Jump to content
JimOPI

ANSWERED Exploit protection will not turn on since update to 3.4.5

Recommended Posts

I had been running MBAM Pro version 3.4.4 with no problems.

A couple of days ago I updated to version 3.4.5 (mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4566) and now the Exploit protection will not turn on.

On the System tray Icon the Exploit protection is greyed out.

Running Windows 7 64-bit and MSE is turned off.

No other A/V's are installed.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites
1 minute ago, JimOPI said:

I re-installed version 3.4.4 and all is working fine again.

If you could upgrade once more to 3.4.5 and see if it will work now, if not provide the requested logs so we can see what is going on.

Share this post


Link to post
Share on other sites

I upgraded up to 3.4.5 again and it fails the same.

I ran the instructed programs from above, then attached the resulting mb-check-results.zip file.

Hope I did it correctly. 

 

mb-check-results.zip

Share this post


Link to post
Share on other sites

Can you please try the following:

  1. Press Windows Key + R to bring up the run dialog
  2. Type cmd into the box that comes up and click Ok
  3. In the black box that  comes up, type sc query winmgmt and press Enter
  4. Take a screenshot of the results and post them in your reply

Share this post


Link to post
Share on other sites

According to one of the FRST logs, WMI is missing or broken.  That will cause Malwarebytes (and a lot of other software and OS components) to fail.  Please do the following and it should correct the issue:

Tweaking.com Windows Repair All-in-One

  • Download Tweaking.com Windows Repair from here and install it or if you would prefer, you may instead download and extract the portable version from here
  • Once installed or extracted, launch Repair_Windows.exe
  • Click on the Repairs - Main tab
  • Click on the Open Repairs button
  • Once it displays the list of repairs, click the checkbox next to All Repairs so that everything listed is UNCHECKED
  • Now, click the checkbox next to Repair WMI so that it is checked
  • Click on the Start Repairs button at the bottom
  • Once it completes, allow it to restart your system

Once that's done, see if Malwarebytes now works properly.  Please let us know how it goes.

Thanks

Share this post


Link to post
Share on other sites

WMI does show that its running, lets go ahead and run this repair just in case something is up with WMI

Tweaking.com Windows Repair All-in-One

 

  • Download Tweaking.com Windows Repair from here and install it or if you would prefer, you may instead download and extract the portable version from here
  • Once installed or extracted, launch Repair_Windows.exe
  • Click on the Repairs - Main tab
  • Click on the Open Repairs button
  • Once it displays the list of repairs, click the checkbox next to All Repairs so that everything listed is UNCHECKED
  • Now, click the checkbox next to Repair WMI so that it is checked
  • Click on the Start Repairs button at the bottom
  • Once it completes, allow it to restart your system

 

Once that's done, see if Malwarebytes now works properly.  Please let us know how it goes.

Share this post


Link to post
Share on other sites

Per exile 360 I downloaded and ran Windows Repair AIO and followed all instructions.

MBAM 3.4.5 fails the same

I then re-ran FRST64.exe, and then MB-Check again.

Attached is the results file

mb-check-results.zip

Share this post


Link to post
Share on other sites

I believe running an MB-Clean procedure will hopefully correct the issue you're having.

Please follow the direction in this topic to remove Malwarebytes and reinstall it.

 

Please give that a try and let me know the results.

Thanks

Ron

 

Share this post


Link to post
Share on other sites

The issue seems to be resolved. :)

Per the "Advanced Setup Staff" instructions above, I downloaded and ran mb-clean. I had much trouble because the referenced instructions from respinoza on how to run mb-clean did not tell me to first log off of my Standard user account and log in to my Administrator user account before starting the sequence.

(all good users should be running as a Standard user). Trying the sequence as a Standard user messed me up good.

Anyway, I was finally successful in running everything and reinstalling MBAM Premium and all seems OK in both my Admin user account and my Standard User account.

Thanks for the assistance.

Share this post


Link to post
Share on other sites

Sorry for the issue and thank you for your feedback @JimOPI we'll see about adding some updates to the procedure soon. 

Glad all is working well for you now

Take care

Ron

 

Share this post


Link to post
Share on other sites
6 hours ago, JimOPI said:

The issue seems to be resolved. :)

Per the "Advanced Setup Staff" instructions above, I downloaded and ran mb-clean. I had much trouble because the referenced instructions from respinoza on how to run mb-clean did not tell me to first log off of my Standard user account and log in to my Administrator user account before starting the sequence.

(all good users should be running as a Standard user). Trying the sequence as a Standard user messed me up good.

Anyway, I was finally successful in running everything and reinstalling MBAM Premium and all seems OK in both my Admin user account and my Standard User account.

Thanks for the assistance.

Just FYI, it's always best whenever installing or uninstalling any software, no matter what it is, to do so from an administrative user account (or at least run the installer/uninstaller as admin, though not ideal and this may not always work correctly) because the vast majority of locations that software installs to/writes to and therefore uninstallers delete from are protected, privileged locations requiring administrative permissions to modify.  This is the primary advantage of using a limited/standard user account, and why it is (theoretically) so much more secure than an administrative user account because back when malware worked more like traditional software and attempted to write to these locations, a standard user account would deny it access unless the user authorized the action via User Account Control.

Of course since the launch of Windows Vista in late 2006/early 2007, malware authors have wised up and typically no longer write to these locations at all, instead choosing to write to locations in the registry and within the filesystem where a standard/limited user/process has complete write access.  This is why you see so many Trojans and the like using %TEMP% and similar per-user locations these days as well as the HKCU hive in the registry rather than the system-wide HKLM and HKCR keys.

So while it is in theory more secure to use a limited user account, in reality it does little to nothing to prevent the vast majority of modern threats, and of course if the user approves an administrative action through User Account Control, believing the malware is legitimate, then it doesn't matter anyway (this is how most PUPs are able to install, since the user is installing a piece of software they desire and thus allow it to have the privileges required, which gives the same permissions to the PUP bundled with it).

This is also why so many threats that do require administrative privileges use social engineering techniques to fool the user into allowing them to run and to grant them administrative rights rather than attempting to launch silently in the background without warning as they typically would in the XP days.

By the way, thanks to User Account Control, an administrative user account is pretty much just as safe as a limited/standard user account (as long as UAC is active/enabled, of course).  In the Windows XP days things were different, but since the implementation of UAC and the Secure Desktop (which prevents things like malware hijacking control of your mouse and keyboard to attempt to automate the UAC approval process, which is why the screen goes dark) it's far more difficult for a threat to gain admin level access without the user being notified/warned before it happens and this is why most modern threats avoid it altogether and instead focus on per-user locations.

I know all of this because I've been entrenched in the subject since Vista was in pre-beta, so I learned all about permissions, access rights, different user account types, standard vs admin vs system level permissions and of course, User Account Control.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.