Jump to content

Malwarebytes Webprotection turns off

MathiasM
 Share

Recommended Posts

MathiasM

MathiasM

Posted
Posted (edited)

Hi,

I have the problem that sometimes the webprotection turns off and can not be turned on again. When I restart MbAM I get the message that the Anti Rootkit driver can not be loaded. I have to restart the computer to make it work again.  I scanned for rootkits with Malwarebytes Anti Rootkit but no rootkit is found.

Also sometimes the threat scan does not complete. I have to start the Threat scan manually then it completes.

I attached the mb-check-results.zip containing fbar scan results.

Mathias

mb-check-results.zip

Edited by MathiasM
Typo
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
48 minutes ago, MathiasM said:

I have the problem that sometimes the webprotection turns off and can not be turned on again.

We've seen some users report some issues with Kaspersky and Web Protection. Can you please add the following exclusions to Kaspersky and also under Kaspersky Settings -> Additional -> Threats & Exclusions, disable the Advanced Disinfection Technology.

https://support.malwarebytes.com/docs/DOC-1123

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
2 hours ago, MathiasM said:

I was only able to add exclusions for .exe files no for .sys.

Are you trying to specify a trusted application, or add an exclusion? If you use add an exclusion, you should be able to type in the full paths manually as I've outlined below. 

58e6bc9ed3e03_ScreenShot2017-04-06at3_08_05PM.png.f9a2b58cd33b652743f62338793e62c2.png

This should allow you to add all the paths in sysnative as well as the Malwarebytes folder

58e6bca198ee5_ScreenShot2017-04-06at3_08_31PM.png.a72969351270aec538e2b58c1eaf0566.png

You might need to copy and paste the paths,

C:\Windows\Sysnative\drivers\mbam.sys

C:\Windows\Sysnative\drivers\mbae64.sys

C:\Windows\Sysnative\drivers\MBAMChameleon.sys

C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

C:\Windows\Sysnative\drivers\mwac.sys

C:\Windows\Sysnative\drivers\farflt.sys

Link to post
Share on other sites
  • 4 weeks later...
Porthos

Porthos

Posted
Posted
4 hours ago, MathiasM said:

I am afraid it happened again yesterday. Is there anything else I ca do ?

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
  2. Download FRST and save it to your desktop. Tell any program that blocks it to ignore or allow. It IS SAFE. It contains no info that can identify or harm you.
  3. NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  4. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  5. Press the "Scan" button
  6. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
  7. NEXT: Create and obtain an mb-check log
  8. Download MB-Check and save to your desktop
  9. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
  10. This will produce one log file on your desktop: mb-check-results.zip
  11. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area
Link to post
Share on other sites
alhazred

alhazred

Posted
Posted
7 hours ago, MathiasM said:

Will do. It only happens every 2 weeks, so it may take a bit.

Mathias

 

If you're using Kaspersky Internet Security you might also want to check if Web Protection is actually working via Malwarebytes IP test site: http://iptest.malwarebytes.org/

The reason I say this is that I also have KIS and despite the fact that it shows that MBAM Web Protection is active I can still visit the site with no blocking occurring.

 

 

 

Link to post
Share on other sites
  • 3 weeks later...
Porthos

Porthos

Posted
Posted
17 minutes ago, MathiasM said:

The problem happened again just yet, while  rootkitscan of KAV was running. I attached the logs from before the restart.

mb-check-results.zip

  • Open the Kaspersky Software.
  • Click on Settings.
  • Click on Performance on the left.
  • Uncheck Perform regular rootkit scan
    • It may also be labeled "Search for software that is intended to conceal traces of a malicious program in the system"
  • Reboot
Link to post
Share on other sites
  • 1 month later...
MathiasM

MathiasM

Posted
  • Author
Posted

Hi,

problem did not reoccur until now, so I guess it was the rootkit scan of KAV which caused it. Hopefully MBAM's own rootkit scan is comprehensive enough.
Maybe MBAM will be fully compatable with all KAV features one day.

Topic can be closed.

Thanks for the help.

Mathias

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept