Jump to content
alQamar

Malwarebytes 3.1.2 / 2.x will no longer receive application updates

Recommended Posts

Reproducible: yes
Scope: all users using MBAM 2.x or 3.1.2
OS: Windows 10, 64bit,  all releases and editions*

*haven't tested older OS yet.

As decribed in ticket 2148930 Malwarebytes 3.1.2 aswell as Malwarebytes 2.x will no longer receive application updates. When searching for updates the application does never announce that a new version has been released (for manual download > 2.x users) and it will not update automatically (3.1.2 users).
Thus users may assume their version is up-to-date while it is not. They cannot rely on the products automated / manual update procedure.

There is no AV application that is causing the issue. Apparently the link to the download file / server in the application (3.1.2) is broken.
 

I reported this issue back in May 2017 but till today the issues are not solved.

malwarebytes_update.PNG

malwarebytes_update2.PNG

Share this post


Link to post
Share on other sites

Can you please provide the logs mentioned below? This should let us see what's going on when you check for application updates

 

Share this post


Link to post
Share on other sites

I will try to retrieve logfiles from affected clients out there. Could you provide me a link to the installers of 2.x / 3.1.2 so I can additionally test it in VMs?

Share this post


Link to post
Share on other sites
13 hours ago, alQamar said:

Scope: all users using MBAM 2.x or 3.1.2

There were issues if I recall correctly in the old versions on some computers that caused this. A quick install of 3.3.1 should fix the issues going forward.

Share this post


Link to post
Share on other sites

Of course but the goal is to provide a fix for affected versions. Average users will trust a message "is up to date" and will definitely not double check this by visiting the Malwarebytes Website just to find out that their 2.x or 3.1.2 installation is heavily outdated.

I would like to disagree with this part of your post " on some computers that caused this." If I have 50 different computers at hand it cannot be a single point of failure  when all of them face the same issue. I hope though that the issue can be reproduced on a clean installation of 2.x or 3.1.2

Because of the fact that in 2.x the update announcement (or notification dl link to the website) could be provided by signature updates, just as they provided application updates for 2.x in the past before 3.x release, I am sure a solution can be found.

As for 3.1.2 issues, you are right there were many fixes from 3.1.2 to 3.3.1 to improve the internal updater, which hopefully does not mean that the updater code in 3.1.2 is so wrong that they could not provide a watershed update to bring 3.1.2 users up to 3.3.x. I hope you get my point.

The case was opened because it is affected a lot of users I knew - most - not all - of them I've upgraded to 3.3.x manually, - which also proved that users did rely on the message that the application is up to date.

 

 

Edited by alQamar
quotation

Share this post


Link to post
Share on other sites

I find that many users dismiss the prompts to upgrade because they have been burned bt various program updates in the past. Can I also assume these are all premium users that are having this issue?

I am not trying to make excuses but I have not seen this issue personally with my clients. 

But we will let staff comment further. @dcollins@nikhils@vbarytskyy

Share this post


Link to post
Share on other sites

Thanks Porthos. I recognize and appreciate your efforts.

Unfortunately most of the users are not having a premium subscribtion. Me having one, had the same issue back in May when I initially reported it to the support staff. After getting a lot of usual answers that would not help to isolate the problem and fix it, I learned that I have to post it here as the support staff does only handle workarounds for this issue, just as you described when pointing out that downloading the lastest version would address this straightforward.

Share this post


Link to post
Share on other sites

I have partially good news @dcollins

 

I have tried to repro the issues in a fresh Windows 10 VM.

MBAM 2.2.1.1043

Result: application will update its signatures and database, then offer the user to upgrade to current 3.x.
Currently I have no 2.x installations I am aware of on a computer that I manage.

So far I cannot reproduce the issue for 2.x anymore but I rest assure I have seen it in the field.

MBAM3.1.2.1733

Result: The problem persists as described and showed in the screenshot even on a clean machine with a fresh installed 3.1.21733 release.

I have run the latest tools and PSR and upload the data to this post. Please note that by design Firefox is unable to open PSR files Please use IE preferrably.

 

 

Addition.txt

FRST.txt

mb-check-results.zip

 

Edited by alQamar

Share this post


Link to post
Share on other sites

It looks like this was a recent clean install, which explains what's going on here. There's two pieces to this puzzle.

The first piece is metering. When we release a new version of MB3, whether it's a full installer (3.3.1) or a component update (1.0.262), we meter the update out over time. This means that we may only allow 2,000 (or any other number) downloads/hour. We do this for a variety of reasons, but this does limit someone's ability to download updates manually. Clicking that "Check for application updates" button will reach out to our servers, and see if an update is available. If the meter has already been passed for that hour, then no updates will show. So leaving your computer running for awhile (minutes/hours/days), it should eventually get the updates and download them.

That being said, we changed the "Check for application updates" button in 3.2. Starting in 3.2, if you click the button to look for application updates, it will bypass the metering and download the latest version to be installed.

Share this post


Link to post
Share on other sites

Hello Devin,

thanks for the insights about how you manage your DL loads. I agree that 3.2 or later will search for updates when explicitly clicking on the button, and also agree that the scheduled / metered download will correctly kick in in 3.2 or later, bringing all the users that use 3.2 or 3.3.x to the most recent version and / or component update.
The work spent in the later versions has been done pretty good.

Of course I have no data about your server loads so actually I am unable to confirm that 3.1.2 will update to 3.3.x anytime the servers are in a good shape and less busy. Allow me to say that I had several couples of 3.1.2 installations out there and none of them updated to 3.2 or 3.3 automatically. Only starting with 3.2 (after manually updating them) the process was, or better said, IS reliable.

I fairly understand your point of view and now also the technical contraints, but I doubt that users that are running 3.1.2 would be stuck on 3.1.2 for months just because the metering comes into place. I am pretty sure that neither my fresh 3.1.2 installation nor the other one that I still intentionally left outdated will update anytime soon.

Do you think it would be helpful to collect files from the other live system, not my VM, that is affected?

 

Edited by alQamar

Share this post


Link to post
Share on other sites

Yes, if you have a machine that has had 3.1.2 installed on it for awhile and hasn't updated, getting the same logs that were requested above could help us figure out what's going on. Ideally, the following would be best:

  1. Open MB3
  2. Navigate to Settings -> Application
  3. Turn on Event Log Data
  4. Scroll up and click on "Check for Application Updates"
  5. Run FRST and mb-check as called out above
  6. Provide the zip file in your reply
  7. Navigate to Settings -> Application
  8. Turn off Event Log Data

Share this post


Link to post
Share on other sites

Thanks for the new instructions. I will do that but it may take a while since I need to get this user on the phone and do this remotely.

Share this post


Link to post
Share on other sites

Hello Devin @dcollins,

I have collected the files as requested from the client "in the wild". I hope that the logfiles may point out why it will not update, just as others that I had on build 3.1.2.

As said this is the last one I am aware of that I have not upgraded manually so we have no other reference at the moment except this and my VM.

Prior collecting the logs I have checked both if they would offer an upgrade to 3.3.x when searching for application updates, but they won't. Still everything behaves like described in the original post.

 

Addition.txt

FRST.txt

mb-check-results.zip

Edited by alQamar

Share this post


Link to post
Share on other sites

Is this computer by chance not kept on often and only turned on occasionally? The logs seem to indicate that Malwarebytes is only running for a few hours each day (and sometimes a few days in-between are completely blank). I do also see some issues happening after the last update was installed (3.1.2) that might be causing some of these later issues with updating.

Share this post


Link to post
Share on other sites

Hello Devin,

I cannot tell if he is using his computer very frequently, but I guess mostly for checking emails or playing games. It can happen that he is not using it for some days in between which does explain the blank days if this is suitable for you. He reported to have BSOD lately so unexpected / non logged entries may have happened.

The issue for this was a defective pagefile configuration after upgrading from 1703 to 1709, which I have fixed before gathering the logs (exactly on the same day). So far he has not reported any further BSODs since.

"I do also see some issues happening after the last update was installed (3.1.2) that might be causing some of these later issues with updating. "

This is interesting news. I haven't noticed any issue, but how would this explain the same behaviour in my clean VM? Do you use a scheduled task in Windows to run the automatic update?

How is the schedule set?

Edited by alQamar

Share this post


Link to post
Share on other sites

The schedule for updating is set internally in our services. As long as the service is running, updates will periodically be checked for, which is why turning off the computer (or even just quitting Malwarebytes from the system tray) could make updates take longer. I can't be certain that the errors I saw are what is causing the delay in upgrading on this machine. Most likely it's just because Malwarebytes wasn't running in a consistent enough timeframe to get the update.

Share this post


Link to post
Share on other sites

Hello Devin,

I understand your point of view. I will do a test and will have my VM that causes the same issue running for some days and report back after christmas.
No offence but I doubt that this is really the issue.

There are about 55 private computers from different persons that I help them to maintenance and since 3.2 none of them have this updating issue anymore, and I can just assume they haven't rapidly changed their usage. I understand that the button in 3.1.2 is defective and the user will never be able to force an update this way.

I will double check your possible root cause. Thanks for your help so far. I think you can expect an answer by 27/ 28 December. I can just hope this is long enough to initiate the automated update, given this machine is running 24/7 then, will not be blocked due high server duty.

Comparing the situation with 3.2 / 3.3.x the automatic updater seems to be more reliable and seems not to need long uptimes. I can understand however that you do not want all MBAM users to check your servers automatically once a day due to bottlenecking issues, whilst this would offer the best protection / update distribution, if technical possible. If possible you might want to consider to have a look on the schedule that Adobe is using for Reader / Flashplayer update checks, as this schedule works out very even on rarely used computers (except there was a code issue in some FP releases preventing this)

Edited by alQamar
Compare Adobe Schedule please

Share this post


Link to post
Share on other sites

The update servers are checked more than just one a day by each machine, I forget the exact time but I believe it's least once an hour. But take your time with your logs and post them whenever you get a chance. Thanks!

Share this post


Link to post
Share on other sites

You are welcome. I have setup the VM and enabled verbose logging as you suggested. I wish you a happy christmas holiday and will report back as stated previously. Thanks for taking care!

Share this post


Link to post
Share on other sites

Hello Devin,

as announced I have let my VM with Malwarebytes 3.1.2 run for several days. As I have expected there appeared no prompt to upgrade to 3.3.x over the last days.

Verbose logging was enabled during this time and I would be happy if you could investigate the logs for reasons and hopefully the devs will be able to fix the issue in 3.1.2, despite the updating mechanicsm seems to be broken, so that all 3.1.2 can rely on the updating mechanism again and get to 3.3.x or later without manual downloads.

Please find the logfiles attached.

 

Addition.txt

FRST.txt

mb-check-results.zip

Edited by alQamar

Share this post


Link to post
Share on other sites

Devin,

it is me again, just today my friend contacted me about his MBAM 3.1.2 installation  - we talked about post #14 - that he is now getting an update notification
Wonder why my VM did not give me this notification after days up and running. I am completely lost about this inconsistent behaviour now.

Here are his latest logs. If you compare them to my VM logs from post #21 (VM) and the original ones from #14 (my friend's PC) what are the differences?

 

 

Addition.txt

FRST.txt

mb-check-results.zip

malwarebytes3.PNG

malwarebytes4.PNG

Edited by alQamar

Share this post


Link to post
Share on other sites

Hi all, I can confirm that the issue is now solved. Any MBAM 2.x or 3.x installation I have met out there prompted to user to upgrade to 3.4.4 in the meantime.

Thanks for your time and help throughout the process.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.