Root Admin AdvancedSetup Posted May 30, 2016 Root Admin ID:1042631 Share Posted May 30, 2016 Yes, it certainly is difficult because even the reported number of users with the issue is very low. If you can consistently have the issue let me know and if you like we can try some tracing tools. Link to post Share on other sites More sharing options...
Chris635 Posted May 30, 2016 Author ID:1042635 Share Posted May 30, 2016 21 minutes ago, AdvancedSetup said: Yes, it certainly is difficult because even the reported number of users with the issue is very low. If you can consistently have the issue let me know and if you like we can try some tracing tools. It could be the number of users are low is because not every one lets outlook run at start up and for 24 hrs a day LOL! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 30, 2016 Root Admin ID:1042636 Share Posted May 30, 2016 Hard to say. We have millions of users and less than a dozen reports of this issue that I'm personally aware of. But again let me know if it continues to block repeatedly Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044689 Share Posted June 10, 2016 Same thing just happened again.Here is a few logs. I noticed it right after a manual scan of a file from the context menu. FRST.txt CheckResults.txt Malwarebytes log.txt Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044690 Share Posted June 10, 2016 I forgot to mention this was about 0930 PM Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044691 Share Posted June 10, 2016 Extra info here. Also there are some ntuser.dat keys were cleared updating 0 keys and creating 0 modified pages. These keys are all different. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2016 Root Admin ID:1044711 Share Posted June 10, 2016 Not related but can you check this link below and enable your System Restore and then create a new Restore Point Please read the following article on how to re-enable System Restore please and create a new system restore point. http://www.howtogeek.com/237230/how-to-enable-system-restore-and-repair-system-problems-on-windows-10/ Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044743 Share Posted June 10, 2016 I use a different program for my back ups. Full images and file back ups. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2016 Root Admin ID:1044834 Share Posted June 10, 2016 No problem. Up to you. 1. Is your mailbox in Outlook a single mail service or do you use multiple mail sources. Like Gmail, Yahoo, ISP, etc ? 2. Do you know how to use Process Monitor in general ? Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044853 Share Posted June 10, 2016 I have my outlook account..connected to Microsoft exchange obviously. Then I have two other accounts attached, both gmail accounts. The gmail accounts work fine. The outlook account is the one that gets blocked. So it is something with exchange and Malwarebytes. I have used process monitor in the past, to check it out, but never for trouble shooting. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2016 Root Admin ID:1044855 Share Posted June 10, 2016 Thanks for the update. Have another customer with the opposite. The Exchange works fine but his Gmail gets blocked. Yes, please run your mail then MBAM and then a Process Monitor scan only long enough to capture the block (it creates huge amounts of data quickly) then zip it up and send to me. Will probably need to use a service for it though due to it's size. Send me the link via PM not here in public. So just want to run all things as quickly and as short as needed to log the block. We may need to move onto other tools though as this tool is great buy may not be good enough for the network traffic or API that may be doing the block. The block appears to be a fluke and we're trying to track down where or why it's happening. Upload File(s) to WeTransfer: Visit WeTransfer.com Click on I Agree Click on the icon on the lower left indicated in the below image Select the Link option Click on +Add Files Browse to the location of the file and double-click on it or click once on it and select Open Click on Transfer Once the transfer completes, click on Copy link Once you receive the Copied! message as indicated below, paste the link into your next reply Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2016 Root Admin ID:1044856 Share Posted June 10, 2016 Here are some tools that we may or may not use to help us track this down. Due to some of the potentially sensitive data we may capture you'll want to send logs in a private message not here in public. Process Monitor v3.2https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx Process Explorer v16.12https://technet.microsoft.com/en-us/sysinternals/processexplorer TCPView v3.05https://technet.microsoft.com/en-us/sysinternals/bb897437 WireSharkhttps://www.wireshark.org/ Also get either the PDF or CHM help file for WireSharkhttps://www.wireshark.org/download.html CurrPorts v2.22 - Monitoring Opened TCP/IP network ports / connections Copyright (c) 2004 - 2016 Nir Soferhttp://www.nirsoft.net/utils/cports.html Note: antivirus and possibly MBAM may attempt to flag programs from Nirsoft - they are safe and the alert can be ignored. NetworkTrafficView v2.02http://www.nirsoft.net/utils/network_traffic_view.html TcpLogView v1.25http://www.nirsoft.net/utils/tcp_log_view.html AdapterWatch v1.05 - Display information about your network adaptershttp://www.nirsoft.net/utils/awatch.html API Monitor http://www.rohitab.com/apimonitor Thanks Link to post Share on other sites More sharing options...
Chris635 Posted June 10, 2016 Author ID:1044857 Share Posted June 10, 2016 This may take some time as it is so random. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 11, 2016 Root Admin ID:1044873 Share Posted June 11, 2016 No problem.. Take your time and try to capture some process, network, and if possible API logs while blocking is happening. Link to post Share on other sites More sharing options...
Chris635 Posted July 2, 2016 Author ID:1048973 Share Posted July 2, 2016 I have yet to reproduce this again. I'm not sure where to go from here. I have let my system run for almost two weeks without rebooting and nothing happens. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2016 Root Admin ID:1049430 Share Posted July 5, 2016 Well that's a good thing it means you're now back in the "normal" with millions of others where there is no block Seriously though, as I had previously said, there are some people that have run into this issue but the numbers are very low. Please try restarting the computer and see if the block happens again or not and let me know. Link to post Share on other sites More sharing options...
Chris635 Posted July 5, 2016 Author ID:1049473 Share Posted July 5, 2016 8 hours ago, AdvancedSetup said: Well that's a good thing it means you're now back in the "normal" with millions of others where there is no block Seriously though, as I had previously said, there are some people that have run into this issue but the numbers are very low. Please try restarting the computer and see if the block happens again or not and let me know. I have rebooted and so far nothing to report. I haven't changed anything sooooooo....?anyway if it happens again I'll post back, but as you now know, it is/was so random, not sure at this point that it will happen again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2016 Root Admin ID:1049496 Share Posted July 5, 2016 Okay, sounds good. Let us know if it returns and is repeatable. Link to post Share on other sites More sharing options...
Bob_Si Posted December 2, 2016 ID:1076555 Share Posted December 2, 2016 I am having the same issue and a total reboot has been the only temporary fix. However, after reading this thread I tried the following procedure. The minute I did, my outlook client connected to the server. It may have been coincidence. Time will tell. But give it a try. Try this: 1. Open Malwarebytes Dashboard 2. Click on SETTINGS at top 3. Click on WEB EXCLUSIONS in left column 4. Click on ADD DOMAIN 5. add the name of your email server. In my case it is OUTLOOK.OFFICE365.COM You can find this in the account settings of your outlook client--- File/Account Settings/Account Settings then double-click the account that is failing. The mail server name will be on this page Link to post Share on other sites More sharing options...
Recommended Posts