Jump to content

Recommended Posts

As others have experienced, I ran into the issue with Microsoft Edge failing to launch with MBAE running with Build 14936.  Uninstalling MBAE, deleting the Program Data folder did not help.  With numerous reports in Feedback Hub (including mine), I let it ride since I was not about to disable MBAE and a Microsoft Engineer had responded that the issue was being investigated.

Fast forward to new Build 14942 installed 07Oct2016.  The same issue with MBAE continued.  I reported it both in Feedback Hub and Tweeted (https://twitter.com/SecurityGarden/status/784529397101498368) which resulted in a request for a bug report, which I submitted here:  https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/9256746/.  (WER report attached)

This morning I noticed I could not access Outlook.com from this machine but had no problem accessing other sites or Outlook.com on my laptop which is running Windows 10 Anniversary Update.  After clearing cache/cookies, I decided to restart.  In addition to the normal restart option, there was the option to restart and install updates.  Going to Windows Update, it showed that a restart was needed to complete the install of Build 14942.  I went ahead with the restart/install option and after a couple attempts, the system was rolled back to Build 14936.  After that completed, again Build 14942 was ready to install.  After it failed, this time it showed the new BSOD QR Code and indicated mwac.sys.  I quickly changed to the Slow Insider Preview ring to prevent the reinstall/rollback loop and located the memory.dmp. Hoping both the WER report and Memory.dmp help the developers. 

Note:  Both Rootkit scan and Enable self-protection module are UNchecked.

MEMORY.DMP.zip

Report.zip

Link to post
Share on other sites

Thanks, Ron.  I firmly believe that the issues with Edge & MBAE and the BSOD citing mwac.sys are the result of code changes by Microsoft in the two builds but thought any information available to Malwarebytes product developers may be useful.

Link to post
Share on other sites

A concerned Insider Preview  public eagerly awaits the next great Build to replace the disastrous 14942 !

  Further details:  http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_install/installing-windows-10-build-14942-gets-stuck-at-81/feba9197-577d-45fb-9b63-140cecf3d883?page=2&tm=1476126801002#LastReply 

Basically-

  1.    I turned off Malwarebytes "open when windows starts"
  2.    I exited / closed Malwarebytes.
  3.    I re-booted.
Link to post
Share on other sites

Thanks, Ron.  If any additional information/files are needed, I'll be more than happy to assist.

@aqk, I stayed at the previous Insider Build rather than disable Malwarebytes Anti-Malware and don't need Edge when I can use another browser with Malwarebytes Anti-Exploit. 

Link to post
Share on other sites

Thanks again @Corrine

We've debugged it and have confirmed the cause.One issue was already resolved and this new one was found. It will be fixed in the 3.x product but not sure at this time if we will push out a fix for 2.x - This build of Windows itself is beta and not release code. Microsoft themselves could change the code that's causing it to remove the issue or make it worse. My guess is that we probably will not push out a new version of 2.x but that is not the official word yet. If someone really needs this rootkit scanner feature then they may have to resort back to a release build of Windows 10.  I'll know more by the end of the week I'm hoping.

Ron

 

Link to post
Share on other sites

There will not be any ported fix for the 2.x version. As you've done others should submit this  crash to Microsoft for a fix in their release version.

By disabling the Web blocker and Rootkit scanner the rest of the product should work just fine on the latest Windows Preview build. If the full features of MBAM are needed now then one would have to revert back to the original non-preview build of Windows.

Thank you for helping us look into this issue @Corrine

Ron

 

Link to post
Share on other sites

At least Microsoft is acknowledging the issue, although they don't understand that Malwarebytes is an anti-malware program not an A/V (although it is probably better than a lot of A/V products on the market!).  From the known issues of the new build just released, Announcing Windows 10 Insider Preview Build 14946 for PC and Mobile | Windows Experience Blog:

If you have 3rd party antivirus products such as Bitdefender, Kaspersky Antivirus, F-Secure Antivirus and Malwarebytes installed on your PC – your PC might not be able to complete the update to this build and roll-back to the previous build.

I don't have Rootkit scanner enabled but will see what happens disabling the Web blocker, keeping MBAE active.

Link to post
Share on other sites

:blink: I disabled Malicious Website Protection from the Detection and Protection Menu but forgot about Advanced Settings so the update rolled back to Build 14936.  Trying it one more time.  Fingers crossed as this feedback may be useful to both Microsoft and Malwarebytes developers.

Link to post
Share on other sites

Well, soon after installing Build 14946, I fired up Malwarebytes and after a few seconds I got a controlled BSOD. Presumably MS got the dump.

But do they care? Perhaps they no longer consider this a bug, it is a "feature". 
MS will give orders: "From now on you will only run WinDefender! It's all you ever need!"

I can provide a zipped minidump if anyone is still interested.

Link to post
Share on other sites

It's interesting the you have fixed this problem on the Malwarebytes side.
But what about those other guys listed below?  Is everyone expected to fix their software?  Shouldn't this be Microsoft's job? Or is truly (as I half-jokingly said earlier) a new Windows feature; not a bug?

Anyhow, I NEVER uninstalled my Malwarebytes- I simply unclicked the "load at startup button", and both 14942 and 14946 installed faultlessly.
 

Build 14946 Known issues for PC

  • If you have 3rd party antivirus products such as Bitdefender, Kaspersky Antivirus, F-Secure Antivirus and Malwarebytes installed on your PC – your PC might not be able to complete the update to this build and roll-back to the previous build.
Read more at https://blogs.windows.com/windowsexperience/2016/10/13/announcing-windows-10-insider-preview-build-14946-for-pc-and-mobile/#FqDgTIjvebz5hPyC.99
Link to post
Share on other sites

@aqk

No, in most cases Microsoft will fix it on their end depending on how many reports they get on this issue. Judging from the Web and that it's affecting most antivirus software companies and Microsoft has even listed as a possible issue, they're well aware of it and will fix it by their next "preview build" or release build.

@PatrickD

The real fix is/will come from Microsoft. As with most software vendors there is no specific date for an update set. If you're referencing our software, yes we see that Microsoft has changed some things and we've made changes to work with it in-house to verify, but that won't be until our 3.x version. Remember though, that Microsoft will probably change this on their own by their next Preview Build. In either case, our 3.x product will not be out for some time now. It will need to go through internal testing, and then public testing, long before we release it.

Thank you

 

Link to post
Share on other sites

Based on the published "known issues" in the new Build 14951 released today, it appears that it will continue to be necessary to continue disabling Malicious Website Protection if you wish to install that build.  For what its worth, I did receive a response from the Microsoft Windows Insider account to my Twitter feedback that Malwarebytes is an anti-malware program, not an A/V and works fine along side Windows Defender saying,

Quote

Technically this is true, but from a larger perspective, it's in the "PC security" bucket.

 

Link to post
Share on other sites

To INSIDER BUILD FAST RING folks:
Just an idea- instead of closing down yr PC at night, why not fire up Malwarebytes to "close" the PC?
After everything else has been closed or quiesced, of course.
From the BSOD page, I'm assuming a dump is subsequently sent to MS. If enough of us do this (daily? hourly?)
perhaps  Dona Sarkar and her Insider MS gang may eventually get the message... ;-)

That's it. I'm going to bed now. Time to shut down this PC. 
Lessee... all pages closed? Yup.
Let's start Malwarebytesnow! Nite, all!  ;-)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.