Jump to content

MBAM cust svc suggests I use ComboFix for resource issues...wtf?!


Recommended Posts

Longtime MBAM user here.  Have always found the product to be a very elegant, resource-efficient, effective tool.  I also have always appreciated the ability for the user to custom configure the way the app works.  However, with the 2.x release, I am reconsidering my AV solution.  if I can't get this hog to run properly, i'm going to trash it.  CPU utilization is terrible and many of the most useful customizations have been omitted from this most recent release.

 

On top of this, I sent in a service request outlining the CPU issues (and some other config questions), sent in the "attach" and "DDS" logs per request and the CSR felt that the best fix for my issues was to run ComboFix...wtf?!  When I asked him to provide me with what in my logs pointed him to this (seemingly) incongruent fix, all I've gotten has been silence.  Hence, I was forced to open an account here and try to resolve this with some of the more engage MBAM experts here.  

 

Original note to MBAM support (log files attached):

Drew W, Jul 02 11:41 AM:

Dear sirs - I have been a loyal Malwarebytes user for the past several years. Love the product! But, this most recent update to the app omitted some useful features from the past rev, which has added quite a bit of overhead (and annoyance) that need not be.

1) Notifications need to be broken out, like they used to be. Users need to have the option to control how website blocks are notified *and* how threats are notified. The latest rev. lumps them both together. Please break them out again.

2) Scans seem to consume even more CPU than in previous versions. Although I understand the need to focus on the scan, is it truly necessary to consume 90%+ of the CPU (and I have a quad-processor high-RAM device)?! Why not either lower the CPU demand and/or allow a user to control how much of the CPU the app can consume (like Photoshop).

3) Related to CPU consumption...trying to cancel a scan is a disaster. It does not cease the scan immediately, but requires up to 5 minutes to finally cease. Pause scan is immediate.  The only way to do an efficient cancel scan is to pause first, wait for the scan to pause, then cancel it.  Just hitting "cancel scan" causes the app (and CPU) to hang.

4) Related to the inordinate CPU consumption, scheduled scans are a problem in that if a user selects to Recover missed scans, the scan starts immediately at the next chance (i.e. first bootup of the morning) and just causes all sorts of problems with the high CPU consumption. Please offer the option of the app to *warn* the user of a pending scan with the option to either "continue scan" or "pause scan" (with a drill-down option of a time select for postponing...a la the restart reminder for Windows Update). As it is, I've had to disable the Recovery option. This means I will most surely miss some needed scans (as will other users).

Please make changes to ensure that this most recent rev works in the manner that your customer base has become accustomed to. As it is, this most recent rev is a terrible CPU hog with a poorly thought out feature set. I, like others, may end up lighting up the message boards with recommendations NOT to upgrade (and in my case, to go backwards).

Thank you for your consideration. Feel free to contact me with any questions. I would appreciate follow-up, please.

Drew W

 

 

attach(DW_W7).txt

dds(DW_W7).txt

Link to post
Share on other sites

Hello and :welcome:

Sorry your having issues... some things to consider...

However, with the 2.x release, I am reconsidering my AV solution.

First off Malwarebytes is not an antivirus program, its an antimalware program designed to supplement your AV.

Second, its hard for us to get a good grip of what's going on without a good starting point. The helpdesk as well as these forums are only trying to help, so please be patient, its OK to ask questions, just keep in mind that the trained personal here know what they are doing and will help in any way they can.

That being said, lets get that starting point by following the instructions below. (FYI I have several computers with quad core procs, with plenty of ram and it does not use up 90% of the processor nor does it bog down the computer, so lets see what's going on with yours)

Let's try this first....

Thank You,

Firefox

Link to post
Share on other sites

Thanks for the reply, FF.  Before spending the time to create an account on this forum, I  spent a couple hours reviewing threads that closely matched my issue (including reading the pages you suggested, yada yada yada...I'm not a noob).  

 

The two things bubbled up from my research were...it seems that there are more than enough users having CPU issues (meaning, it's statistically significant and not just our collective imaginations...what is the company doing about this?!), and secondly, I didn't read one single instance where the clean install solution was anything more than a waste of time.  This just comes off as a usual "uninstall/reinstall" punt that is so often the calling card of a CSR at their wits end.

 

Don't mean to sound like a total dick here, but I'd just like someone to demonstrate that they have: 1)  actually carefully read through the issues I've painstakingly detailed; 2)   have carefully looked through the attached logs; 3)  have provided me with a troubleshooting path that may demonstrate a more personalized effort than the typical "hands-in-the-air" punt.

 

Tell me why doing this clean install/log creation will be any different and maybe I'll give it a shot (and, if I do give it a shot and it actually works, I will happily eat my words and tout you as a customer service god).  

 

Again, thank you for your reply regardless.

Link to post
Share on other sites

The clean install, has helped many of folks here. I can not answer as to what the company is doing with any of their programs as I do not work for Malwarebytes.

I am not in denial that other folks have an issue similar to yours. Most have been resolved and were due to either a conflict with software or even the person was infected and were not aware of the problem. If you work with the team, you may find that your issue will get resolved.

As for the starting point, we/I have no way of knowing what the status of your Malwarebytes is, if it was an upgrade, fresh install or new install. Sometimes an upgrade install does not go smoothly and doing a clean install as suggested helps with some issues and gives us a base line to work with.

The use of foul language is not needed nor warranted in order to receive help and or attention. I understand your frustrated and I am only trying to help.

1. I have read your logs but I and I know others here on the forum will need addition info this is why I asked you to supply the other three logs.

2. As stated above in 1, I did read your logs

3. I did provide you with the troubleshooting path and the logs being run on your system will provide us with the personalized log for your specific computer so we can see what's going on.

Link to post
Share on other sites

So I did the clean install on, both, my laptop (W7) and desktop (XP).  Both are running slightly better, but I'm still not happy with performance.  And, actually, the feature set remains subpar with 2.x, in comparison to the previous rev.  

 

I've included the requested logs, just to be sure...but I'm inclined to go back to the old rev of MBAM and wait for v 2.x

 

Awaiting your response.  Thank you.

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

Hello TommyGunnSF:

Although inexplicably incomplete, the logs indicate the computer would likely benefit if you visit our Malware Removal Help sub-forum. However, to do so you must uninstall/disable all traces of torrents or P2P applications on your system. After deleting all previous copies of FRST64.exe , and C:\FRST, rerunning FRST64.exe and posting those fresh logs would be a plus.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

Thank you. :)

Link to post
Share on other sites

Although I appreciate the generous "call to arms" with my issue....I'm not hearing anything that addresses my issue.  Which is, quite simply, that MBAM 2.x is a resource hog.  I've jumped through all these hoops above (and those requested by the original TS offline) and, still, nobody has been able to give me a straight answer.  

 

What in my logs points to the need for either of the suggestions made...1)  run ComboFix (ha, this still is the best), 2)  delete all my torrents and uTorrent (which...seriously?!  give me a break.  95% of my torrents are from private trackers).

 

Let me put this most clearly...*everything*....I repeat...*everything* is running just fine on *both* of my computers.  The one and ONLY app that is NOT running perfectly remains Malwarebytes 2.x.  

 

So, although again I truly appreciate the replies, I'm not buying the deflections away from my real issue, which remains MBAM 2.x.   The way I see it, my best move is to down rev back to v1.75.  If someone can convince me otherwise, I'm all ears.  Otherwise, I'm going to wait till the next major release for all the kinks to be worked out.   Cheers.

Link to post
Share on other sites

  • Root Admin

No it is not due to torrents - {side note: private torrents do not guarantee safe files} though running just about any torrent program I've ever run is a resource hog that is not your issue or concern here. When or if being assisted in detecting or removing malware we'll ask you to disable peer2peer software but again that is not the case here (so far).
 
MBAM may be a resource hog due to something running on your computer. It certainly is not a resource hog for my computer in any shape, form, or factor.
There is obviously something going on with your systems then as I have 0% of CPU in use when not actively scanning or updating the database as you can see from the screenshots below.
 

CPU USAGE
cpu-usage_zps684f0788.jpg

MEMORY USAGE
memory-usage_zpsfe3df2d8.jpg

DISK USAGE
disk-usage_zps77479400.jpg

NETWORK USAGE
network-usage_zps081da7f4.jpg



 
My guess after reviewing your logs is that it is probably due to not having exclusions setup for your Kaspersky antivirus.
 
Please review the following information which hopefully should prove to help reduce resource usage of both programs.
 
Below are some exclusions as well as links to help install, setup, or update your Kaspersky antivirus product for use alongside Malwarebytes Anti-Malware

To setup exclusions for Kaspersky Anti-Virus and Kaspersky Internet Security

Kaspersky Anti-Virus and Kaspersky Internet Security

Set Exclusions for Malwarebytes' Anti-Malware in Kaspersky Internet Security and Kaspersky Anti-Virus on 32 bit Windows Versions:

  • Open Kaspersky and click on Settings in the upper right-hand corner
  • Click on the right-most icon in the upper left to access Detected Threats and Exclusion Rules
  • Under Exclusions click on Settings...
  • In the Trusted zone window that pops up click on the Trusted applications tab
  • Click on the Add button and select Browse
  • In the browse window that opens navigate to C:\Program Files\Malwarebytes' Anti-Malware
  • Double-click on mbam.exe and in the window that pops up, click the box next to each of the items listed in the window so that they are all checked and click on OK
  • Do the same for each of the following:
    • mbam.exe
    • mbamgui.exe
    • mbamscheduler.exe
    • mbamservice.exe
  • Once that is complete, click on OK to close the exclusions window
  • Click on Apply at the bottom of the Settings window then click on OK
  • Close the Kaspersky main window

Set Exclusions for Malwarebytes' Anti-Malware in Kaspersky Internet Security and Kaspersky Anti-Virus on 64 bit Windows Versions:

  • Open Kaspersky and click on Settings in the upper right-hand corner
  • Click on the right-most icon in the upper left to access Detected Threats and Exclusion Rules
  • Under Exclusions click on Settings...
  • In the Trusted zone window that pops up click on the Trusted applications tab
  • Click on the Add button and select Browse
  • In the browse window that opens navigate to C:\Program Files (x86)\Malwarebytes' Anti-Malware
  • Double-click on mbam.exe and in the window that pops up, click the box next to each of the items listed in the window so that they are all checked and click on OK
  • Do the same for each of the following:
    • mbam.exe
    • mbamgui.exe
    • mbamscheduler.exe
    • mbamservice.exe
  • Once that is complete, click on OK to close the exclusions window
  • Click on Apply at the bottom of the Settings window then click on OK
  • Close the Kaspersky main window

Set Exclusions for Kaspersky Anti-Virus and Kaspersky Internet Security in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Kaspersky Lab and click OK
  • Close Malwarebytes' Anti-Malware

If needed you can add the following site to the Firewall or Site Blocking tools to allow updates for Malwarebytes Anti-Malware
 

data-cdn.mbamupdates.com

 
 
 
Here are some resources from Kaspersky to assist in setting up their product.

I would also recommend you uninstall ALL versions of Java and then reinstall just the latest version of Java if you really need it. If you can do without it then that would be the better choice.

Older versions of Java have been compromised and can easily lead to an infected computer.

 

 

[EDIT - Additional information added by another user daledoc1]

 

Logs show KIS2012, which is End of Service and nearly End of Life (though it will continue to get database updates for a few more months).
Now that 2015 has been released, 2012 will be EOL soon, too.
http://support.kaspersky.com/supported_home
 
Also, for what it's worth you appear to have a VALID license for 2012, which you ought to be able to clean upgrade to 2014, and POSSIBLY 2015, with that same license.
(Licenses are good for version -1 and +3, so it might work for 2015; 2014 is more stable and still fully supported & definitely ought to work.)
Otherwise, you can contact support and they can issue you a license activation code that will work for 2015.

 

kaspersky-eol_zpse29fd3de.png

 

Link to post
Share on other sites

Again, thanks for the reply. But, I don't run Kaspersky...ever.  It came as bloatware and I always exit it upon any reboot.  I've just not gotten around to completely deleting it.  Plus, it's not installed on my XP box.  It's not Kaspersky.  It sucks up my CPU only during scans...not while it's running in background.

 

The net is that I just don't like the feature set of 2.x.  For example, when it recovers a scan, it doesn't tell the user but just runs in the background slowing everything down.  It should float a pop-up letting the user know it's recovering a scan and giving the user the option to continue or postpone or kill the scan.  That's how nearly every other app works for such things.

 

There are other gaps in the feature set, but I just don't care about 2.x any longer.  I'm going back to 1.75 and will wait till an update.  Cheers!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.