was
• The user could then perform another scan either manually or through the scheduler and then decide what to do with the detections

Eventually this could also possibly be accompanied by a change in the state of the Malwarebytes Anti-Malware notification area icon similar to what is displayed when one of Malwarebytes Anti-Malware's protection components is disabled or its databases are out of date so that the user knows that something is wrong. We could then include a Dashboard status stating something like Malwarebytes has detected malware on your system. Scan now to remove any threas.

[KenW]

I have to jump into this as of last comments. Every antivirus/antimalware program has had false positives, including MB. I think it was last year where a Windows file got removed by MB because of a setting in 1.75.

 

Automatic removal of a file is never a good idea.

[Firefox]

I don't think the automatic removal would be a good idea either.

However if the user does not take action after a certain time limit, then resetting the scanner and putting the info in a log file may work.

Another option, is when the Fix It button is clicked on, Malwarebytes knows that there are items pending, then clicking on fix it could take them to the scan results so that the can clean it up.

[daledoc1]

@Exile360:

 

WHEW!

OK, you had me worried there for a while.

I will need a bit of time to carefully read, process and respond to your other proposed suggestions.

 

I know there is a trend among security software vendors to <ahem><clears throat> "simplify" the UI/UX (I will refrain from using another word that rhymes with "thumb down"), especially insofar as minimizing the need for user interaction, stripping out user control of features, automating tasks, etc.

KL tried that with their 2014 products and caught a HUGE user backlash, to the point that many features have been replaced and restored in the 2015 builds.

From my perspective as just another home user -- no geek or expert -- I would strongly discourage excessive over-simplification.  It may be "safer" for the basic user to automate tasks when everything works OK, including quarantine, 99.9% of the time.  The problem is that the one "bad update" can (and did!) backfire, with disastrous consequences (as KenW pointed out and we all remember). 

And we slightly more advanced users will never be happy with a lack of control (I am still looking forward to the return of the user ability to disable automatic PROGRAM updates ).

 

It's probably moot for the pending-scan-detections-blocks-updates issue, because you have mentioned that this is on the list for a fix.

But, as you pointed out, the user MUST be dismissing the notification and/or "ignoring" the scan detections to end up in this predicament.

At some point, the computer does need to take a bit of personal responsibility, no?

Why would a user just ignore the fact that the computer is infected?

 

<rhetorical questions>

 

Just my 2 pesos, as usual.

[exile360]

Believe it or not, it happens, I suspect all too often. A user sees a pop-up and just clicks on it to 'make it go away'. I don't believe that the majority of the users who hang out on this forum regularly are anywhere near the level of PC novice that I'm most concerned about with regards to items like this. Such users simply aren't used to the concept of needing to maintain their PCs or make any decisions when their antivirus or anti-malware application has detected a threat; be it through realtime protection or through a scheduled scan. They often either don't know about it because someone more knowledgeable about computers set it up for them, or they don't want to bother with it because their only focus when using their computer is on doing the things they enjoy with their PC such as surfing the web, social networking, streaming videos, playing games, working, or creating/editing/uploading their own digital content.

It is the same exact reason that by far, PUPs are the most commonly detected items by Malwarebytes Anti-Malware today; because these same users seldom read installers/downloaders and simply click-through to get it done and get it out of the way.

As I said, we would never take away the ability for our advanced users to take full control over what is and is not removed by Malwarebytes Anti-Malware; but the reality is most users whom I described above wouldn't have any idea what to do with a list of detections and would simply follow our recommendations for removing anything detected anyway (assuming that's the most prominent/accessible button in the UI/notification). Generally speaking, that's the way they want it too. They expect their protection to be automatic, set it and forget it, do its job and keep the malware off of their systems (or remove it if MBAM finds it) so that the user can do what they do on their PCs. The only real way of protecting those users from a catastrophic false positive is to prevent the false positive detection in the first place which is why we have done, and are continuing to do a ton of work on our processes, automation and updating routines to ensure that such an event never happens again.

Of course that is no guarantee, because unfortunately even the best software has a false positive from time to time for one reason or another, but we are confident in the systems and procedures we've now put in place and have enhanced and tested thoroughly to guard against such a critical system component from being flagged as a threat again.

Anyway, we do plan to clean this process up. And I believe this is the way we'll go so that if the user has not made a decision within a given amount of time; the logs will be saved and we'll either notify them about it or we won't (I haven't decided on that one yet, since it could result in an endless loop of the user being notified that they need to run a scan, the user running the scan as prompted, the user clicking through yet again and still not taking action against the detections, time running out again, the user being notified yet again...you get the idea ).

 

At some point, the computer does need to take a bit of personal responsibility, no?

Yes, but in my opinion the user did exactly that when they decided to pay us to protect their computer. The primary purpose of an anti-malware application like ours is not to play the role of a HIPS asking the user what to do with every item/activity it detects; it is to detect what it knows to be malware and remove it from the PC to prevent the system from getting infected or to remove it from the system if the malware has already infiltrated the system. If I go to the mechanic with a broken alternator, the mechanic does not ask me if I need to replace my alternator. She tells me that I need a new alternator and I pay her to replace it. Her job is to diagnose the problem and then repair it. Likewise, this is the job of Malwarebytes Anti-Malware. When false positives happen, it means we have failed in that job, but that does not mean that we give up or lose our confidence in our ability to do our job. It just means that we try that much harder to make certain that we keep improving at not only crushing malware, but also at guarding against future false positives.

My apologies for being so 'ranty' there, but this is a subject I've given a LOT of thought for many years now.

[Firefox]

Thanks for the added info excile, and I agree most folks want to set it and forget it.

[BarryWilliams]

I opined about this very issue and, after getting a bit of hostility from moderators for posting this behavior as being the possible cause of other user's pain, I decided to not comment or participate here anymore but I did continue to receive notifications of new replies. I am glad to see that this issue is being examined by the developers. While working as a programmer for IBM, without the benefit of finishing my CS degree (being in poor health killed it), I too ran into such user operation issues.

 

I do not agree that all of the users that dismiss notifications are of low intelligence when it comes matters "PC". Indeed, I have found that it is a misconception by a programmer that usually gives rise to a user's "problem". I don't mean to belittle; actually this is something of a mea culpa. I know that being a programmer close to one's creation and understanding it intimately can lead to a certain "blindness" when it comes to user interaction.

 

For my part, I did look for the answer of the behavior in the documentation and I am guilty of continually clicking the "Fix Now" items repeatedly with the same result. In fairness, all I got back from the interface was the equivalent of a "blank stare". 

 

Here's what I propose:

 

Leave the behavior as it is except add a modal dialog with the message that detected threats must be "dispositioned" (that word was particularly annoying to one commenter who I think was a Mod) before update operations will complete. On being dismissed, the main dialog will open with the users attention drawn to the security item by some means of a highlight: maybe a honking-big, red-flashing arrow. 

 

Also, add "THREAT DETECTED! USER ACTION REQUIRED" in red letters to the "database out of date" dialog if there is an extant threat. I have found that a gentle clubbing of the user's eyeballs almost always evokes more than passing interest.

 

As for automatic update of the database during operations invoked by the scheduler, the user can either use "autopilot", so to speak, and trust the boffins that created their computer "condom" to provide some mode to deal with threats or be more involved choosing instead to be hounded continuously by "screaming mimis" until they "stab it with their steely knife" . . . and so forth.

 

After I understood that specific attention was needed, no problem! Now, if I get a repeated database-out-of-date error, I look to see if there is a detected threat I need to deal with. Maybe there could be some sensitivity so I can automatically deal with threats based upon their relative threat levels. Sounds simple but I am sure that feature could be difficult to implement.

 

I still strongly recommend the program to anyone that I encounter. I use Norton 360 and I am currently trying the beta of the new product which appears to overlap with Malwarebytes. I also use automatic updates from Microsoft for my fully licensed copy of Windows (one of the cheapest security measures relatively speaking) along with the Microsoft supplied tools to deal with threats.

 

Barry Williams

 

What follows is a wordy and off-topic blab about me. I hope the Mod gods won't mind too much. If you read it all, it must mean you have nothing better to do than waste time reading the rambling anecdotes of an old codger!

 

Bona fides:

Aerospace engineer involved with programs from the Space Shuttle External Tank to the F/A-18 Advanced Strike fighter 

(again, no degree needed to excel - I do like to brag - although I had some college under my belt being comprised of mechanical engineering coursework)

 

Programmer and problem solver for IBM for 3 years: originally to be an interruption in my pursuit of a bachelors degree in CS of only a semester or two. I was a well-paid intern in a fantastic job with a great company to work for. Alas, I was downsized out of my job by the consolidation of the education division.

 

The downward spiral of my health started to steepen and I only worked 1 more year for a stock brokerage/financial management company as their IT director before I was forced to quit.

 

Early years of computing:

My first computer was a Zenith Z-120 with a 300 baud printing terminal that looked EXACTLY (caps because the usefulness of Google still amazes me at times) like this one:

http://smist08.files.wordpress.com/2014/01/la36.jpg

 

My first exposure to computing came in the mid-1960's when my father took me to his workplace at Lockheed. Some friendly engineering types took me under their wing and let me run a little program on punch cards on some big old mainframe that took up about 2000 square feet of floorspace. I was merrily running my improved program on a particular visit without obtaining the necessary clearance from the "boss" which led me to EFF up an experimental wireframe model of the C-5 Galaxy military cargo plane's fuselage elements that had been running for days: they were pissed - I wasn't invited back and my dad was almost not invited back too: he worked there!

 

The C-5 wireframe was manipulable with a light pen and the effects of crude changes to the airframe could be calculated to approximately determine added airframe weight, aerodynamic drag, cargo capacity and so forth. I later saw the same type of round display tube and light pen being used with an early CAD system at Martin-Marietta Aerospace when I was working on the shuttle program in the 1980's

 

I remember a "funny" thing I did when I visited the Lockheed lab as a kid. You see, there was this Friden calculator. It was a mechanical beast that was somewhat bigger than a typewriter of the day. Here are pictures and even a video if you are that interested: http://www.oldcalculatormuseum.com/fridenstw.html

 

I was only 12 I'd guess but I'd long before learned that division by zero is undefined. Armed with that, I wondered how this computing marvel would deal with a problem encompassing such a parameter. I turned it on and waited for it to finish "booting up" for lack of a better term. Once apparently stabile, I carefully entered a 1 followed by the divide key and then zero (it was actually RPN so substitute an analogous set of steps if you know what RPN even means). Pressing the "enter key" (or the equivalent as I don't remember how it actually worked) caused the huge and heavy "accumulator" carriage atop the thing to start thrashing back and forth. I remember smelling the faint odor of machine oil after some period of "calculating" which prompted me to commence trying to clear the thing of its indigestible mathematical meal.

 

Alas, all of my efforts were met with continued frantic clattering to the point I thought the thing would jump from the flimsy table upon which it rested. Getting a bit frantic myself, thinking I'd be discovered any minute trying to end my experiment on the now self-destructing calculator, I pulled the plug. After consideration of my options (chief among which was RUNNING!), I turned off the power switch, reapplied the wall cord to the socket and I switched it back "on". Only, it didn't switch on. Instead, it made a few humming noises, emitted more oily smell, clicked a few times in its final death throes . . . and went silent.

 

Evidently, the machine was either broken before I got there and its ability to deal with division by zero gracefully wasn't operational; or it was broken afterwards. I don't know,

 

In researching the recounting of this event, I have discovered that there was a "Divide Stop" key that evidently would quell the thrashing. Too bad I didn't know that at the time!

 

Finally, I had an early hand-held calculator when I was in Navy BE&E (Basic Electronics and Electricity) school. I also found a picture of it here: http://www.vintagecalculators.com/html/mits_150.html (Damn! The Internet is so cool!). I think my calculator had a blue display and the square root, square and reciprocal keys were buttons on the top of the case and not on the keyboard as pictured here. The calculator was new in 1973. I don't know where I got the money to buy the thing. I guess it was from my first Navy paycheck as the calculator was about $120 and so was my paycheck! 

 

Finally, if my sentences didn't make good sense it may be because the drugs have robbed me of my good sense.