Jump to content

Beta feedback: Slartybart


Recommended Posts

Very rough notes on bld 2012

Observations:

  • no file name for exported files - used to fill in mbam-log-yyyy-mm-dd (hh-mm-ss)
     
  • default loc=C:\
    subsequent exports remember loc
     
  • open xml file nothing in IE - but this is true for other xml files as well
    open txt file ok
     
  • History: logs - checkboxes not quite right - view opens last log opened
    dbl click is fine
    then check a dif log, view - opens previously viewed log
     
  • History log columns
    post-163458-0-44247400-1400219453_thumb.
     
  • chameleon - launches Mbam GUI before mbam-killer is complete
    user could hit scan before malware is killed ??Gui starts scan when mbam-killer is completed scan and exits
    GUI disappears CMD prompt still shows progress dots
    Mbam still in task mgr
    scan actually completed and created a log
    post-163458-0-16008900-1400219452_thumb.
    post-163458-0-59577100-1400219452_thumb.
    post-163458-0-18621700-1400219453_thumb.

    Mbam still in task mgr after hitting any key in CMD prompt
    launching a new Mbam kills "ghost" Mbam
     
  • Update flashes too fast if not connected to Inet- an inexperienced user will wonder what they did not see
    Check for updates seems to behave well after a DB update has been completed - before that the test for last update does not seem to work or maybe there is not test of the last update
    example: The install updates DB, but the initial scan also checks for updates - approximate 10-15 seconds to check
    After a few test scans, a DB update was available and applied, the next scan recognized a recent update and quickly moved into scan operation.
     
  • Closing another application window caused Mbam GUI to briefly change position and display dashboard window, not the active scan window.
    Active Scan window displayed correctly afterwards.
     
  • 5-15-2014 23:00 EDT scan check for updates gave me DB 5-16-2014-01
     
  • scan time and log file name do not match
    post-163458-0-68013200-1400219453_thumb.
     
  • Would be nice to have scan section times
     
  • Hueristic analysis runs if not ticked - might be normal
     
  • scanner progress bar inconsistent - steady progress or marquee scroll in hueristic analysis
    pause at 230800 10 seconds
    231300 8 seconds
    post-163458-0-27832200-1400219454_thumb.
    post-163458-0-78406900-1400219454_thumb.
    post-163458-0-22840500-1400219455_thumb.
    post-163458-0-69548900-1400219455_thumb.

Zipfile attached with all xml files

 

Mbam_xml.zip

Link to post
Share on other sites

Certain duplicate information was removed from the table below for readability
bld 2.00.2.1012 Free version Threat scans were executed on the same Win7 SP1 x64 NTFS machine by the same administrator
Malware, Website, Self protection are not available in the Free version
Scans completed with no malicious objects detected
Memory, Startup, and Filesystem sctins cannot be changed - all reported enabled.
 
 

<table border=1><tr><td>Malwarebytes<td>Install over bld 1009<td>Install as new (clean)<td><td><td><td><td><td><td><td><tr><td>Anti-Malware<td>default settings<td>default settings<td>Ticks-none<td>Ticks-heur<td>Ticks-heur, arch<td>Ticks-heur, arch, root<td>Ticks-none Non-warn<td>Ticks-heur Non-warn<td>Ticks-heur, arch Non-warn<td>Ticks-heur, arch, root Non-warn<tr><td>Scan Date<td>05/14/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/15/2014<td>05/16/2014<tr><td>Scan Time<td>09:43:18<td>16:40:41<td>21:14:11<td>21:50:20<td>22:04:03<td>23:05:42<td>23:36:12<td>23:48:37<td>23:58:55<td>00:11:29<tr><td>Malware Database<td>v2014.05.14.05<td>v2014.05.15.14<td>v2014.05.15.14<td>v2014.05.15.17<td>v2014.05.15.17<td>v2014.05.16.01<td>v2014.05.16.01<td>v2014.05.16.01<td>v2014.05.16.01<td>v2014.05.16.02<tr><td>Rootkit Database<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<td>v2014.03.27.01<tr><td>Objects Scanned<td>253809<td>254388<td>254540<td>254811<td>254876<td>255568<td>254876<td>254876<td>254882<td>255580<tr><td>Time Elapsed<td>10 min, 10 sec<td>8 min, 37 sec<td>7 min, 30 sec<td>7 min, 28 sec<td>9 min, 4 sec<td>10 min, 18 sec<td>7 min, 18 sec<td>7 min, 18 sec<td>9 min, 4 sec<td>10 min, 22 sec<tr><td>Archives<td>Enabled<td>Enabled<td>Disabled<td>Disabled<td>Enabled<td>Enabled<td>Disabled<td>Disabled<td>Enabled<td>Enabled<tr><td>Rootkits<td>Disabled<td>Disabled<td>Disabled<td>Disabled<td>Disabled<td>Enabled<td>Disabled<td>Disabled<td>Disabled<td>Enabled<tr><td>Heuristics<td>Enabled<td>Enabled<td>Disabled<td>Enabled<td>Enabled<td>Enabled<td>Disabled<td>Enabled<td>Enabled<td>Enabled<tr><td>PUP<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Warn<td>Warn<td>Warn<td>Warn<tr><td>PUM<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Enabled<td>Warn<td>Warn<td>Warn<td>Warn</table>

 

Link to post
Share on other sites

A few things in my mbam-check file stood out

 

Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/05/15

Malware Database:             0000.00.00.00
Rootkit Database:               0000.00.00.00
Remediation Database:      0000.00.00.00
IP Database:                       0000.00.00.00
Domain Database:              0000.00.00.00
License:                           Free

 

Form the History Application logs

post-163458-0-71740100-1400516039_thumb.


Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  HH:mm:ss
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

 

Possible presentation issues?? Field length definitions?? Dunno, but thought I'd mention it.


C:\Program Files (x86)\Security\Mbam\\Chameleon\Windows
mbam-killer.exe File Size: 1181496   BYTES FileVersion:  N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731]


Notation only: Qt objects report version 4.8.4

QtCore4.dll         4.8.4.0

QtGui4.dll           4.8.4.0
QtNetwork4.dll   4.8.4.0

Qt Project version 5.2 is available

http://qt-project.org/


This section in the file needs a few CRLF (added in this post for clarity

I thought Error code 20001 might be due to the Free version not having some features. I added a file and folder to the Malware exclusions and still received the error.

 

Adding entries in the exclusion window presented the already reported 'duplicate' entries shown in the main window of malware exclusions (GUI issue only if I recall).

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001

 

Web Exclusions:
================
Unable to access exclusion information: Error code 20001

 

Quarantined Items:
===================
Unable to access quarantine information: Error code 20001


 

That's all for now, will post if anything else catches my attention.

 

Full mbam-check results attached

CheckResults.txt

 

Link to post
Share on other sites

No change after restart, check for updates

 

mbam-check still reports 0000.00.00.00 see attached

 

Dashboard seems to be correct

post-163458-0-86425900-1400618588_thumb.

 

I don't understand the Protection log information - is it cumulative updates, malware and rootkit info, or another presentation issue?

post-163458-0-43183800-1400618589_thumb.

 

There are two date.ver reported in the GUI and the exported text

mbam DB ProtLog exp.txt

 

I do not believe it is malware and rootkit DB info as a scan log from yesterday shows the Rootkit DB version:
--> Rootkit Database: v2014.03.27.01

 

Decided to look back at a few other Protection logs - it appears that two DBs are reported (prev & cur).

Side note: the table columns (Vendor, Type, Path, Action, ID) in a scan log are off (user can drag them to fit data though) - this table issue is not present in the Protection logs I viewed, only the scan logs 

 

I hope the data from this testing provides some measure of value to the development team. If you or they need additional information, let me know.

 

Bill

.

 

 

Link to post
Share on other sites

<kibbitz>

Your log shows Update, 05/20/2014 16:24:48, SYSTEM, EIDV6, Manual, Malware Database, 2014.5.19.7, 2014.5.20.10,
 

which says, a manual update run was done. The database was updated from the 7th iteration-release ( if I can call it that) of the 19th up to ( and inclusive of) the 10th iteration-release for the 20th.

yes, a update run is cummulative.

 

Seems to me what you are showing is a quirk in the mbam-check tool.

Link to post
Share on other sites

Thanks for the explanation Maurice; better to know than to guess.

 

Agreed, mbam-check presents the wrong data.

 

I don't know if other people are seeing this issue, but It is easily reproduced on my machine. I can retest whenever mbam-check gets patched - just let me know.

 

Bill

Link to post
Share on other sites

more mbam-check observations


Note the double slashes

C:\Program Files (x86)\Security\Mbam\\Chameleon

C:\Program Files (x86)\Security\Mbam\\Chameleon\Windows

C:\Program Files (x86)\Security\Mbam\\imageformats

C:\Program Files (x86)\Security\Mbam\\Languages

C:\Program Files (x86)\Security\Mbam\\Plugins


Note the missing CRLF

Malware Exclusions:

===================

Unable to access exclusion information: Error code 20001Web Exclusions:

================

Unable to access exclusion information: Error code 20001Quarantined Items:

===================

Unable to access quarantine information: Error code 20001===============================================================

END OF FILE


better output:

Malware Exclusions:

===================

Unable to access exclusion information: Error code 20001

Web Exclusions:

================

Unable to access exclusion information: Error code 20001

Quarantined Items:

===================

Unable to access quarantine information: Error code 20001

===============================================================

END OF FILE

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.