Jump to content

MBAM Pro won't start at startup


Recommended Posts

I have had Anti-Malware Pro for many months, but because of conflicts with McAfee Enterprise AV 8.7, I've been using MBAM only for on-demand scans. Recently, I noticed a sticky about how to deal with McAfee Enterprise problems. Today I followed the instructions and then told MBAM to start at startup and I enabled the Protection Module. A box popped up telling me that the Protection Module was now enabled. I then rebooted, since my problems in the past had surfaced when I rebooted. There was no problem--but there was no MBAM at startup, either! I started MBAM and found that, again, the Protection Module was not enabled. This happened several times. I have no idea why MBAM isn't starting at startup.

The only other thing I've noticed today--probably not relevant--is that a Quick Scan took substantially longer than it has in the past. Normally, Quick Scans on this computer take five or six minutes. Today, it took more than nine minutes, even though it scanned no more files than usual.

I'm puzzled about all this. What should I do to get MBAM's Protection Module to stay enabled and the program to start at startup?

Thanks in advance for your help.

Link to post
Share on other sites

I'm still unable to get the Protection Module to continue when I reboot. And the only way I've been able to get Malwarebytes Anti-Malware Pro to start at startup is to put mbam.exe in WinPatrol's startup list. But even that just starts the program WITHOUT the Protection Module.

I'm mystified. I updated MBAM to database version 2648 this morning and ran a Quick Scan. It turned up nothing.

I'd really like to get the Protection Module to start at startup, and I'd also like to be able to get the MBAM program to start at startup without having to manually put it into WinPatrol's startup list. But simply checking the Start with Windows button on the MBAM interface isn't working at all.

I'd be most grateful for some help with this.

Link to post
Share on other sites

I would be more worried about Windows not being updated to SP 3 that has been available for over a year that contains performance enhancements and several Critical Security updates.

In Internet Explorer go to Tools then Windows Update then install all recommended updates.

I would then go to Control panel then Automatic Updates and select at least Notify me but do not automatically download nor install them.

Link to post
Share on other sites

I would be more worried about Windows not being updated to SP 3 that has been available for over a year that contains performance enhancements and several Critical Security updates.

I expect to replace my computer within a few months--as soon as Windows 7 is released and available as OEM on whatever computer I choose. Until then, I prefer to stay with SP2. I know of too many people who have been burned when trying to install SP3. I might add that Microsoft apparently recognizes that many people are staying with SP2. The company continues to release security updates for SP2, even very recently. I know, because I have my computer set to be notified of all critical security updates. I've installed all updates except for SP3 and IE8 (I use IE only when I have no choice, and I almost always have a choice).

I'm frankly quite surprised that I've received no response dealing with the problem I'm having with Anti-Malware Pro. Its Protection Module continues to stay on only until I turn off the computer (which I do every night). When I reboot, the Protection Module is no longer enabled. In fact, I can't even get MBAM to start at startup (in spite of checking the relevant box) except by putting mbam.exe in WinPatrol's Startup section. This is clearly not the way Anti-Malware has worked in the past nor is supposed to work. I'd really appreciate some help with figuring out what's going wrong. MBAM is far and away my favorite anti-malware program. I'd like to get it working as it should.

Thanks in advance.

Link to post
Share on other sites

Those logs don't contain much that is helpful (obviously that isn't your fault). Let's try this. Reboot your computer and try to duplicate the problem. Make a note of the time the computer reboots, and then leave it alone. Wait to see if MBAM starts up after a while, and then look at the protection log to see how long it took and when the messages were written to the log.

Am I correct in understanding that if you start protection manually, it works fine?

Link to post
Share on other sites

Those logs don't contain much that is helpful (obviously that isn't your fault). Let's try this. Reboot your computer and try to duplicate the problem. Make a note of the time the computer reboots, and then leave it alone. Wait to see if MBAM starts up after a while, and then look at the protection log to see how long it took and when the messages were written to the log.

Am I correct in understanding that if you start protection manually, it works fine?

Thanks, Doug, for your response. I've now been trying various combinations, but the bottom line is that although I have MBAM set to start with Windows, it does NOT. And although when I click on the Start Protection button on the MBAM Interface, it starts and tells me that it's now protecting me, as soon as I log off, it stops and does NOT start again when I restart the computer. The only thing the protection log shows are the two entries that are added each time I manually start Protection Mode.

I brought up Task Manager to see what I could find from MBAM. Even when there's no sign that MBAM has started, a process called mbamservice.exe is listed, but that's all. If I then start MBAM manually, a second process appears on the Task Manager, mbam.exe. And when I manually press Start Protection, a third process appears, mbamgui.exe. But neither of these latter two are there unless I manually start MBAM.

I'm beginning to suspect my firewall may be causing these problems, but I'm not sure. I recently switched from long-in-the-tooth Sygate to Outpost Agnitum Free Firewall. I don't yet understand its features, but I'm beginning to wonder whether it's blocking MBAM. Then again, if it were, wouldn't it say something when I manually start MBAM and MBAM Protection Module? There's a section/feature of Outpost called Self-Protection, which supposedly "ensures that the Outpost Firewall cannot be disabled by malware." There's an "Exclusions" setting where one can list applications that are allowed to access Outpost Firewall components and registry keys. There were two already listed: mcshield.exe and SpybotSD.exe. I decided to add mbam.exe, but that didn't help. Should I have added something else?

I'm beginning to wonder whether I should have just stayed with Sygate :( . Then again, perhaps the MBAM problem has nothing to do with the Outpost Firewall. I just don't know. I've thought about 1) uninstalling and reinstalling MBAM and/or putting Outpost back into learning mode. I'd welcome your advice.

Link to post
Share on other sites

So the service starts correctly but the GUI (tray control) does not. I suspect your antivirus or some other piece of security software is blocking it from running on boot (it runs from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run). I am going to ask one of the support team to help you debug this because they do more of this on a day-to-day basis than I do, and probably know exactly what to try. Thank you for your patience.

Link to post
Share on other sites

So the service starts correctly but the GUI (tray control) does not. I suspect your antivirus or some other piece of security software is blocking it from running on boot (it runs from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run). I am going to ask one of the support team to help you debug this because they do more of this on a day-to-day basis than I do, and probably know exactly what to try. Thank you for your patience.

Thanks VERY much, Doug. I'd welcome that. Nothing I've tried seems to make a difference except putting mbam.exe in WinPatrol's Startup section, but that doesn't explain why it isn't there automatically, nor why the Protection Module doesn't work unless I manually start it each time. I suppose I could put mbamgui.exe in the WinPatrol Startup section as well, but I'd rather try to get to the root of the problem. So I'd be most grateful for help from one of the support team.

Link to post
Share on other sites

Sorry, do you mean to add mbamgui.exe to WinPatrol's allowed list? Because that is definitely something you would have to do. It is a separate process that has to run separately from mbamservice.exe and mbam.exe at startup.

No, I don't think that's what I mean. Normally, when a program wants to start at Windows startup, it inserts itself into Windows Startup menu, and WinPatrol adds it to its Startup monitoring section. The first time a program tries to add itself to the Windows Startup menu, WinPatrol will ask me whether I want this to happen. If I don't, WinPatrol will either block the program from gaining access to the Startup Menu or, if worst comes to worst, will enable me to disable or remove the program from WinPatrol's Startup section, thereby preventing it from starting at startup. But the problem is that for some reason, MBAM apparently isn't inserting itself into Windows Startup menu, so it's also not in WinPatrol's Startup section. If I want, I can manually ADD programs to WinPatrol's Startup section, but I'd rather try to find out what's preventing MBAM from doing this itself, and what's preventing the Protection Module from remaining in force upon reboot.

Link to post
Share on other sites

You may have to add the following files to the exclusions list for your anti-virus's real-time protection:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Link to post
Share on other sites

You may have to add the following files to the exclusions list for your anti-virus's real-time protection:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Arthur, thanks for your response. Unfortunately, I don't think McAfee Enterprise Edition has a straightforward exclusions list. I had already followed the instructions provided in the pinned message from June 24 in this section of the Forum. After reading your message I decided to add all three program names to the exclusions sections specified in the June 24 instructions. However, that made no difference at all. When I rebooted, Anti-Malware Pro still did not start at startup and the Protection Module was no longer on.

Link to post
Share on other sites

  • Root Admin

It seems that McAfee has recently changed something once again that is now blocking MBAM on startup. If you delay the startup by about a couple minutes it will probably be okay.

I'm working on trying to see if we can find a method around this new update, in the meantime you should be able to use the WinPatrol's Startup Delay to get around this for now.

Link to post
Share on other sites

It seems that McAfee has recently changed something once again that is now blocking MBAM on startup. If you delay the startup by about a couple minutes it will probably be okay.

I'm working on trying to see if we can find a method around this new update, in the meantime you should be able to use the WinPatrol's Startup Delay to get around this for now.

Thanks very much, Ron, for this explanation. And yes, I can easily put MBAM into WinPatrol's delayed startup section.

Again, many thanks!

Link to post
Share on other sites

Ron, I've now tried your Win Patrol suggestion. I hope Malwarebytes will be able to figure out a better way to deal with McAfee's latest craziness, because using WinPatrol's Delayed Start function isn't really satisfactory. For one thing, in spite of my selecting the option in WinPatrol to have the program start minimized, MBAM starts with the normal Malwarebytes screen, which can be very disconcerting and annoying when it suddenly appears while I'm in the midst of doing something. And I could find no way to get the Protection Module to be on at startup, not even a delayed startup. I think I'm probably better off taking MBAM out of WinPatrol's Delayed Startup and just starting it manually, and then clicking on the Protection Module. :(

Although it didn't do what I'd hoped, I really do appreciate your attempt to help.

Link to post
Share on other sites

  • Root Admin

This appears to work for now until I have more time to track down the actual files and processes that are being blocked now by McAfee.

Add the following FOLDERS to the Exclusions for the On-Access Scanner (make sure to add the trailing \ on the end to indicate a folder) and also choose the option for Sub-Folders

C:\Documents and Settings\All Users\Application Data\Malwarebytes\

C:\Program Files\Malwarebytes' Anti-Malware\

Then add the following files as well by exact path and name

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

If you have the Access Protectin Rules enabled then you'll also need to add some if not all of the MBAM related files until I can spend more time and find all the exact files again now that McAfee has made some change that are targeting them.

NOTE: If you're running Vista then you'll need to modify the paths accordingly.

Link to post
Share on other sites

  • Root Admin

For those that may need a little more guidance on making these settings.

Corporate KnowledgeBase

Managing file and folder exclusions in VirusScan Enterprise 8.x

Corporate KnowledgeBase ID: KB50998

Published: March 20, 2009

https://kc.mcafee.com/corporate/index?page=...8&pmv=print

Tutorials

KB50998 - Managing file and folder exclusions with VirusScan

https://kc.mcafee.com/corporate/index?page=...&id=TU30053

Corporate KnowledgeBase

Managing VirusScan Enterprise exclusions with hardware paths

https://kc.mcafee.com/corporate/index?page=...&id=KB61000

Link to post
Share on other sites

Ron, I very much appreciate all your help. Unfortunately, so far it seems not to be working. I added the two files and two folders to the Exclusions for the On-Access Scanner (and yes, I included the \ for the folders and not for the files). At an earlier point, I had added the file names mbam.exe, mbamgui.exe, and mbamservice.exe to all the places you indicated in your June 24 pinned memo about McAfee Enterprise. I then removed the entries I had put in WinPatrol's delayed startup listing and rebooted. Alas, the story was unchanged: MBAM did not start at startup, and when I started it manually, the Protection Module was not active.

I confess that while the Exclusions section of the On-Access Scanner is quite clear, I don't really feel as if I know what I'm doing with the Access Protection section. I simply added the three filenames to lists that were already there in each section you specified in June. I don't have either Block or Report checked in those sections. The only thing I have checked is Block and Report for Prevent mass mailing worms from sending mail (under AntiVirus Standard Protection). So it may not matter whether or not I've got the mbam files listed.

I'm wondering whether I should uninstall and reinstall MBAM and see whether that helps. I vaguely recall some instructions about downloading and using mbam-clean.exe. Is that necessary?

Thanks again for your help.

Link to post
Share on other sites

  • Root Admin

I'm guessing that you get an error loading the Protection Module (not clear here in the latest post)

Try the following if that is the case. From a DOS prompt run this

cd \program files

cd "Malwarebytes' Anti-Malware"

MBAMGUI /uninstall

Now restart the computer. Then when it restarts launch MBAM and click on the Enable Protection it should now load without error.

Then set it to Load with Windows and reboot and it should load and it should not freeze now if all the FOLDERS are set as an exclusion in the On-Access Scanner section under ALL PROCESSES.

If you like you can send an email to corporate@malwarebytes.org and we can work on it or send me a Private Message with your email contact information.

Link to post
Share on other sites

I'm guessing that you get an error loading the Protection Module (not clear here in the latest post)

Try the following if that is the case. .....

If you like you can send an email to corporate@malwarebytes.org and we can work on it or send me a Private Message with your email contact information.

Hi, Ron. No, I did not get an error message when I loaded the Protection Module (I assume that you mean when I clicked on the Start Protection button). When I click on the button, a box pops up telling me that the Protection Module is protecting me--not the exact words, but something to that effect. The Protection Module then stays on until I turn off the computer. Upon reboot, it's off again.

I can't continue this discussion at the moment. I'll check back here later today, and if need be I'll send you an email or a PM.

Again, many thanks.

Link to post
Share on other sites

  • Root Admin

Thank you for the PM. Yes at this time it seems that something is still up between McAfee and MBAM. Even setting it as I've mentioned does not work on every system you try it on. Almost like they're ignoring the exclusions we've put in place.

If I do find a fix I'll be sure to post about it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.