Jump to content

Recommended Posts

No screen shots, but I had the same as others have posted - the orange pop up warning (clicking 'start' on that only made it return immediately) and manually switching on Web Protection only set it to "Starting.." indefinitely. This started yesterday and the problem was still the same after start up this morning.

What I did was Restart the Malwarebytes Service via Computer Management/Services and Applications/Services. Worked without a system reboot, and web protection is still on after reboot. Will report back in the event of future developments.

Malwarebytes version 3.0.6.1469, Component package version 1.0.75, running on Win 10 Pro x64 - Version 1607 (OS Build 14393.953)

Edited by CCV
Link to post
Share on other sites

20 hours ago, Firefox said:

@CCV you should try the latest BETA CU4 which may correct your issue...

 

Thanks for the tip, and the link, Firefox. :)

Just at present, I don't have an issue to correct tho. Might be worth trying for beta testing purposes, but I can't see it would prove much unless the problem returns.

Cheers

Link to post
Share on other sites

@Firefox Yeah, thank you. I notice the Change Log includes "Fixed numerous crashes, including service crashes". Now, I'm not sure exactly what that means but, since I Restarted the Malwarebytes Service the problem has stopped. That's essentially for 3 days now, iirc, so... Anyway, good to have an alternative if it does return. :)

Link to post
Share on other sites

  • 2 weeks later...

@Firefox hi again. It's still happening, albeit infrequently and at seemingly random intervals. Five days ago I installed the BETA CU4, which temporarily solved the problem.

Since it returned today, I'm taking the opportunity to post Logs I've seen requested elsewhere with regard to this issue. Also a screenshot of what I am seen as described in the OP.

MBAMSERVICE.LOG

FRST.txt

Addition.txt

MBAM.jpg

Link to post
Share on other sites

@dcollins Sorry mate, I already rebooted my machine to see if the problem was still there - as it was the first time I encountered it - and Web Protection is working now.

Thanks for the most helpful list of exclusions tho.

Seeing that Web Protection is working after a restart anyway (this time), I'll have to wait and see if the exclusions help - a fortnight or so, judging by the frequency I'm experiencing the issue. I'll try it and report back if the issue recurs.

"Sysnative" doesn't exist on my system. Most of the files listed are in C:\Windows\System32\drivers. Kaspersky's "Browse" function doesn't see them there, so I had to add each one manually.

Does this look right to you?

KISex.jpeg

Link to post
Share on other sites

I am on a 64-bit system. Some quick reading suggests that "Sysnative" is not an actual folder but an alias for or a pointer to System32 which allows 32-bit applications, such as KIS, to access the 64-bit contents of that folder where they otherwise can't. Probably explains why I couldn't browse for the files, and if I had used C:\Windows\System32\drivers\etc. it wouldn't have worked, in Kaspersky.

If that's correct, then I should be able to edit in C:\Windows\Sysnative\drivers\ where applicable ok. Some better assurance it's targeting the right files, I guess.

Link to post
Share on other sites

14 hours ago, CCV said:

I am on a 64-bit system. Some quick reading suggests that "Sysnative" is not an actual folder but an alias for or a pointer to System32 which allows 32-bit applications, such as KIS, to access the 64-bit contents of that folder where they otherwise can't. Probably explains why I couldn't browse for the files, and if I had used C:\Windows\System32\drivers\etc. it wouldn't have worked, in Kaspersky.

If that's correct, then I should be able to edit in C:\Windows\Sysnative\drivers\ where applicable ok. Some better assurance it's targeting the right files, I guess.

Yes, you're correct. You can't browse to the path, you have to type it in fully

Link to post
Share on other sites

Well.. I pasted the path in, because I have difficulty typing. Result is all the same.

My Exclusions looks like this now. The reordering of the list is a mystery to me, but everything's still there.

Just a thought regarding the Program Files folder especially: I figure it might be worth having it included in Scans, just in case. Setting Status to Inactive apparently accomplishes that, or you can uncheck Scan under Protection components.

KISex.jpeg

Link to post
Share on other sites

That didn't last long. Late yesterday, Web Protection went off again. I had switched off the Scan component for the Program File exclusion, and set it to Passive, but I wouldn't think that would matter. Tbh, anyway, I didn't think Kaspersky was the problem. Seemingly random timing and infrequent occurrence (once a week, or so) makes it difficult for me to imagine any specific cause.

Well.. The first and the most recent event happened to be on a Sunday which is when I have a Kaspersky Full System Scan scheduled, but it was hours later when Web Protection went off. And, the other two blips were on two different days of the week. I have no idea, except I think I had to reinstall Kaspersky in the interval.

I was able to install a trial version of the latest MBAM on another machine, also running KIS, to see what might happen there...

EDIT: It appears a Kaspersky Full System Scan (without Exclusions) has been run on that machine since installing MBAM. No issue to report yet.

Edited by CCV
Link to post
Share on other sites

One observation I can make, after a couple of tests, is that it takes a fraction of a second or about a second for protection modules to fully load after exiting MBAM and restarting it. On this machine it's Web Protection failing to start immediately, whereas on the other it's Exploit Protection. Don't know if it's any help, just saying.

I can't see anything in the MBAM Service Logs that seems relevant, to me. Lots of errors to do with anti-ransomware and self protection modules, among other things, in both cases - might explain why it takes so long for the program to get started in the first place. I can post them for comparison, if you want. 

Link to post
Share on other sites

@dcollins

On 11/04/2017 at 11:52 AM, dcollins said:

Please make sure to provide as much information as possible when reporting these issues. The thread below will explain how to grab the information we need. While it may be seem redundant, getting this information from as many users as possible helps us to troubleshoot what is going on.

 

On that basis, I am providing logs from another machine. Web Protection failed sometime late yesterday. I didn't do anything about it and it was still off after a full shutdown and start up. Same thing happened on this machine first time around, although, it seems, a system Restart does restart Web Protection.

Screenshot is only the same as you've seen before. The orange thing keeps popping back up, until after main UI is opened. Even then, using "Turn on" on that does nothing. Wasn't doing anything on that machine except running a program called Mandelbulber. Had the same thing running on another laptop along with trial of the latest MBAM, but no issue there so far. The Qt component of that program used to crash with monotonous regularity. Curiously stable of late.

Sorry, I didn't notice the request for mb-check earlier. It is included here, but was done after Web Protection was restarted by Exit MBAM, etc..

 

 

2017-04-11.jpg

MB-CheckResult.txt

FRST.txt

Addition.txt

MBAMSERVICE.LOG

Edited by CCV
Link to post
Share on other sites

Tried every restart I could think of, but ES Protection Driver still not running.

This might be interesting tho: As soon as I installed HitmanPro.Alert on that machine, MBAM's ES Protection started working - according to MB-CheckResult. What do you make of that? I've been running HitmanPro.Alert on this machine for years since it was the first thing I found with Anti-Ransomware capability.

Link to post
Share on other sites

Gone off again, on the second machine, sometime in the last hour or two. That's two days in a row. Again, using only Mandelbulber at the time - tho accidentally left HitmanPro scan results open too. Also, and, if I recall correctly, the same yesterday, some earlier web browsing on Chrome.

According to MB-Check it is only MBAMWebProtection service that is not running this time.

I'll see how it goes. If it remains persistent I can try the Kaspersky Exclusions to see if that helps. It should be easy enough to export/import Kaspersky Settings.

Link to post
Share on other sites

After exiting MBAM and attempting to restart it, in an effort to get web protection back on, I get the message attached. I did happen to enable rootkit scanning since the first mb-check I posted....

Not ready to reboot right now. Will see what happens when I do.

 

2017-04-12.jpg

Link to post
Share on other sites

To be as clear as possible, it wasn't HitmanPro but HitmanPro.Alert and ES Protection driver started as soon I installed it. The .Alert bit refers to some anti-exploit, anti-ransomware functionality which is non-existent in the basic HitmanPro scanner/malware remover. Tho the scanner component is, of necessity, bundled with HitmanPro.Alert.

Btw., everything looks ok after a reboot regarding anti-rootkit driver.

Also, web protection failed on a third machine now. No idea when, as I left it running overnight because Mandelbulber takes so many hours to complete some pieces. I was curious about that one, because I haven't used a web browser or anything else on it since installing MBAM 3. Assuming you might want to see them, I'll post some logs from it, as soon as I can get my act together...

 

Link to post
Share on other sites

Back to machine number two, where web protection has failed 3 days in a row at about the same time:

There happened to be a Kaspersky Rootkit Scan running when I went to deal with it. They are scheduled to run daily (at the same time, I think) without any user control. I still have my doubts Kaspersky has anything to do with it - the problem didn't start until some days after installing MB 3.

Nonetheless, @dcollins, I decided to apply the Exclusions you listed to see if it might make a difference. I did that before restarting MB tho, which really screwed things up! Very difficult to get MB started at all, and even then both Web Protection and Exploit Protection are displayed as Off. In one instance Exploit Protection came on after a few minutes, but according to MB-Check not only was WebProtection not running, neither was Farlt.

Another time, Exploit Protection remained off. (I did remove the exclusions at some stage, to no avail.) In this case, MB-Check shows again, Farlt, not running either.

Both times I can see Mwac Controller Config "protectionState" : "error", as well. I don't know what else, but, anyway, all looks good after a system Restart and reapplication of Exclusions.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.