Jump to content

Recommended Posts

The "mb-checkResult.txt" from yesterday shows this:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.50",
   "db_version" : "2017.02.02.06",
   "dbcls_pkg_version" : "1.0.1160",
   "installer_version" : "3.0.6",

The web protection worked just fine with the above DB and package versions. 

The "mb-checkResult.txt" for today shows this:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.50",
   "db_version" : "2017.02.03.04",
   "dbcls_pkg_version" : "1.0.1168",
   "installer_version" : "3.0.6",

Today's DB and package updates resulted in two services, “MBAMFarflt” and “MBAMWebProtection” not starting, nor can they be started manually.

Is there a way to check the consistency of the MWB database?

Link to post
Share on other sites

Hello @dont_touch_my_buffer:

Thank you for your report.  Please capture the reported circumstances before corrective action or a reboot takes place.  The devs/staffers would appreciate the following data:

      1. Please follow the instructions in the locked/pinned topic How to Report a New Issue and try your best to fill in any of the missing facts and details from your initial post.
      2. Then, download mb-check-{version}.exe to an Administrator desktop.  Then, right-click the mb-check.exe icon and left-click RunAsAdmin.jpg  Run as administrator.  A window will quickly open and close followed by a mb-checkResult.txt file being generated to the desktop.

Please attach only the following 2 files (please do not further compress nor Copy/Paste) to your next reply in this topic.

  1. logs.zip
  2. mb-checkResult.txt

After all the requested data files are posted, the Malwarebytes' QA & Developer Teams, and staffers can commence their analysis.  Thank you always for your assistance.

Edited by 1PW
Link to post
Share on other sites

@1PW 

I believe I've stumbled upon a solution for my issue, at least on my system...

Vipre AV includes “Edge Protection” that monitors Internet connection, the equivalent of Malwarebytes “Web Protection”. On a hunch, I’ve disabled the “Edge Protection” service and low and behold, the MWB “Web Protection” starts up with the system and more importantly, it stay running. At least that has been the case for the last 3 days.

In retrospect, this actually make sense and might be applicable for other antivirus software with web and/or edge protection as well. 

I'd prefer having Vipre's Edge Protection active, bur that's might be too much to ask for...

 

 

Link to post
Share on other sites

  @dcollins 

An update for this issue...

After six days, the web protection no longer starts up, nor can it be started with standard or admin UID. The only way to start it is to disable Vipre AV, stop and start MWB service, pretty much like rebooting after the change. Once MWB was a OK, started up Vipre and now both of them run just fine even after a reboot.

The Vipre Edge protection is still disabled and the following MWB files are exempted in Vipre:

 C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
 C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
 C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

I am going exempt the folder " C:\Program Files\Malwarebytes\ " in Vipre, maybe that'll make a difference. This is temporary, generally, I don't like exempting files/folders from scanning by security software.

The issue actually came back yesterday, but I didn't have time to check the db version. Currently it is:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.50",
   "db_version" : "2017.02.09.04",
   "dbcls_pkg_version" : "1.0.1219",
   "installer_version" : "3.0.6",

This db seems to work just fine, just not sure how long.. The chances are that the issue had been caused by the "db_version" : "2017.02.08.xx", but I did not record it.

Link to post
Share on other sites

  • Staff

Thanks, I'm still trying to get this to reproduce more consistently so our devs can see what's going on. Sometimes with VIPRE Edge enabled, it doesn't seem to trigger the issue. We're still researching though, thanks for the extra information.

Do you know what version of VIPRE you have installed? AV, Internet Security, or Internet Security Pro?

Edited by dcollins
Link to post
Share on other sites

@dcollins 

It's just the plain old version of AV:

Viper Antivirus 2016
Software version: 9.3.4.3
Definition version: 55854

I agree, sometimes Vipre and MWB works just fine together and all the sudden they refuse to coexist. Since my last post, the web protection disabled again and the logs and mbam check result is attached. 

It does not seem that excluding the  " C:\Program Files\Malwarebytes\ " folder in Vipre made a difference. I am going to disable Vipre, just to see, if there's any other software that might be conflicting with MWB.

I do thank you for your help...

 

mb-checkResult-02.09.17.txt

logs.zip

Link to post
Share on other sites

@dcollins

With Vipre disabled, MWB runs just fine for the last 24 hours. I just cannot leave Vipre off any longer...

I've just stumbled on a link, see below, that calls the "mbamswissarmy" a rootkit. This could be the reason why Vipre has issues with this service:

http://www.enigmasoftware.com/svcmbamswissarmy-rootkit/

While I am certain that "mbamswissarmy" service, or rather the "mbamswissarmy.sys" is not part of a rootkit, there might be a false detection by Vipre. Just a guess... 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.