Jump to content
guthrie

Won't turn on protection

Recommended Posts

I get a notification - System at risk, anti-ransomeware protection is disabled, but the "fix now" and "Start protection" buttons do not do anything.

version Consumer, 0.9.17.661, updated 2/3/2017.

Share this post


Link to post
Share on other sites

Hello @guthrie:

The MBARW devs must have good, detailed, documentation for a quality analysis.  Please consider running the following Malwarebytes written data gathering Support Tool:

1.) Download arwlogs.exe to an Administrator desktop of the system in question.
2.) Right-click the arwlogs.exe icon and select "Run as administrator".  A zipped archive should soon be generated to the Administrator desktop.
3.) Rather than email the archive as the tool directs, please attach the archive to your next reply in this topic.

Although more data may be required, after the requested data is posted, the Malwarebytes' QA & Developer Teams, and staffers can commence their analysis.  Thank you always for your assistance.

Share this post


Link to post
Share on other sites

Ok; here:

=========================================
Malwarebytes Anti-Ransomware Logs Grabber
=========================================

--07:12:22--  https://meps.mwbsys.com/health
           => `meps.txt'
Resolving meps.mwbsys.com... done.
Connecting to meps.mwbsys.com[52.22.192.172]:443... connected.

Unable to establish SSL connection.

Unable to establish SSL connection.
The system cannot find the file specified.
        1 file(s) copied.

7-Zip (A) 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
Scanning

Creating archive 2017-02-20-PCGRG.zip

Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-00.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-01.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-02.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-03.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-04.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-05.arw
Compressing  MalwarebytesARW\MBAMService\ArwDetections\039d048c-a76c-11e6-a018-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\13299cc0-a6aa-11e6-a16f-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\1523acfa-a8d5-11e6-9780-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\26c35e5a-a0b1-11e6-b885-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\2fbb2b80-a4f0-11e6-9bd7-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\6f71b0a6-a0f3-11e6-8a40-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\81f7c7b4-9f19-11e6-b4a7-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\86449dc4-a12b-11e6-8857-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\864e51a2-a12b-11e6-aa6f-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\aec971c4-a12c-11e6-bcac-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\cc6f832a-c202-11e6-8268-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-00.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-01.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-02.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-03.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind.arw
WARNING: The process cannot access the file because it is being used by another process.

Compressing  MalwarebytesARW\MBAMService\config\ArwControllerConfig.json
Compressing  MalwarebytesARW\MBAMService\config\CleanControllerConfig.json    1%
Compressing  MalwarebytesARW\MBAMService\config\CloudConfig.json
Compressing  MalwarebytesARW\MBAMService\config\LicenseConfig.json
Compressing  MalwarebytesARW\MBAMService\config\TelemCtrlConfig.json
Compressing  MalwarebytesARW\MBAMService\config\UpdateControllerConfig.json     
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ArwControllerImpl.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\arwlib.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ArwSdkShim.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ctlr.64bit.7z
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\mbupdatr.exe
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\mbupdatr.log
Compressing  MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG
WARNING: The process cannot access the file because it is being used by another process.

Compressing  MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG.txt
Compressing  MalwarebytesARW\MBAMService\Quarantine\88608f79-a12b-11e6-9f0e-f48e38d9be93.data
Compressing  MalwarebytesARW\MBAMService\Quarantine\88608f79-a12b-11e6-9f0e-f48e38d9be93.quar
Compressing  meps.txt


WARNINGS for files:

C:\ProgramData\MalwarebytesARW\MBAMService\ARW\mbarwind.arw : The process cannot access the file because it is being used by another process.

C:\ProgramData\MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG : The process cannot access the file because it is being used by another process.

----------------
WARNING: Cannot open 2 files
        1 file(s) copied.

========================================================================
Done collecting logs.
Please send the file 2017-02-20-PCGRG.zip from your Desktop to Malwarebytes Support.
========================================================================

 

2017-02-20-PCGRG.zip

Share this post


Link to post
Share on other sites

Hello @guthrie:

Although I failed to see an immediate reason for the uncorrectable disabled MBARW protection, a much more detailed analysis may reveal something.  Since you have had MBARW Beta8 installed to the "E:\" partition, I see no immediate reason to discontinue that choice.  Please use the following MBARW Beta8 uninstall & reinstall procedure to guarantee proper ownerships and integrities:

  1. Delete any and all previous copies of the MBARW_Setup.exe file and perform a conventional Windows-based uninstall of Malwarebytes Anti-Ransomware version 0.9.17.661 followed by a system restart to Windows 10 Normal boot mode.
  2. Then, download a fresh copy of the MBARW_Setup.exe file to the system's Administrator desktop only.
  3. Right-click the saved MBARW_Setup.exe file icon and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue the install.  <===IMPORTANT!
  4. Upon a successful installation, restart the computer, in a conventional manner, to the Windows 10 Normal boot mode.
  5. See if MBARW Beta8's license activation has successfully completed and resolved the system's original protection disabled issue.

Then when possible, please reply to this topic with your system's status.   Thank you for using MBARW Beta8.

Share this post


Link to post
Share on other sites

Hello @guthrie:

Thank you for the good news feedback.  Hopefully, the devs/staffers will be able to find & post something significant in the details of the archive you posted earlier.

Thank you again.

Share this post


Link to post
Share on other sites

...or, Stop/Start the MB3Service.. then click .."Fix" or "Start Protection" .... this issue goes back a ways....

 

Cheers!

 

Share this post


Link to post
Share on other sites

Hi! I have the same issue. Can I perform the same procedure? My OS is Win7 Home Premium.

Share this post


Link to post
Share on other sites

Stopping the MB3Service and restarting the program the "Fix now" button works ok. But at this moment, I did not perform a restart OS to verify if this issue will turn back or not. So, next time I will post that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.