Slow MBAM rule updates

[digmorcrusher]

I've noticed the last 2 or 3 days that MBAM does not update as quick as it used to. Normally when I boot up it will update very quickly. Lately I've been doing a manual update, of course this may just be a case of me being impatient, if I wait 5 or 10 minutes it may update, but it seems to me that it is not updating as quickly as it used to.

[digmorcrusher]

edit: I'm not worried about it so I'm not going to post logs unless someone with MBAM  thinks its imperative and will help with fixing a bug.

[daledoc1]

Hi, digmorcrusher:

 

The behavior you report is different from that reported by the OP.

Without data, though, it's impossible to say what's going on.

 

If you continue to have problems, please start your own topic, with logs, so that we may better assist both of you with "customized" help & less confusion.

 

Thanks for your understanding,

[digmorcrusher]

Yes, I know its different, but didn't want to start a topic for basically a quick comment. As stated its not an issue and may be something as simple as me waiting for another minute or two for an update. So unless things change dramatically I will not be raising this any further.

 

By the way Daledoc, do you ever sleep or you on here 24/7? 

[digmorcrusher]

ooooh, gets me everytime, can't edit. Just came back to say I know you guys prefer one topic/one thread. You can delete my posts if you want if you think they may cause confusion.

[AdvancedSetup]

No problem digmorcrusher. I've split your topic to it's own so we can discuss in more detail.

Can you please open MBAM and go to History, Application Logs. Locate the last 3 Protections Logs. Then open them one by one and export them to .txt text files. Then click the "More Reply Options" button and post them back here as attachments. That way we can review the history of updates you're having.

Then also please read the following and post back the 3 requested logs.

Diagnostic Logs

Thank you

[digmorcrusher]

ok, as stated I wasn't worried about this at all but seeing you were kind enough to open an new topic here are the logs.

1.txt

2.txt

3.txt

Addition.txt

CheckResults.txt

[digmorcrusher]

Check Wilders, seem like a couple people having the same issue as me.

[AdvancedSetup]

What do you have the update scheduler set to? ie. how often does it check for updates. Either the log is wrong or something isn't running right so want to know what you have. If possible can you show me a screen shot of your scheduled update setting.

You also have a file in the %temp% folder that is being excluded from detection or scanning.

C:\Users\Dwight\AppData\Local\Temp\is-HKC3O.tmp\OCSetupHlp.dll

I would not recommend having anything in temp excluded.

Getting late and I'll be out of the area tomorrow so my next reply might possibly take a while.

Thanks

[daledoc1]

Hi, digmorcrusher:

 

As AdvancedSetup inquired (and in addition to his advice about that dll exclusion in the temp folder):

 

What is your update check schedule?

(See below for a picture from YOUR log with an "hourly" update check schedule, and a picture from MY log, also with an "hourly" update check schedule. Something appears to be "off" in your log.)
 

So: Is your system date/time/timezone correct?

 

Also: You posted the Addition.txt log from FRST, but not the FRST.txt log.

Do you have the FRST.txt log, as well?

 

Thanks for your patience,

[digmorcrusher]

Time and date is correct.

 

Not sure why that exclusion was there, I don't remember doing that. Anyways I removed it, that file dies not exist in my appdata folder now.

 

Here is screenshot of update settings.

 

Sorry, don't have txt.log, I deleted everything, thought I had posted all that was asked for. If I have time I will re-do later.

[daledoc1]

Hi:
 
You might want to have another go at the diagnostic logs, as AdvancedSetup originally requested here.
When you ran FRST, it ought to have produced 2 logs, FRST.txt and Addition.txt.
They would be in the same place (probably your desktop?).
 
If not, then let's try that again, as AdvancedSetup likely needs to see both of the logs, FRST.txt AND Addition.txt.

The instructions are here:  Diagnostic Logs.

 

NOTE:  Before you run FRST again, please place a check-mark in the "Addition.txt" option. Do not make any other changes to the settings.

 

Please post back with both new logs, if you can.

It might also help if you could please post another screen shot, showing the "Advanced" settings for that update scheduler task.

 

Then please wait for AdvancedSetup or another forum staff/expert to respond.

It is the weekend, so please be patient.

He may ask you to cleanly reinstall MBAM, or he may refer you to another forum area for deeper work, depending on what the logs show.

 

(I have a couple of other easy suggestions, such as deleting the scheduled update task and creating a new one from scratch, with a new starting date.  Doing so wouldn't hurt. But it's probably best not to make changes to your MBAM installation until he can see your logs.)

 

 

 

Thanks,

[digmorcrusher]

okey dokey

Addition.txt

FRST.txt

[daledoc1]

Thanks for the logs.

 

OOPS!  Your screen shot shows that you have scheduled a THREAT scan for hourly, not an hourly UPDATE check.

 

I'm sorry if I confused you.

The default/recommended schedule frequency for a THREAT scan is DAILY.

A reasonable schedule for an UPDATE check frequency is HOURLY, with a recurrence every 1 to 4 hours.

You just need 1 of each task scheduled - I have attached a screen cap from my MBAM to illustrate.

 

Please wait for AdvancedSetup or a forum expert/helper to assist you, perhaps with a clean reinstall or with some deeper work in another forum section, to find out why MBAM doesn't appear (at least from the logs) to be updating correctly.

 

Thanks for your patience.

[digmorcrusher]

 My error, when I go to Automated Scheduling and click on Edit the window pops open, under Operation type it says Check for Updates. When I click on Add  the operation type shows Threat Scan. So I  clicked on Add by mistake and that's what the screenshot is showing. You can see it in the screenshot, its the Add Schedule.I don't have any threat scans scheduled. Sorry for the mistake. Here is the correct one.

[AdvancedSetup]

There appears to be some policy restriction on Chrome which is not normal. You also have a corrupt Windows Search index catalog that needs to be corrected. I would also recommend you do a full disk check on your drive.

 

 

From and Elevated Admin command prompt you can run the following.

 

 

CHKDSK  C:  /R

 

Then press Y to run the disk check after restart. Then restart and let it run.

 

 

 

Please visit the following site and run the fixit tool from Microsoft.
Fix Windows Desktop Search when it crashes or not showing results
 

 

Then I notice you have Emssisoft which potentially may have an issue. One of there Techs is checking on that to confirm or  not. For now we'll assume it's okay until I hear back otherwise.

[digmorcrusher]

Ron, I ran chkdsk and Fixit tool and included log for it. Whats next?  Appguard throw up a lot of alerts for Chrome when my computer sits idle for awhile, wonder if its related to the policy restrictions?

[AdvancedSetup]

Well for the policy restrictions we'll need to have you open a new topic in the Malware Removal forum. We don't allow that type of cleanup work in this forum..

I think you know where and how to make one, then just say that I've asked you to do so and that I'll be helping you and post back the link and I'll help you further with it.

 

Thanks