Jump to content

Web protection not working


Recommended Posts

Greetings chaps,

I've noticed my Web protection is not blocking websites.  Unlike some people on here saying they can't get the module to activate, my module is activated, it just doesn't seem to block.  I went on to the Malwarebytes IP test site and it didn't get blocked.  Performed a clean install and tested again, same thing happened.

I've included a screenshot, the mandatory logs, and also the event logs when I visited said IP test site with protection enabled.

Please advise.

mb-check-results.zip

logs.zip

Capture.PNG

Link to post
Share on other sites

1 hour ago, alhazred said:

Please advise.

Quote

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: BFE

There is a required service called BFE that is not running on your machine. This fix from Microsoft should fix the BFE service.

https://support.microsoft.com/en-us/help/17613/automatically-diagnose-and-fix-problems-with-windows-firewall

Link to post
Share on other sites

2 hours ago, Porthos said:

There is a required service called BFE that is not running on your machine. This fix from Microsoft should fix the BFE service.

https://support.microsoft.com/en-us/help/17613/automatically-diagnose-and-fix-problems-with-windows-firewall

 

That's weird.  According to services BFE is running fine.  I also ran the program from the link you provided but it mentioned something about repairing Windows Firewall, which I do not use as I use Kaspersky Internet Security.

Capture.PNG

Capture2.PNG

Link to post
Share on other sites

  • Root Admin

Hello @alhazred

It looks like there are a couple of issues.

Please remove all compatibility settings for this program. It's currently set to run as Admin which it should not be.

C:\Program Files (x86)\HostsMan\hm.exe 

Next, it looks like something either stopped or at least temporarily prevented our program from reading some of it's configuration files. It may have just been a temporary issue. Please remove the compatibility above, reboot the computer and retest the IP blocking and let us know and we'll go from there.

Thanks

Ron

 

Link to post
Share on other sites

Something to try as well... you may want to exclude Malwarebytes from your antivirus software, here are the files that need to be excluded:

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)
 

  • C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
  • C:\Windows\system32\Drivers\farflt.sys
  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys

Also please exclude the following folders too: (The complete folder)

  • C:\Program Files\Malwarebytes\Anti-Malware
  • C:\ProgramData\Malwarebytes\MBAMService

Link to post
Share on other sites

8 hours ago, AdvancedSetup said:

Hello @alhazred

It looks like there are a couple of issues.

Please remove all compatibility settings for this program. It's currently set to run as Admin which it should not be.

C:\Program Files (x86)\HostsMan\hm.exe 

Next, it looks like something either stopped or at least temporarily prevented our program from reading some of it's configuration files. It may have just been a temporary issue. Please remove the compatibility above, reboot the computer and retest the IP blocking and let us know and we'll go from there.

Thanks

Ron

 

Hello Ron,

I selected Hostsman to always run as admin on launch because whenever I wanted to check for updates I had to press the run as admin button, so pure laziness on my part.  I've removed admin privileges now but still get no warning when visiting the ip test site.

 

8 hours ago, Firefox said:

Something to try as well... you may want to exclude Malwarebytes from your antivirus software, here are the files that need to be excluded:

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)
 

  • C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
  • C:\Windows\system32\Drivers\farflt.sys
  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys

 

Also please exclude the following folders too: (The complete folder)

  • C:\Program Files\Malwarebytes\Anti-Malware
  • C:\ProgramData\Malwarebytes\MBAMService

 

 

Hello Firefox,

The two folders you've mentioned were already added to my Kaspersky exclusions.   I have just added all the .exes from the program files folder.  Now, this is where the problem starts.  When I navigate to C:\Windows\System32\drivers\ there are no sys files showing up.  I actually meant to create a post mentioning this problem a month ago but decided that maybe the two folders were enough and left it at that.

I've included a screenshot to highlight my meaning.  There are plenty of .dll files but I can't find any .sys files.  If I use Windows Explorer they are all there.

 

Capture3.PNG

Link to post
Share on other sites

If you use add an exclusion, you should be able to type in the full paths manually as I've outlined below. Here are the files for copy and paste.

·         C:\Windows\Sysnative\drivers\mbam.sys

·         C:\Windows\Sysnative\drivers\mbae64.sys

·         C:\Windows\Sysnative\drivers\MBAMChameleon.sys

·         C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

·         C:\Windows\Sysnative\drivers\mwac.sys

·         C:\Windows\Sysnative\drivers\farflt.sys

58e6bc9ed3e03_ScreenShot2017-04-06at3_08_05PM.png.f9a2b58cd33b652743f62338793e62c2.png

This should allow you to add all the paths in sysnative as well as the Malwarebytes folder

58e6bca198ee5_ScreenShot2017-04-06at3_08_31PM.png.a72969351270aec538e2b58c1eaf0566.png

Link to post
Share on other sites

7 minutes ago, Porthos said:

If you use add an exclusion, you should be able to type in the full paths manually as I've outlined below. Here are the files for copy and paste.

·         C:\Windows\Sysnative\drivers\mbam.sys

 

·         C:\Windows\Sysnative\drivers\mbae64.sys

 

·         C:\Windows\Sysnative\drivers\MBAMChameleon.sys

 

·         C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

 

·         C:\Windows\Sysnative\drivers\mwac.sys

 

·         C:\Windows\Sysnative\drivers\farflt.sys

 

58e6bc9ed3e03_ScreenShot2017-04-06at3_08_05PM.png.f9a2b58cd33b652743f62338793e62c2.png

This should allow you to add all the paths in sysnative as well as the Malwarebytes folder

58e6bca198ee5_ScreenShot2017-04-06at3_08_31PM.png.a72969351270aec538e2b58c1eaf0566.png

Hi Porthos,

 

Oh right, I didn't know you could type them in or copy and paste;  I thought you had to browse for them to be effective.  I'll try it out.

Edited by alhazred
Link to post
Share on other sites

21 hours ago, AdvancedSetup said:

Once you have the exclusions all set, please reinstall Malwarebytes with the latest version. You don't have to uninstall, just install over the top and reboot again and see if it works now or not.

https://downloads.malwarebytes.com/file/mb3/

Cheers

Ron

 

Sorry I'm late getting back to this thread.  I entered all the exclusions, downloaded and installed the latest version of Malwarebytes and can still get on the ip test page with no problem.

I decided to uninstall Hostsman  and check, same result.  Uninstalled Spywareblaster, same result.  Exited Kaspersky, same result.  Then I decided to uninstall Kaspersky, rebooted, and voila, Web protection is working again on both IE and Edge.  Reinstalled Kaspersky and I lose Web protection again. 

I'm wondering if anyone else with KIS and MBAM Pro have this problem, and because Web Protection is showing active and okay, whether they even know it.

Link to post
Share on other sites

  • Root Admin

I don't use KIS myself but if you look in their settings I'm sure they have a web protection module aside from their firewall. If you disable that then I'm pretty sure ours will work.

If you're unable to locate then I'll see if I can get someone from QC to take a look at this further.

Thank you

Ron

 

Link to post
Share on other sites

21 hours ago, AdvancedSetup said:

I don't use KIS myself but if you look in their settings I'm sure they have a web protection module aside from their firewall. If you disable that then I'm pretty sure ours will work.

If you're unable to locate then I'll see if I can get someone from QC to take a look at this further.

Thank you

Ron

 

Hello Ron,

I appreciate your time.  I tried various configurations and even selected Pause protection on Kaspersky and Web protection wouldn't work.  I also totally exited Kaspersky by right clicking on The Icon in the system tray and still no luck.  I then uninstalled Kaspersky, rebooted and then tried it, no luck, then I reset Internet Explorer and tried again, and this time MBAM web protection came back.

I visited the IP test site with Internet Explorer and received this:  Screenshot 1 where I had the block notification and the website was blocked.

I then visited the IP test site with Edge and received this:  Screenshot 2 where I had the block notification but the website was still visible.

I then refreshed the page and received :  Screenshot 3 where I had the block notification and the website was blocked.

 

I then re-installed Kaspersky and the Web protection no longer worked.  I've tested Malwarebytes Exploit protection with Kaspersky installed and that works fine.

 

Screenshot 1.png

Screenshot 2.png

Screenshot 3.png

Link to post
Share on other sites

2 hours ago, AdvancedSetup said:

Thank you for the valuable information. We are investigating with QA what's going on here. Might be a while but check back with me in a few days and I'll see what QA has to say.

Thanks

Ron

 

Thanks Ron, much appreciated. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.