Jump to content

"Protection Disabled" in MWB (Corporate) v. 1.80.2.1012


Recommended Posts

Windows 10 Pro 32bit With Norton 360.  Both showing clean results.

"Protection Disabled" under the "Protection tab"  and cannot enable the two checkmarks.

I have installed MWB Corporate & Norton 360 on around 20 other computers and have seen this on only one other installation.

Is this an easy fix or am I infected?

TIA

 

 

mbam-log-2017-04-09 (11-50-08).txt

Link to post
Share on other sites

@Rammer47 please run these tools.

Step A – Malwarebytes Check Log
Please download and save our diagnostic tool, mbam-check.exe, to your desktop from this link.

Malwarebytes Check Tool

Double-click mbam-check.exe to launch the tool. A black command prompt window will briefly appear, and then a log file will open. The log which opens will be saved to your desktop as CheckResults.txt.

Step B – frst Log
In addition to the check logs, I would like to have you run a tool known as frst. frst will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run frst.

1.) Please download frst and frst64 from the link below and save it to your desktop:

frst 32 Bit
frst 64 Bit

Note: You need to download the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your computer; that will be the right version. Some traditional Anti-Viruses may false positive the download or running frst, I can assure you it is safe. If this happens, please temporarily disable the AV.

2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears.
3.) Click the Scan button
4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt.

Please attach CheckResults.txt, frst.txt and Addition.txt in your reply.

 

Link to post
Share on other sites

Hi @Rammer47 here's what's going on. There's a Windows Event error pointing to the failure and the cause...

Error: (04/10/2017 08:56:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
The system cannot find the file specified.

Also in the logs are the supporting evidence, mbamscheduler is in a running state, Rx, but the mbamservice, which runs the real time engine is in a stopped state, Sx. Mbamservice is unable to run because the driver it depends on, mbamprotector, has been removed. I suspect your other security program has removed this critical file.

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [901088 2016-02-09] (Malwarebytes Corporation)
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]

You'll need to reinstall Anti-Malware, I'd also encourage you to add the following to your Norton 360, ignoring them for scans and Norton's real time engine so that these files are not changed or deleted in the future:

C:\Windows\System32\drivers\mbam.sys
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamapi.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.new
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.new.yaml

Link to post
Share on other sites

Thank you Dyilon,

Interestingly enough we have basically the same setup on 30ish computers and only one other one has had this problem

I hope it does not develop on many more of them. I will change the Norton 360 rules to reflect the above.

QUESTION: on the other computer with the same issue,[ "Protection Disabled" under the "Protection tab"  and cannot enable the two checkmarks.]

should I do the same to that computer or do I need to submit a new set of documents for you to analyze?

TIA,

 

Link to post
Share on other sites

  • 2 weeks later...

Hello again Dyllon,

Back in town. 

I found all the files with the exception of the last two listed:    rules.new   and  new.yaml 

Just to be sure I did the correct action, in Norton 360 I went to: 

"settings"  >  "Antivirus"  >  The Tab "Scans & Risks"  >  "Items to exclude from scan"   >  "Scan exclusions"

I added all items in your list except the 2 I could not locate

I am showing "hidden files"  and I did a scan for the missing 2 files in File Manager and "no items were found"  

The issue appears to be solved for now.  I hope it holds.

Thank you for all your help.

The other computer with the same issue needs addressing.  You suggested I submit the same files and compare the outcome to this one.

Should I start a new post or continue on this post?

Link to post
Share on other sites

  • 2 weeks later...

Hi @Rammer47, sorry for the delay. I've got your results. There's an Anti-Malware double install and build conflict between the versions. There's a consumer build on here that has broken the business install. The realtime service is unable to run and there is a consumer driver present but broken. Uninstall everything from this machine using the business cleaner tool here - https://malwarebytes.box.com/s/rck2gbt0kqqdp8iw1uk7u6pmjg0gajkr

Restart the machine and the reinstall the business build.

Malwarebytes Anti-Malware MSI (HKLM-x32\...\{AA447184-9FDA-46C1-A38A-F90A3A555BA5}) (Version: 1.60.2 - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [452576 2016-02-09] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-02-09] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.