Jump to content

Recommended Posts

Since installing Malwarebytes Premium, my computer (desktop) no longer sleeps / hibernates.

System:

UEFI Bios

Windows 8.1 on SSD installed in UEFI mode
Motherboard supports instantboot & intel smart connect

Ton of CPU, RAM, GPU


My system is set to go to sleep after 15min of idle, hybrid hibernation after 30min.

I have it configured to automatically wake up and perform system maintenance, download & install windows updates, reboot as neccissary, perform full virus scans, etc and put itself back to sleep.

All this has been working flawlessly, until I installed Malwarebytes & upgraded to Premium.

I've tested this by leaving the computer idle for 30min. After 10 min the monitor turns off (as expected). After 15 min, the machine does not sleep, after 30 min, the machine does not hibernate.

I then uninstalled malware bytes and left the machine idle. After 10 min the monitor turns off (as expected). After 15, the machine sleeps. After 30 min, the machine enters hybrid hibernation.

These events were then verified in the windows Event Viewer -> System event log.

Since installing Malwarebytes Premium, my computer (desktop) no longer sleeps / hibernates.

System:

UEFI Bios
Windows 8.1 on SSD installed in UEFI mode
Motherboard supports instantboot & intel smart connect
Ton of CPU, RAM, GPU


My system is set to go to sleep after 15min of idle, hybrid hibernation after 30min.

I have it configured to automatically wake up and perform system maintenance, download & install windows updates, reboot as neccissary, perform full virus scans, etc and put itself back to sleep.

All this has been working flawlessly, until I installed Malwarebytes & upgraded to Premium.

I've tested this by leaving the computer idle for 30min. After 10 min the monitor turns off (as expected). After 15 min, the machine does not sleep, after 30 min, the machine does not hibernate.

I then uninstalled malwarebytes and left the machine idle. After 10 min the monitor turns off (as expected). After 15, the machine sleeps. After 30 min, the machine enters hybrid hibernation.

These events were then verified in the windows Event Viewer -> System event log.


Is there something broken in the malwarebytes scheduler? Its ignoring my Windows Powermanagement.

 

I have disabled its ability to check every hour for updates - as its not clear if that is every hour the machine is awake - or if its going to keep the machine awake in order to check.

I've attached the MBAM events generated when the machine attempts to go to sleep.

mbamevents.txt

Link to post
Share on other sites

Are you sure its not running a scan each time it won't sleep?   You may want to check what the settings are for a scheduled scan under Setting>Automated Scheduling.
 

Also try powercfg -requests in an elevated prompt to see if anything else is interfering with sleep.  Win 8.1 is known to have sleep issues.  Tons of info on the web about it.

 

Link to post
Share on other sites

Are you sure its not running a scan each time it won't sleep?   You may want to check what the settings are for a scheduled scan under Setting>Automated Scheduling.

 

Also try powercfg -requests in an elevated prompt to see if anything else is interfering with sleep.  Win 8.1 is known to have sleep issues.  Tons of info on the web about it.

 

I am positive its not running any scans while its trying to sleep. The scans are set to run at 3:31AM (during the other maintenance windows). I have disabled the update every hour, and made the scheduled scan update prior to scanning.

 

My installation of Windows 8.1 sleeps flawlessly with malwarebytes uninstalled.

I tested again by leaving the computer idle - and it failed to enter sleep mode. I then uninstalled malwarebytes - and it slept 15 min later.

 

There is definitely something in malware bytes scheduler that is conflicting with S3 & S4 states. I attached the error codes presented by windows event log in my previous post.

Link to post
Share on other sites

  • Root Admin

The logs indicate that something is certainly going wrong with the computer. Not sure it's infected but many issues going on that need to be looked at as to why. Not saying the computer is infected but you need to rule that out first. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

 

 

 

 

System Error:
0xC0000039 (unresolvable).

Error: (01/02/2015 09:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/02/2015 09:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17415, time stamp: 0x54503a3a
Faulting module name: ntdll.dll, version: 6.3.9600.17476, time stamp: 0x54516b13
Exception code: 0xc0000409
Fault offset: 0x0000000000081bd8
Faulting process id: 0x83c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/02/2015 06:20:25 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 250
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (01/02/2015 06:20:25 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (01/02/2015 06:20:25 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 250
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (01/02/2015 06:20:25 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.


System errors:
=============
Error: (01/03/2015 11:48:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (01/03/2015 11:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%2

Error: (01/03/2015 11:48:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (01/03/2015 11:48:21 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (01/03/2015 11:48:09 AM) (Source: DCOM) (EventID: 10010) (User: VAL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/03/2015 11:47:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (01/03/2015 11:47:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (01/03/2015 11:47:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (01/03/2015 11:11:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (01/03/2015 11:11:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Link to post
Share on other sites

AdvancedSetup….

 

the first error is just an explorer hanging --- something freaked out - but nothing major. Your typical "this application failed to not respond in time". 

 

the issues reported by acvpninstall & cryptography are related to my VPN client. Its an older version of Cisco AnyConnect --- but has no impact on the reported issue.

 

the bluetooth error is due to the fact that my bluetooth device does not allow offloading of the HCI state to the device itself. Its reporting that windows wants the adapter to save the connection state and can't. So any bluetooth devices that are connected will have to "reconnect" when the system resumes. This does not prevent the device from entering sleep - its just not going to auto resume the connections when it wakes up…. IE my mouse will take an extra second to start moving.

 

That leaves a couple of unwritable registry hives errors - nothing too crazy considering i have UAC enabled.

 

all the rest are MBAM related.

 

Error: (01/03/2015 11:48:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

 

which is clearly related to the first posted attachment MBAMEvents.txt

Link to post
Share on other sites

  • Root Admin

Well if things are as you say (not certain I agree without further investigation) then just do a clean removal and reinstall. If there is nothing going on with your computer that will fix the startup and running issues. As for preventing sleep anything that's going on at the time of sleep will trigger it not to sleep. If MBAM sees something launching and tries to monitor it yes it could stop it from sleeping.


Please uninstall your current version of MBAM and reinstall the latest version using this method. MBAM Clean Removal Process 2x

Thanks

 

Link to post
Share on other sites

Back with results. Sorry for the delay.

 

 

I followed method 3 (removal only).

 

After a restart - 15min later the system went to sleep.

 

I then reinstalled the application and did not activate it - restarted.

 

After 15 min the system went to sleep.

 

I then activated my premium and restarted without tinkering with the predefined scheduled updates / scans

 

The system failed to sleep.

 

--- I checked the event logs after about an hour(ish) and there are numerous occurrences of failed dependencies between MBAMService and MBAMProtector all correlating with events triggered from mbchamelon not verifying the digital signature of intel smart connect.

I uninstalled intel smart connect & MBAM - restarted - waited 15 min - sleep… etc.

 

I then redownloaded smart connect directly from intel (instead of my motherboard vendor). Restarted, waited, sleep.

 

 

 

Thats just leaving something going on with MBAM that I'm unable to figure out.

 

Will provide any logs you'd like to diagnose.

Link to post
Share on other sites

 

failed dependencies between MBAMService and MBAMProtector all correlating with events triggered from mbchamelon not verifying the digital signature of intel smart connect.

 

Have you tried to turn off MBAM Self-Protection (SP) in the Advanced Settings?

 

<just a thought from a home user, until AdvancedSetup returns>

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.