Jump to content

IMPORTANT: Web Blocking / RAM Usage


Recommended Posts

21 hours ago, dcollins said:

It's very strange to hear about the hard drive issues. The main hard drive activity that this would've caused is for lots of Web Protection reports to show up in %ProgramData%\Malwarebytes\mbamservice\MwacDetections. But this happens normally anytime there is a block. The root symptom of this issue is that it used up too much RAM, which could have also triggered the pagefile to swap in an out, but Windows already does this at a pretty consistent clip as well. If anyone has some logs around the corruption or hard drive tests, I'd be curious to see them (you can message me directly if you'd like).

Sorry I dont have an data to show you but the issue started when I booted up and I used task Manager (and very much later when it eventually managed to start) MS process explorer to confirm it was 100% disk usage and 100% RAM in both tools...the machine was effectively frozen and response to keys or starting apps (or to ctrl-alt-del) was about 5 or 10 minutes. Eventually went for a hard stop. My machine was running like this for about 20-30 minutes while I tried to work out what was happening but eventually, refresh rates on the monitoring apps was extemely poor, panic set in and I just decided to stop the machine.
If you can tell me where to look for appropriate logs I'll have a look and see if they are still there
As with Davidtoo I started experiencing issues (different ones concerned with losing access to win10 start menu and Notification and mail etc) and had to go to safe mode for a while to run some rudimentary AV and disk checks from powershell in admin. My research for a solution didnt focus on MBAM at all as I wasnt aware it was at the root of the issue - I tried running all the standard checks and got results that said I had disk corruption and CHKDSK just would not repair past 11%, and then I found on the MS site a comment that helped sort out my issues with accessing Win10 start and Action centre by editing a registry value
"\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpnUserService" Start from 2 to 4
Once there I started finding other elements damaged and personalisation data corrupted, so much so that I started trying to clear what appeared to be damaged personal files because I thought they could have been compromised during the event.
Anyway also like Davidtoo I have since found that I lost the Edge history (hence I cant link you to the page that gave me the regedit solution) and I've also found that all my regular system restore points taken before Saturday have been wiped or lost.

As a post script the aftermath seems to be rumbling on as various previously stable programs such as Libre Office and browsers are now crashing every day, I've run checks on the drive and since Windows auto recovery decided to kick in it says it is OK physically but I think I am going to have to reinstall windows because there must be other issues causing the instability unless it really is the hardware. Its a pain as I have to go dig my old machine out and check I have laplink backed up, then go through the getting the machine back the way I like it and pray nothing is missing.

I dont have the experience or background to get much further than I have but I believe my dell is still covered by call out warranty so that may be a last resort if a reinstalll doesnt sort it out.

Link to post
  • Replies 761
  • Created
  • Last Reply

Top Posters In This Topic

For those mentioning hard drive issues, I would wager good money it's due to the Windows page file (for those less knowledgeable, Windows will use the hard disk when you run out of RAM). This can cause disk usage to go up as process memory increases.

By default this amount is managed by Windows. I override it and set a maximum, so my machine will crash instead (which I prefer over eating up my hard drive and making it run slower than molasses).

If you have an SSD, this can kill it (depends on usage, of course).

Edited by Phoenix84
Link to post
5 hours ago, Phoenix84 said:

For those mentioning hard drive issues, I would wager good money it's due to the Windows page file (for those less knowledgeable, Windows will use the hard disk when you run out of RAM). This can cause disk usage to go up as process memory increases.

By default this amount is managed by Windows. I override it and set a maximum, so my machine will crash instead (which I prefer over eating up my hard drive and making it run slower than molasses).

If you have an SSD, this can kill it (depends on usage, of course).

I also have a SSD and was fortunate enough to have caught it in action... I immediately employ the 'emergency protocol' -  physically pull the plug off the router and manage to 'save' it

RE.pagefile I also manually set it while waiting for the strom to blow over... but now I set it back to automatic.

Just curoius to your user experience on SSD - If you set the max yourself, dont you find the system often get 'jittery' esp when it tries to load something faster or larger RAM?

Thanks :D

Link to post
21 minutes ago, HighCaliber said:

Just read the MalwarebytesFPPlan-EndpointProtection.pdf that was sent to techbench accounts.  Bravo for coming up with a clear plan to move forward from this.  I'm sticking with you!

Can't locate this document through a web search; is it available to mere mortals ?

Link to post

I find this INFURIATING!!!   "10:48 AM The update v1.0.3803 without the bad detection was posted":

OH, GREAT!!   10:48 a.m. on Saturday you fixed it and I didn't realize anything until Sunday night at 9 p.m.   THANK YOU SO MUCH!!!  And I didn't learn it was a MWB problem until Monday afternoon.   GREAT COMMUNICATION!!!      

I will spend this weekend in the house catching up on work I should have done last weekend.    WHY DID YOU NOT EMAIL USERS?  You have no email addresses?     If not for one friend who was helping me decide on which new computer to buy who wanted to see my dead computer Sunday night, I might have gone out Monday morning to Micro Center to buy a new desktop computer.  

Geez.

I have another corrective action:

Corrective Action

Based on the finding listed above, the following corrective actions will be taken:

 The system that performs the syntax checking of all Web Filtering heuristics will be expanded to reject entries that cover these wide IP ranges.

 The components within the Malwarebytes Web Filtering system that runs on customer computers will be changed to perform stronger checking of these entries – similar to the point above – and reject any that do not meet that criteria.

 Improve the facility within our publishing system that provides the ability for faster rollback of problematic detections. This will reduce the window of exposure, thus reducing the number of customers impacted.

 Add many more computers to our existing testing cluster to increase the scope of our coverage.

ADDITIONALLY, WE WILL INFORM ALL USERS IMMEDIATELY!!!!!   We won't hide it on the MB forum which many people never visit or know about.  We will use email!!

 

Edited by marge201
added a corrective action
Link to post
On 1/31/2018 at 6:24 PM, marge201 said:

You said that you found out about this mess on Saturday on your phone (an email, I thought, but maybe not) and then you say that a simple email should have included us, the users.  So did you find out about this Saturday?  I found out late Sunday night when I turned the computer on and saw that it's fine but not until Monday about the MWB problem.    How can MWB not have sent an email to users on Saturday??!!!

I thought i created a new member acc for this but when logged in I can see last I was here in 2012. I wrote please send me email about updates. 2016 and 2017 the way I have found out that there are product updates available is finding them posted on pirate sites. not lol.

Link to post
  • 1 month later...
  • Administrators

We will be locking this thread as we're starting to see unrelated posts happening. If you're in need of assistance, please check out the following:

Link to post
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.