Jump to content

MBARW 0.9.14.361 Beta5 - Problems: Final Result = Service Stopped, Showing Protection is Enabled


V_S

Recommended Posts

I had issues immediately with Beta4, and after uninstalling Beta4 and installing Beta5 due to memory leak issues posted about here - https://forums.malwarebytes.org/index.php?/topic/178651-memory-issue/?p=1019304I had further issues.

 

There was no reply on that, and further issues continued until discovering Malwarebytes Anti-Ransomware 0.9.14.361 Beta5 has not been running for the last 3 days.

 

Here is my personal record of everything and the MBARW files are attached:

 

  •     2016-02-13    3:30AM Uninstall of Beta4, reboot, Install of MBARW 0.9.14.361 Beta5
  •     3:41AM - MBAMService.exe 62,152 RAM steady after launching Outlook
  •     3:43AM - Launched WaterFox 64-bit Portable
  •     3:53AM - 63,XXX RAM then WaterFox reset position in the taskbar and RAM dropped to 43,068.
  •     4:27AM - 43,068 RAM - Launching Firefox 32-bit installed
  •     4:49AM - 43,069 RAM - Performance issues after opening VMware Workstation v11.1.2, updating OpenVPN-AS VM, during the NagiosXI VM and launching Excel 2010 and Notepad. Nagios stuck at 48/48 for an extended time
  •     4:52AM - Update in NagiosXI finished and performance seemed to return
  •     4:57AM - Waterfox crashed sometime in the meantime
  •     Debug of Waterfox "Not Responding" in Notepad, TeamViewer, Excel and mouse freezing
  •     5:10AM - Killed Debug
  •     5:17AM - Closed VMware Workstation
  •     5:19AM - Outlook is still popping in and out of Not Responding
  •     5:20AM - Closed Excel
  •     5:22AM - 43,068 RAM - Continuing system freezes. 3x PING.exe in Task Manager.
  •     5:22AM - Task Manager | C:\Windows\System32\WerFault.exe
  •     5:27AM - Closed TeamViewer connection
  •     5:44AM - Still performance issues and Not Responding, closed Outlook 2010
  •     5:49AM - Continued performance issues and system freezing, closed Firefox
  •     6:00AM - Firefox wouldn't close, had to End Task, but plugin-container.exe would not close and couldn't force close with End Task
  •             Spiceworks server external inaccessible notification 2x
  •             Webroot SecureAnywhere 9.0.8.67 indicated "Scan Required"
  •             Slept CrashPlan online backup for 2 hours
  •     6:15AM - Rebooted, could not recover from this
  •     6:40AM - Was forced to hard reboot and chkdsk, system logged back in
  •     6:45AM - [+]Added mbarw.exe / mbamservice.exe to Webroot SecureAnywhere Exemptions (Allow)
  •     6:46AM - Started Outlook
  •     6:59AM - No performance issues encountered
  •     7:02AM - Started Excel
  •     7:18AM - No performance issues encountered, started a TeamViewer remote session
  •     7:29AM - [+]Added to MWBARW Exemptions - C:\Program Files\CrashPlan\CrashPlanDesktop.exe & \CrashPlanService.exe
  •     7:42AM - Opened VMware Workstation and ran update commands inside VMs
  •     7:43AM - No performance issues encountered, 8.34GB of SYSTEM RAM in use, wakeup CrashPlan to resume backup
  •     7:50AM - Swapped to a different TeamViewer remote session, tested small transfer over FTPS
  •     8:02AM - Closed VMware Workstation
  •     8:03AM - Ran Firefox 32-bit installed version
  •     8:11AM - Loaded up last Session in Firefox with no performance issues. Logged in to Spiceworks HTTPS site.
  •     10:11AM - No performance issues so far, going to bed
  •     6:55PM - Started Waterfox 64-bit Portable
  •     7:10PM - No performance issues so far.
  •     7:30PM - Resumed Visual Studio Virtual Machine

 

  •     2016-02-14    9:05AM - ****Noticed Veeam Endpoint Backup v1.1.2.119 was running for the last 20 hours without backing up anything
  •         Attempted to Cancel Veeam Backup, but it was not stopping
  •         Attemped to add Exemption to MBARW, but the MBARW GUI froze.  Had to End-Task both.
  •             [+]C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Manager.exe
  •             [+]C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
  •             [+]C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\service_process.exe
  •         Trying to launch "C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe" didn't show tray icon.
  •         Trying to restart MB3Service failed to stop service and would not restart.
  •         End-Task on MBAMService.exe (MB3Service)
  •         Manually ran Veeam Endpoint Backup successfully
  •         Unable to restart system due to incoming transfer of system image from offsite.
  •     8:38PM - Was able to manually start the MB3Service in Services, ran GUI via Startup Control Panel and it showed this time but indicates protection is disabled.
  •         Start Protection link and Fix Now buttons do nothing.
  •         Add File for Exclusion in MBARW allows selection of excluded program, but does not show in/update GUI

 

  •     2016-02-15    12:30PM Explorer stopped responding on reboot
  •         MBARW launch GUI but wasn't started, right click on tray icon to start. Was successful.
  •         Acronis Backup and Recovery ran while MBARW was disabled and did not seem to experience any issues with scheduled backup run
  •         Ran Acronis Backup and Recovery and system resumed having Not Responding and performances issues. Stuck at 69%, couldn't stop the backup, explorer locked up, had to End-Task Acronis, still didn't help, had to End-Task both mbarw.exe and service, and immediately got system response back.
  •             [+]C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\service_process.exe

 

  •     2016-02-16    9:26AM NOTICED in tray - Veeam Backup Job Could Not Be Started
  •         [+]    C:\Windows\System32\VSSVC.exe
  •         Wasn't showing in Exclusions in GUI

 

  •     2016-02-17 @8:00AM Outlook 2010 occasionally not completing send/receive with new Outlook.com "Exchange" accounts.

 

  •     2016-02-18 After 12:00AM - Outlook 2010 is Not Responding and did not recover when trying to go into Manage Rules.
  •     1:00AM Tried to add Exemption in MBARW for Outlook to see if it would help with the issue of Outlook freezing with send/receive, but it would not update GUI. Checked the service log and no entries were in there since 2015-02-15. Checked service status and it was not started, even though the GUI stated that Anti-Ransomware Protection is Enabled.
  •     2:00AM Created Thread

Files Attached:

2016-02-18_ProgramData_Malwarebytes_MBAMService_logs.zip

2016-02-18_ProgramData_Malwarebytes_Malwarebytes Anti-Ransomware.zip

 

There seem to be issues with certain software caused by MBARW, but no indication in the GUI that MBARW is scanning, blocking, or affecting the software. Are there any plans to add this in the future?

 

Also, the service not running and showing the system is protected and trying to add Exemptions and not updating the GUI or actually adding them to the program is very detrimental at this point.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.