event id 7045 MBAMSwissArmy.sys

[goldbit]

i keep getting this notice:

 

Log Name:      System
Source:        Service Control Manager
Date:          5/30/2014 1:06:54 AM
Event ID:      7045
Task Category: None
Level:         Information
Keywords:      Classic
User:          ***********
Computer:      ***********
Description:
A service was installed in the system.

Service Name:  MBAMSwissArmy
Service File Name:  C:\Windows\system32\drivers\MBAMSwissArmy.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7045</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-05-30T06:06:54.022858300Z" />
    <EventRecordID>171898</EventRecordID>
    <Correlation />
    <Execution ProcessID="508" ThreadID="1056" />
    <Channel>System</Channel>
    <Computer>****</Computer>
    <Security UserID="S-1-5-21-1153561359-454420542-1328983482-1000" />
  </System>
  <EventData>
    <Data Name="ServiceName">MBAMSwissArmy</Data>
    <Data Name="ImagePath">C:\Windows\system32\drivers\MBAMSwissArmy.sys</Data>
    <Data Name="ServiceType">kernel mode driver</Data>
    <Data Name="StartType">demand start</Data>
    <Data Name="AccountName">
    </Data>
  </EventData>
</Event>

 

************************************************

it appears to have started when i upgraded from version 1.75 to version 2.00. I have a 64bit windows 7 machine and if i recall correctly , this should not be installing or running if in a windows 7 64 bit environment . So my question is why is this service being installed on my system now after version upgrade and it had never been reported before as far i can tell?

[1PW]

it appears to have started when i upgraded from version 1.75 to version 2.00. I have a 64bit windows 7 machine and if i recall correctly , this should not be installing or running if in a windows 7 64 bit environment . So my question is why is this service being installed on my system now after version upgrade and it had never been reported before as far i can tell?

 

Hello goldbit:

 

Quite to the contrary, that file system driver is indeed installed typically at C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys with MBAM2 in Windows 7 x64 systems.

 

From an elevated system prompt a "sc queryex MBAMSwissArmy" command should reveal it running.

 

Thank you.

[goldbit]

@1PW

 

I was wondering why did it just start reporting in the event logs when i upgraded to version 2.00?

[daledoc1]

That might be one of the Chameleon drivers used for MBAM Self-Protection.

Self-Protection is a new feature in version 2.

 

Thanks,

[1PW]

@goldbit

I was wondering why did it just start reporting in the event logs when i upgraded to version 2.00?

Until more competent authority weighs in...

 

References to "SwissArmy" files may have first appeared with the earlier, standalone, Malwarebytes Anti-Rootkit (MBAR) product releases, and as you may already be aware, the lion's share of MBAR is now an integral part of MBAM2.

Hence the installation of the MBAMSwissArmy.sys file system driver with MBAM2.

HTH

[daledoc1]

Oh, dear!

Thanks, @1PW.

I clearly did not have all my processor cores caffeinated yet, early this morning.

 

Sorry for mentioning SP, when I meant ARK.

 

Thanks for clarifying that!

[1PW]

I clearly did not have all my processor cores caffeinated yet, early this morning.

Personally I'd recommend an automatic wide open espresso IV drip like I do.

[Scribbious]

I've been battling with occassional lock ups on my relatively new Win 8.1 machine (Dell Precision T1700 w/ Raid1 dual SSDs).

 

I saw thousands of mbamchameleon entries in the event logs so turned off self-protection module as suggested elsewhere.

 

Something else that I noticed was that almost immediately prior to most of the lock ups, there is an etry just like the one in the origial post above.

 

Further searching shows that MBAMSwissArmy seems to be 'installed' numerous times every day. Since I haven't had lockups nearly that frequently, I'm wondering if there is a relationship.

 

Are frequent installations of this service (1,169 times since 8/29/14) normal?  Turning off self-protection doesn't seem to matter as I see one after having disabled it (though haven't rebooted yet)

 

Thanks for any input.

[daledoc1]

Hi, Scribbious.

 

Welcome.

This is a very old topic dealing with an older, now outdated version of MBAM.

Each computer is unique.
Problems that sound "the same" most often are not.
The same is true for solutions.
They most often need to be individualized.

It is less confusing for everyone if we try to stick to "one user per topic".
Please start a NEW, SEPARATE forum topic using this clickable button.
The staff and experts will be able to more easily provide you with individual help to get you up and running.

Thanks for your patience and understanding,