Jump to content

Web Protection won't stay on


Recommended Posts

I just upgraded to version 3 today.  I was surprised that I was told that Real Time Protection hadn't been turned on, but I turned on all the protections and then ran a scan, which said that all was well.  Some hours later, I took another look at MB3, and I was again told that Real Time Protection was not on, even though I had turned it on earlier today.  I again turned everything on, but when I turned on Anti-Exploit, it moved almost at once back to Off (I don't think it did this when I first installed MB3 this morning, but I'm not sure.)  I cannot get Anti-Exploit to stay on.  I'm using MB Premium version 3.3.1.2183, component package 1.0.262, update package version 1.0.3604.  My computer runs Win7 Prof. 64-bit.  Since this is the first day that I've used MB3 (after running MB2 happily for years), I'm not sure what's normal and what's a problem, but other messages in this thread seem to indicate that I'm not the only one being told that Real Time Protection is off, and this is not normal.  Also, why won't Anti-Exploit stay on? 

Link to post
Share on other sites

I don't know whether I should post these files here, but since other people with similar problems have been asked for them, I'll post them here now.  (I read that mb-check-results would find and include the other two files, but I didn't seem them listed in the contents of mb-check-results.zip, probably because they were saved to downloads rather than to desktop.  At any rate, I've included them here.)

Also, I thought I'd add that I just tried yet again, a couple of hours after the last time I tried, and Real Time Protection was again off, and Exploit Protection again wouldn't stay on when I tried to turn it on.

mb-check-results.zip

Addition.txt

FRST.txt

Edited by whatmeworry?
updated information
Link to post
Share on other sites

1 hour ago, whatmeworry? said:

don't know whether I should post these files here

You should have started your own topic.;) But since your here...

I've seen a few reports of Kaspersky's rootkit scanning blocking our protection layers. Could you try the following:

  • Open the Kaspersky Software.
  • Click on Settings.
  • Click on Performance on the left.
  • Uncheck Perform regular rootkit scan
    • It may also be labeled "Search for software that is intended to conceal traces of a malicious program in the system"
  • Reboot

Also, exclude the following and instead of using the browse feature, type out these locations manually as there may be an issue where exclusions don't get set for these files when using the browse feature:

  • C:\Windows\sysnative\drivers\mbam.sys
  • C:\Windows\sysnative\drivers\mwac.sys
  • C:\Windows\sysnative\drivers\mbamswissarmy.sys
  • C:\Windows\sysnative\drivers\mbamchameleon.sys
  • C:\Windows\sysnative\drivers\farflt.sys
  • C:\Windows\sysnative\drivers\mbae64.sys

Then do this next if the above does not after you restart.

We have another tool called MB-Clean which will automate the whole process for you.

 Tool can be found at https://downloads.malwarebytes.com/file/mb_clean

 

 

1. After downloading the tool run the tool.

2. The tool will automatically clean up the older possibly damaged installation and will ask you for a restart.

3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product .

4. Click on "Yes" to reinstall MB 3.×.

5. Now you will have the latest product installed. If it does not offer the new install after the reboot you can download and install from here. 

 

https://downloads.malwarebytes.org/file/mb3

 Please let me know if you are still seeing issues after the latest product install.

Edited by Porthos
Link to post
Share on other sites

Thanks very much, Porthos, for your reply.  So are you saying that if someone reports a problem and I want to report the same problem, I should start a separate thread rather than add to the one already started?   My experience with other forums led me NOT to do that, and even on Malwarebytes, I recall seeing lots of threads where people essentially said "me too."  On false positive threads, it was especially useful.  But if that's not the appropriate way to handle reports of MB3 problems, I'll keep that in mind for the future.

I was able to find the rootkit setting, and you're right that for some crazy reason Kaspersky doesn't see the files you've listed if one uses Kaspersky's browse feature.  But when I tried to enter the files by typing them in, I couldn't type anything in the box!  Also, is C:\Windows\sysnative a Windows 10 folder?  It doesn't exist on my Windows 7 computer.  Here, it's C:\Windows\System32.  I think I'll give the computer a rest and try again in the morning.

 

Link to post
Share on other sites

10 minutes ago, whatmeworry? said:

But if that's not the appropriate way to handle reports of MB3 problems, I'll keep that in mind for the future.

Each computer is different even if it seems to be the same issue.

Try these.

C:\Windows\system32\Drivers\farflt.sys

C:\Windows\System32\drivers\mbae64.sys

C:\Windows\System32\drivers\mbam.sys

C:\Windows\System32\drivers\MBAMChameleon.sys

C:\Windows\System32\drivers\MBAMSwissArmy.sys

C:\Windows\System32\drivers\mwac.sys

Link to post
Share on other sites

Thanks very much Porthos.  I'm happy to report that this morning I had no trouble typing in the files that Kaspersky should exclude.  They were slightly different from what you had suggested, and different from what the MB web site suggests.  I mean the files were the same, but sometimes the capitalization was different.  Also, I don't have a Drivers sub-directory, just a drivers (lower case) sub-directory.  All the suggested files are in that sub-directory.  As you indicated earlier, Kaspersky doesn't see most of the files when you ask to Browse, but when I look at the directories in my file manager, all the files are there, and Kaspersky accepted them all when I typed them in.  Best of all, MB3 tells me that all the protections are on, even Exploit.  I ran a scan and was told all is well.  I was surprised that the scan took about 40 minutes, since the first scan I did right after installing MB3 took only ~15.  But that scan covered only 290K files, whereas the one I did today covered slightly more than twice that number.  Anyway, I think I'm good to go.  Again, thanks VERY much for your help.

Link to post
Share on other sites

Thanks for the update @whatmeworry?. As for the sysnative folder, it is a default Windows folder for x64 machines so that x86 applications can access the x64 files properly and not be redirected.

Also, for future reference, in the majority of situations windows applications are not case-sensitive, but it never hurts to make sure you match what's on your system :) 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.