Jump to content

Windows 10 Anni: MBAMSwissArmy service failed to start - event id: 7000


Recommended Posts

Hello good people, - I've noticed that whenever I boot up my pc(Windows 10 x64 Home, Anniversary Update 14393.10) there's a an error with the event id: 7000 affecting the MBAMSwissArmy service. The software itself does appear to be functioning and I have noticed no immediate issues, but given that MBAMSwissArmy is a .sys file I'm assuming that it's of atleast some significance to the overall good functioning of MBAM.  This is the same error that I had been receiving with Anti-Exploit(In that particular case it wouldn't even launch), - that is until I installed the counter-signed build provided in this thread: (https://forums.malwarebytes.org/topic/186525-mbae-windows-10-au/#comment-1054383).

eventlog.txt

Link to post
Share on other sites

Hello and welcome::)

The recent Win10 Anniversary Update may have messed up MBAM.

Let's try this first....

  1. Please carefully follow ALL the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
  2. If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

Thank you,

Link to post
Share on other sites

  • Root Admin

Hello @hydropepon and :welcome:

The logs indicate you're having quite a few failed programs both running and starting. Nothing immediately obvious as malware shown in the logs but it's possible. 

Probably best to have you go get your computer checked out to make sure there is no malware or PUP on the system. Then if clean go ahead and try to start tracking down the cause of these failures.

For now please post your same logs in a new topic you create in the following section of the forum.

https://forums.malwarebytes.org/forum/7-malware-removal-help/

Thanks

 

 

Link to post
Share on other sites

Funnily enough this is actually a brand new Windows 10 Anni install... Most of the logs that you see there are the result of a cornucopia of restarts and adjustments made during my attempts to diagnose and fix what has gone awry. Thankfully, I think I may have gotten most of them, - the intel wireless driver is being a bit of a pain though(log, not user experience wise). Thank you for your concern anyhow.

Link to post
Share on other sites

Not to seem like I'm spamming, but - after disabling signature enforcement either through "bcdedit.exe /set nointegritychecks on" or via the " “Disable driver signature enforcement” advanced startup option the aforementioned event id error had disappeared. I suppose this result is rather obvious, but I just wanted to confirm it anyway. And obviously the error returns once the signature enforcement is re-enabled.

Link to post
Share on other sites

Update: by the looks of it, there are 2 different MBAMSwissArmy.sys files - I think the other one is created by... MBARW(?) And it would appear that it is this latter .sys that is actually causing these event 7000 errors(Well, actually, I did have ONE pop up at some point after applying my remedy). This other .sys file is seemingly only created in the absence of the "original". Also, neither uninstalling MBAM(might actually remove the "original", I'm not entirely certain), nor MBAE or MBARW appears to remove MBAMSwissArmy.sys and so I had to do it manually. Anyway, after uninstalling all 3 pieces of software in a sequence of MBAM(Using MBAM Clean), then MBAE and then MBARW and restarting after every uninstall and finishing up by manually deleting all the leftover files, folders and registry entries, - I reinstalled them all in that same order and it would appear that everything is hunky dory now...(mostly, anyhow). Also, following these actions my trial periods got reset for both MBAM and MBAE and so I feel like a bit of a dick about that, but I have every intention of purchasing both, the moment the trials end. And lasty, I've attached an archive with both of the MBAMSwissArmy.sys files inside. And I apologise if my posts read like some deluded streams of consciousness, that's likely due to a substantial lack of sleep on my part.

MBAMSwissArmy.7z

Link to post
Share on other sites

  • Root Admin

Please try the MBAM CLEAN for MBAM.

Then uninstall the MBARW and reboot.

If you're running MBAE please uninstall that too and reboot

Then run the MBAM CLEAN again and reboot again.

Then reinstall MBARW alone and check it out and reboot a few times and see if the error is still there or not. If the error is gone then reinstall MBAM now and update it. Then reboot a couple times and see if the issue is still gone or not.

 

Link to post
Share on other sites

Thank you kindly for responding. I followed your recommendations and here are the results: Immediately after MBARW is installed/launched a Program Compatibility Window pops up stating that "A digitally signed driver is required" with "Swissarmy SDK Malwarebytes" being indicated as the culprit and that Windows has blocked its installation. It also created a event id 7000 error both immediately upon installation/launch and after the first reboot which is also when I uninstalled it. Afterwards, I ran MBAM Clean again and manually deleted the leftover MBAMSwissarmy.sys followed by a restart after which I installed MBAM(let it update afterwards) and then rebooted a solid 20 times or so - checking the event viewer after every single one(thankfully nothing showed up). I then proceeded to install MBAE(the one patched for Win10Anni) and followed that up with a handful of reboots(event viewer checks included). And.... no errors - for the time being atleast. This would appear to indicate that the issue then lies with MBARW or rather its interaction with Win10Anni. Thanks again and here's hoping that this victory isn't as short lived as the last one.

MBARWSwissarmySDKerror.jpg

Edited by hydropepon
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Hi @hydropepon

I've heard back from our QA Team. You won't be able to run the current beta on Windows 10 Anniversary Update due to the new signing requirements from Microsoft.

We should have that working for Beta 8 - we have to have Microsoft sign the file as well.

Thank you

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.