Jump to content

Windows 8.1 and Browser problems with Website protection


Recommended Posts

Hello all, maybe you can help.

 

I have Malwarebytes Pro installed and have a problem that whenever the malicious website protection is enabled I cannot browse the internet. It also causes the browsers to crash and only a reboot helps.

 

Before I worked this out, I did a clean build of my laptop and it was only after Malwarebytes was installed it started. I am using the latest version.

 

I have trawled the forum for answers and the only thing similar is related to a killer network card. This sadly is not the case here as the card is an Intel card.

 

How does this website protection operate?

 

Many thanks in advance

 

Link to post
Share on other sites

Hello and :welcome: :


Let's start with some routine troubleshooting:

  • Please carefully follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
  • If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
  • NOTE: There is an FAQ section with valuable information located here - Common Questions, Issues, and their Solutions

Thanks,

Link to post
Share on other sites

  • Root Admin

Sorry for the delay. Too many topics to cover as quickly as I'd like to.

 

 

You appear to possibly not have the latest version of Sophos antivirus installed maybe?

There is an error accessing this file and Sophos has an article about it

swi_lspdiag.exe

http://www.sophos.com/en-us/support/knowledgebase/114342.aspx


Then as you can see from your Event Logs there are quite a few things going on with the computer.
Unfortunately I think you either are missiing some drivers or possibly using the wrong drivers?

Was this a fresh install of Windows or a reimage from a TrueImage backup?


URLSearchHook: [s-1-5-21-4130320504-2816338444-170564418-1002] ATTENTION ==> Default URLSearchHook is missing.

This really looks to be mostly driver issues. If you uninstall MBAM and reboot a couple times you should still see these errors showing up would be my guess.


 

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/08/2015 11:20:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.



Error: (02/08/2015 08:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcronisTrueImage2015_web_trial_en-EU.exe, version: 18.0.0.6525, time stamp: 0x54770000
Faulting module name: ntdll.dll, version: 6.3.9600.17476, time stamp: 0x54516af9
Exception code: 0xc0000005


System errors:
=============
Error: (02/10/2015 08:39:54 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (02/10/2015 08:39:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sophos AutoUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/10/2015 08:39:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sophos Anti-Virus service terminated unexpectedly.  It has done this 2 time(s).

Error: (02/10/2015 08:39:02 PM) (Source: SAVOnAccess) (EventID: 37) (User: )
Description: Driver threads still active when driver is being shutdown.

Error: (02/10/2015 08:38:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Anti-Virus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (02/10/2015 08:38:34 PM) (Source: SAVOnAccess) (EventID: 37) (User: )
Description: Driver threads still active when driver is being shutdown.

Error: (02/10/2015 02:02:47 AM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (02/10/2015 02:02:47 AM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (02/10/2015 02:02:47 AM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (02/09/2015 08:54:36 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.



Error: (02/08/2015 08:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcronisTrueImage2015_web_trial_en-EU.exe18.0.0.652554770000ntdll.dll6.3.9600.1747654516af9c000000500055475192001d043dd22cee029\\DISKSTATION\Backups\SSR\AcronisTrueImage2015_web_trial_en-EU.exeC:\Windows\SYSTEM32\ntdll.dll60e08519-afd0-11e4-8257-a088b4165938

Error: (02/08/2015 07:58:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.111142c01d043d7a83767e660000C:\Program Files (x86)\Google\Chrome\Application\chrome.exeab330ba4-afcc-11e4-8254-a088b4165938
 

 

 

 

 

Link to post
Share on other sites

Thanks for the response appreciate the input and suggestion.

 

The build was a clean build direct from DVD of Win 8.1 x64. It was not from Acronis.

 

I have looked into a few of the Event viewer errors and they all appear to be related to the system hibernating. So no real help there.

 

I do however think that Sophos may be related to the problem and have been thinking along them lines, I have checked and mine is the latest version. It auto updates.

 

Some of the crashes are related to when the problem occurs, the system seems to stop loading browser.

 

What exactly does the Website Protection do? and how does it do it? Is it checking the site prior to allowing the port open (firewall)? Or what?

 

Once again thanks for your help.

 

I may try unistalling Sophos and seeing what happens. Although I did try unchecking and checking all configurable options in Sophos just in case.

Link to post
Share on other sites

  • Root Admin

I would not uninstall your antivirus without using something else in it's place. MBAM is not an antivirus product, it's designed to work in conjunction with your antivirus.

 

You might try uninstalling MBAM and running it for the day and seeing if the issue goes away completely or not. Do a few reboots and then review your Event Logs and see if the errors come back or not.

 

If the errors do not go away or the issue does not go away then you may try uninstalling Sophos and using maybe Microsoft Security Essentials temporarily so that you do have an antivirus while testing.

 

We could scan for some other things or do some browser resets but I don't think they're going to help with some of that. Once an application crashes it can corrupt memory and step on other programs too.

 

Let me know if you can manage that testing or if you need further help from me with that.

 

Thanks again

 

Ron

Link to post
Share on other sites

  • Root Admin

No I understand. I'm saying that as part of testing you need to temporarily uninstall Sophos and just run maybe MSE and MBAM and see if the issues are there or not.

Not saying to remove Sophos and keep it off, just test what's really going on here. I'm am almost 100% certain all those Events do not go away with MBAM off of the box either, but let's test and see how things operate with Microsoft  Security Essentials and MBAM running and Sophos fully removed for testing.

 

http://windows.microsoft.com/en-us/windows/security-essentials-download

 

I'll check back on you again sometime tomorrow.

 

Thanks

Link to post
Share on other sites

So I think it has sorted itself out.. Although I am not sure why!

 

What I did was to download a different version of Sophos, still 10.03 bit this version was an extra 20 MB over the one I had saved before.

 

escw_103_sa_sfx.exe 126MB

escw_103_sa_sfx.exe 105MB

 

MalwareBytes was already installed, then I installed the Sophos AV.

 

I am still not convinced it is corrected but at least I know what is conflicting.

 

Cheers for all your help. Will see how things play out.

Link to post
Share on other sites

  • Root Admin

The Event Logs are often the best source of seeing what is going on without having to run other tools. If you do have any ongoing issues between them then you may need to setup some exclusions either in Sophos or MBAM or both to exclude each other from scanning.

 

Let me know how it goes please.

 

Thanks

 

Ron

Link to post
Share on other sites

So I think I have cracked it. 

 

It is the Service 

 

Sophos Web Filter - Ensures web usage is safe and consistent with policy.

 

 

It seems it installs this with the Endpoint security even if it is not centrally managed. If you disable the service all seems to work as expected.

 

Will monitor it for a couple of days and see if I am correct.

Link to post
Share on other sites

  • 4 months later...

So I think I have cracked it. 

 

It is the Service 

 

Sophos Web Filter - Ensures web usage is safe and consistent with policy.

 

 

It seems it installs this with the Endpoint security even if it is not centrally managed. If you disable the service all seems to work as expected.

 

Will monitor it for a couple of days and see if I am correct.

 

 

 

 

This solved it for me! Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.