Jump to content

Patch release blocked by Windows defender


Recommended Posts

I just installed the new patch release 3.4.5 on my windows 10 laptop. When the installment was almost complete I got a pop up saying that there was insufficient space and then a popup from Windows Defender saying it had blocked an unauthorized installation. After closing all notifications I checked MB and it appears to have been updated correctly. I think that the same thing happened in the last update. How can I be sure that it has been correctly installed?

Link to post
Share on other sites
  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
  • Root Admin

Hello @ejbeak

Let us get some logs please and we'll see what we can find that might be causing this and see if the update is/was applied.

 

Please download the Malwarebytes Support Tool to assist us in helping you further with your issue.

It is a multi-purpose troubleshooting and repair utility, designed to assist with issues related to Malwarebytes for Windows. Our goal with the Malwarebytes Support Tool is to provide a simple and stress-free approach to troubleshooting issues with Malwarebytes products

** Download Malwarebytes Support Tool Here **
 

1. Please save the file where you can locate it.

download.jpg.970e987e98e7b2e1e1e4ebf10b6

2. Then close all browsers and locate the file you downloaded and double-click on it to install and run the program.

start_install.jpg.93d4745d746a5a93512134

3. Place a checkmark on the "Accept License Agreement" checkbox and click the Next button.

software_license_agreement.jpg.c5bd03db8

4. Click on the "Advanced Options" link for Forum Support options

Forum_Support.jpg.936b885674dc07463de20b

5. Click on the "Gather Logs" button

click_gather_logs.jpg.e01fea6f9610162069

6. The program will run the FRST program in the background and gather some diagnostic logs and zip them up on your desktop as:  mbst-grab-results_zip

mbst-grab-results_zip.jpg.3f5b6305df053b

7. Close the Malwarebytes Support Tool and locate the file: mbst-grab-results_zip on your desktop and upload that as an attachment to your next reply.

upload_this_file.jpg.fa7c212fb55601fb1d3

 

For more information, please refer to the following links:

Malwarebytes Support Tool User Guide
Malwarebytes Support Tool FAQs
 

Thank you

Ron

 

 

 

 

Link to post
Share on other sites

Sorry, I've been down that road before and I haven't got time or patience to do it again. As far as I can see the update has been installed. I'm just not sure that I won't have a problem with it later. If Windows Defender is flagging this as malicious? then that is something for your support team to sort out. Perhaps it has something to do with not listing MB in the Windows action center. That option has always been dodgy. If I list MB recommended setting it works fine until some time down the road after a reboot or update it causes Windows defender to disable itself and it can't be started again until MB is unlisted again. That bug should have been fixed a long time ago.

Link to post
Share on other sites
  • Root Admin

I'm sorry and I can appreciate your frustration but without assistance from users such as yourself helping us to fix it, then it probably won't get fixed as most users don't experience this issue. That makes it very hard to fix something that few users experience.

Thank you for your time

Ron

 

Link to post
Share on other sites
2 hours ago, ejbeak said:

If I list MB recommended setting it works fine until some time down the road after a reboot or update it causes Windows defender to disable itself and it can't be started again until MB is unlisted again. That bug should have been fixed a long time ago.

Yes, unfortunately the way Microsoft implemented Windows Defender in its most recent versions is such that it is supposed to automatically disable itself if Windows Action Center detects another antivirus product installed, so when Malwarebytes is registered as your AV protection, Windows Defender will turn itself off automatically (at least according to Microsoft that's what it is supposed to do).  This is also why, by default, Malwarebytes will not register itself with Action Center if Windows Defender is currently active so that users who wish to use both may continue to do so.

Link to post
Share on other sites

The Windows Defender blocking is from the controlled folder access module stopping changes to the desktop shortcut.I have added exclusions for every MB folder file and exe that I can find but next time I update I will just disable this module before installing. The notification saying that I don't have enough space is bogus as there is 930 GB of free space on my drive. To you Ron. If you think nobody else is experiencing this, we will wait and see. For now, the program seems to be working fine but my confidence in this product has waned to almost zero.

Link to post
Share on other sites
  • Root Admin

More information about Windows Defender

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus

 

Important

Disabling the Windows Security Center service will not disable Windows Defender AV or Windows Defender Firewall. These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.

 

Warning

If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device. It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed. This will significantly lower the protection of your device and could lead to malware infection.

 

Note

The Windows Defender Security Center app is a client interface on Windows 10, version 1703. It is not the Windows Defender Security Center web portal that is used to review and manage Windows Defender Advanced Threat Protection.

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection

 

Link to post
Share on other sites

The Windows Defender module causing the blocking is the controlled folder access setting. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard This from what I can see was added in the 1709 update. I can not find the actual modification that it blocked as it doesn't keep a log like it does for scan detections. Exclusions can be added to this if you know the name of the folder that's tripping the warning. As I have only had this problem since the last major Windows update, I am convinced that they are related. I suggest you have your boffins look into it.

Link to post
Share on other sites
10 hours ago, ejbeak said:

The Windows Defender blocking is from the controlled folder access module stopping changes to the desktop shortcut.I have added exclusions for every MB folder file and exe that I can find but next time I update I will just disable this module before installing. ...

Hi ejbeak:

You might be interested in reading John A's topic Need to update "Having problems using ..." thread.  This user reported that utilities like FRST and MB-Check will not run correctly if they are saved to the Windows desktop when the Controlled Folder Access feature (a.k.a. anti-ransomware) is enabled in the Windows Defender Security Center of Win 10 Version 1709.  John A could solve their problem by either temporarily disabling Controlled Folder Access or downloading FRST and MB-Check to the Downloads folder instead of the Windows desktop.

Your observation about the MB desktop shortcut seems to tie in with John A's comments.
------------
32-bit Vista Home Premium SP2 * Firefox v52.7.3 * Norton Security Premium v22.12.1.15 * MB Premium v3.3.1.2183 (CP v1.0.262)

Edited by lmacri
Link to post
Share on other sites

Thanks, Imacri.

I'm convinced that it is the controlled access that is causing problems. If in future it blocks something I don't want to be blocked I will add an exclusion or temporarily disable it before I install something that needs to add or modify a desktop icon. I'm surprised that the support team has not observed and corrected this by now. Another minus browny point to add to my long list of gripes about MB mark 3.

Link to post
Share on other sites

Also, if self-protection is active in Malwarebytes, you will not be able to rename, move or delete the Malwarebytes desktop shortcut (you'll see an "Access Denied" error most likely), however turning off self-protection in Malwarebytes should resolve this.  But keep in mind that this only applies to the Malwarebytes desktop shortcut, not any other software's shortcuts or non-Malwarebytes files.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.