Jump to content
skitterismycat

Real-Time Protection->Exploit Protection Turns Off

Recommended Posts

My real-time exploit protection keeps turning off.  It used to always be on, then it stopped working and I had to update MB, which I did.  Now it's not working again.  I've attached the log file per instructions in another user's issue.

Assistance with this issue would be greatly appreciated.

Thank you.

Carolyn

mb-check-results.zip

Share this post


Link to post
Share on other sites

Nikhil,

I just downloaded and installed the latest installer, per your suggestion.  It appears to have corrected the situation; the anti-exploits turned on, and has remained on.

Thank you very much!

Carolyn

Share this post


Link to post
Share on other sites
On 1/22/2018 at 8:19 PM, nikhils said:

Hello @skitterismycat

Can you please try this :

1. Download the latest installer from https://downloads.malwarebytes.com/file/mb3

2. Run the installer on top of existing product. You don't need to uninstall anything.

3. After install let us know if the Anti Exploit corrects correctly.

Thank you.

Same problem....this also fixed it for me.  Thanks...Al

 

Share this post


Link to post
Share on other sites

Having same problem.

 

Assistance/suggestions where possible.  I've tried the clean tool, reinstalling, etc.

 

Log files are attached (gathered using the  "FRST64 and the MB-Check tool" method).

 

Gratefully yours :)

MBAM client

mb-check-results.zip

Share this post


Link to post
Share on other sites
1 hour ago, Tonality said:

I've tried the clean tool, reinstalling, etc.

Somehow you ended up with"installer_version" : "3.1.2", installed.

Can you please try this :

1. Download the latest installer from https://downloads.malwarebytes.com/file/mb3

2. Run the installer on top of existing product. You don't need to uninstall anything.

Share this post


Link to post
Share on other sites
19 minutes ago, Porthos said:

Somehow you ended up with"installer_version" : "3.1.2", installed.

Can you please try this :

1. Download the latest installer from https://downloads.malwarebytes.com/file/mb3

2. Run the installer on top of existing product. You don't need to uninstall anything.

 

Gotcha -- thanks for the input and directive. Downloaded latest installer from supplied link.  Yet I still am left with the Exploit Protection slider in 'stubborn' mode (it won't enable.)

Logs attached, and I appreciate your time.

 

Kindly :)

mb-check-results.zip

Share this post


Link to post
Share on other sites
2 minutes ago, Tonality said:

Yet I still am left with the Exploit Protection slider in 'stubborn' mode (it won't enable.)

Quote

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe    REG_SZ        ~ RUNASADMIN

Go to the folder C:\Program Files\Malwarebytes\Anti-Malware\
Find the file MBAMService.exe  and right click on it and choose Properties
In the window that pops up click on Compatibility Tab
Remove ALL checkmarks. Malwarebytes has issues when you change these settings,

Then please restart the computer.

Then use MB clean again and this time be sure if it does not offer the new install after the reboot you use the current version from the link you just downloaded. 

Share this post


Link to post
Share on other sites
32 minutes ago, Porthos said:

Go to the folder C:\Program Files\Malwarebytes\Anti-Malware\
Find the file MBAMService.exe  and right click on it and choose Properties
In the window that pops up click on Compatibility Tab
Remove ALL checkmarks. Malwarebytes has issues when you change these settings,

Then please restart the computer.

Then use MB clean again and this time be sure if it does not offer the new install after the reboot you use the current version from the link you just downloaded. 

 

Ok -- done.  Exactly as stated.  Yet.... (sigh) ... still no Exploit Protection.

 

I'm open and willing to keep executing suggestions, as your time permits.

 

Logs attached.

:)

mb-check-results.zip

Share this post


Link to post
Share on other sites
9 minutes ago, Tonality said:

I'm open and willing to keep executing suggestions, as your time permits.

Have you enabled any non-default exploit settings in Windows Defender?

Share this post


Link to post
Share on other sites
1 minute ago, Porthos said:

Have you enabled any non-default exploit settings in Windows Defender?

None.

 

The only setting which looks a bit 'off the beaten path', yet seems to have some logic to it, is seen in a screen snippet attached.  I'll take your commentary on it, of course.

WinDef.jpg

Share this post


Link to post
Share on other sites
7 minutes ago, Tonality said:

  I'll take your commentary on it, of course.

See the below screenshots

 

defender exploit 1.png

defender exploit 2.png

Share this post


Link to post
Share on other sites
3 minutes ago, Porthos said:

See the below screenshots

All is set to default under "System Settings". 

 

Switching to "Program Settings",  I do see some programs which have (as some examples) "1 system override", or "2 system overrides", ....

Share this post


Link to post
Share on other sites
5 minutes ago, Tonality said:

All is set to default under "System Settings". 

 

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)

For Defender

Add these to FILE exclusions

C:\Windows\System32\drivers\mbae64.sys
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\MBAMChameleon.sys
C:\Windows\System32\drivers\MBAMSwissArmy.sys
C:\Windows\System32\drivers\mwac.sys
C:\Windows\system32\Drivers\farflt.sys

Add to Process exclusions the following files. (copy and paste works best on these)

C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant
C:\Program Files\Malwarebytes\Anti-Malware\mbamwow.exe

 

Folders
Also the MB folder in Program Files and the one in Program Data (it is hidden by default)

C:\Program Files\Malwarebytes
C:\ProgramData\Malwarebytes   (Enable hidden files to add this one.)

 

Edited by Porthos

Share this post


Link to post
Share on other sites
28 minutes ago, Porthos said:

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)

For Defender

 

28 minutes ago, Porthos said:

Add to Process exclusions the following files. (copy and paste works best on these)

Done.

Sorry my friend; still no dice.

(I even did a 'token' reboot after adding the exclusions, just in case that would've made a difference.)

Edited by Tonality

Share this post


Link to post
Share on other sites
29 minutes ago, Porthos said:

Folders
Also the MB folder in Program Files and the one in Program Data (it is hidden by default)

 

Share this post


Link to post
Share on other sites

The only other thing I can think of is WinPatrol getting in the way if the clean install. 

Share this post


Link to post
Share on other sites

Just turned off WinPatrol & WinPrivacy; Nada.

'twas working (the Exploit Protection) within the last day or two!

I thank you profusely (virtual handshake, if I may) for your volunteering efforts. When folks go out of their way and spend this much time with me, whether the problem is solved or not, I am just a grateful for a peer to be willing to be of service.

I am impressed, and thankful.  I'll see what I can do, and follow up if I come up with a solution.

 

:)

Share this post


Link to post
Share on other sites
12 minutes ago, Porthos said:

Let's get staff to look deeper. 

 

Much obliged.  Been a Malwarebytes Client (Premium Edition) since about 2014 -- haven't had this happen in the past.

To be fair, I'll attribute it to something (that was inevitably) of my own doing.

 

;)

Share this post


Link to post
Share on other sites

@Tonality

Just to make sure that nothing is getting in the way of a healthy installation, can you do the following

  • Remove Malwarebytes
  • Boot to safe mode with networking (make sure to select this when booting to safe mode)
  • Attempt to install Malwarebytes 3 again (in safe mode with networking)

Report back and let me know how everything installs. 

Share this post


Link to post
Share on other sites
1 hour ago, vbarytskyy said:

Just to make sure that nothing is getting in the way of a healthy installation, can you do the following

  • Remove Malwarebytes
  • Boot to safe mode with networking (make sure to select this when booting to safe mode)
  • Attempt to install Malwarebytes 3 again (in safe mode with networking)

Report back and let me know how everything installs. 

Will do -- with note below before doing so:

FYI: On my own accord, after reading a post wherein a member installed the beta iteration (v3.4) over the latest production version, reported no signs of any protection services turning off or not enabling (eg, the real time protection services.)

Having done so (late last night, with usage thereafter and this morning), my current installation of v3.4 beta has/is running like a champ: no issues. 

I do understand the disclaimers/implications of running (any) software which is issued in a beta compiled state. Having said this, shall I continue with your suggestion? (I'm fully willing/glad to do so.)   Or shall I leave "well enough alone" running beta given things are back to 'normal'?

I'll await your input suggestion before proceeding.

Kindly.... Tonality :)

Share this post


Link to post
Share on other sites
5 minutes ago, Tonality said:

I do understand the disclaimers/implications of running (any) software which is issued in a beta compiled state. Having said this, shall I continue with your suggestion? (I'm fully willing/glad to do so.)   Or shall I leave "well enough alone" running beta given things are back to 'normal'?

I'll await your input suggestion before proceeding.

Staying on the beta should be fine... they do have a bug in it where it causes a BSOD on some systems, and they are working on that... if you are not getting any BSOD's then your not affected.  I am running the beta myself on several computers and have no issues.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.