Jump to content

Recommended Posts

For anyone affected by this issue who is running with Web Protection disabled, if you are using Chrome (or any Chromium source code based browser, including SRWare Iron, Chromium etc.) or Firefox (or any other Mozilla source code based browser) you may install the Malwarebytes browser extension beta.  While it doesn't replace entirely the functionality of the Web Protection component, it can at least help make your web browsing much safer than having no protection.  It doesn't necessarily block all of the malicious content that the Web Protection module does, but it does have the ability to block some things that Web Protection doesn't because it uses signature-less behavior based detection to block specific types of web threats including tech support scam sites, clickbait links (which are often host to malware and/or exploits), phishing sites, ads and ad tracking servers and more.  When used alongside the Web Protection component it can actually make your browsing faster since it connects to the Web Protection component in Malwarebytes 3 to augment its functionality so when this issue with Web Protection is fixed, you can keep using the plugin to reap its benefits, but until then at least you'll have some protection when surfing the web.

The plugins are available at the following links along with more info about them:

Chrome
Firefox

For the moment they are free for anyone to use, however I do not know if that will be the case once they come out of beta as they may be integrated into Malwarebytes 3 as one of its Premium features for paid users.  I haven't received final confirmation on what the company plans to do with them after testing is completed so I definitely recommend taking advantage of them for now while they are still available to everyone free of charge (even if you aren't using the paid version of Malwarebytes).

Share this post


Link to post
Share on other sites

Thanks for the update. Currently, I have Avast Internet Security, which does some blocking and Avast browser extension. I hope a fix is found soon.

Share this post


Link to post
Share on other sites

Well I am into day 3 of running MBAM 3.5.1 with web protection disabled and ESET Antivirus installed on Windows7 and no BSOD but time will tell.

Share this post


Link to post
Share on other sites
1 minute ago, frozen said:

Well I am into day 3 of running MBAM 3.5.1 with web protection disabled and ESET Antivirus installed on Windows7 and no BSOD but time will tell.

I'm in day 6 with 3.5.1 web protection disabled, running Avast IS, and no BSOD. I have a little over 2 months left on my year subscription and hope this gets sorted out before then. 

Share this post


Link to post
Share on other sites

Windows 7-SP1-x64

Running Avast Free

Running 3.5.1 Premium all updates. Never rolled back to 3.4.5.

Web protection disabled going on 10 days.

System is ROCK SOLID ... zero BSOD since disabling Web protection.

 

Share this post


Link to post
Share on other sites
19 hours ago, exile360 said:

For anyone affected by this issue who is running with Web Protection disabled, if you are using Chrome (or any Chromium source code based browser, including SRWare Iron, Chromium etc.) or Firefox (or any other Mozilla source code based browser) you may install the Malwarebytes browser extension beta. 

As a interim, I just added the MWAB extension to FF 61.

FWIW, I've still not been able to reinstall MWAB into my test VM since removing it.  I gotta think something did not get cleaned up in the registry and the MWAB "cleaner" is missing something with this newer version.  I'm hoping the engineering teams find the root cause soon!  TY and have a great upcoming holiday! 

Edited by gattaca
spellings

Share this post


Link to post
Share on other sites

Alsa got my first BSOD since disabling web protection. One thing is that I installed MWAB to Chrome and Chrome was running at the time. I use Vercrypt to encrypt sensitive information and I have 1.22 installed on this system I was in the process of updating the traveller disk aka a USB flash drive which I use elsewhere. The traveller disk option was run from the Veracrypt app and Veracrypt traveller disk said it was stopped responding. I also had received the Windows pop up notice to that effect. I killed off Veracrypt in the process list and shortly after that the system crashed with a 1E crash. Upon analysis here it pointed to Glasswire sys driver. I am using Glasswire 1.0 which has been deprecated simply as a software firewall. I rebooted the system and performed the traveller disk creation process without any BSOD.

 

Crash dump directories:
C:\Windows
C:\Windows\Minidump

On Sat 6/30/2018 8:41:55 AM your computer crashed or a problem was reported
crash dump file: C:\Windows\MEMORY.DMP
This was probably caused by the following module: gwdrv.sys (gwdrv+0x424E)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF8800BA4FEB0, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\gwdrv.sys
product: GlassWire
company: SecureMix LLC
description: GlassWire Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: gwdrv.sys (GlassWire Driver, SecureMix LLC).
Google query: gwdrv.sys SecureMix LLC KMODE_EXCEPTION_NOT_HANDLED



 

Share this post


Link to post
Share on other sites

Both Glasswire and Web Protection in Malwarebytes 3 use WFP (Windows Filtering Platform) APIs for their functionality (the same technology that the Windows Firewall in Vista and newer Windows versions is based on) so it could definitely be related.

Share this post


Link to post
Share on other sites
31 minutes ago, exile360 said:

Both Glasswire and Web Protection in Malwarebytes 3 use WFP (Windows Filtering Platform) APIs for their functionality (the same technology that the Windows Firewall in Vista and newer Windows versions is based on) so it could definitely be related.

Well I have just now disabled the Chrome Extension for MBAM to see if any further BSOD occurs. I have had Glasswire 1.0 installed on this box for years and version 1 being deprecated it is no longer being updated.

 

Edited by frozen

Share this post


Link to post
Share on other sites

Have you tried Malwarebytes with Glasswire disabled/removed?  It's possible that there's a conflict with the older version and Malwarebytes contributing to this situation.  I'm just thinking that it might be more than a coincidence that you're getting BSODs from the Malwarebytes component that uses WFP when running alongside an old version of another app that also happens to use WFP for what it does.

As for the browser plugin, it shouldn't be causing any BSODs since it operates directly within the browser just like ad blockers and similar apps so it isn't messing with the network stack at all or plugging into the WFP subsystem the way that Web Protection in Malwarebytes does or the way that a firewall would.  I'm not saying it's impossible, just extremely unlikely.

Share this post


Link to post
Share on other sites
2 hours ago, exile360 said:

Have you tried Malwarebytes with Glasswire disabled/removed?  It's possible that there's a conflict with the older version and Malwarebytes contributing to this situation.  I'm just thinking that it might be more than a coincidence that you're getting BSODs from the Malwarebytes component that uses WFP when running alongside an old version of another app that also happens to use WFP for what it does.

As for the browser plugin, it shouldn't be causing any BSODs since it operates directly within the browser just like ad blockers and similar apps so it isn't messing with the network stack at all or plugging into the WFP subsystem the way that Web Protection in Malwarebytes does or the way that a firewall would.  I'm not saying it's impossible, just extremely unlikely.

I haven't removed Glasswired because if I do it will remained uninstalled. This because Glasswire has removed the download link for last version of Glasswire 1.2.121 version off their site. I only have an older version of the software and it will not update to that version I believe it will update to the much more limited free version 2.x. All I am using Glasswire for is blocking certain apps from outbound connections. With Glasswire 2.x I would have to pay $57 Cdn a year to allow me to block outbound connections on one computer.

Share this post


Link to post
Share on other sites

You should be able to find the older version's installer here if you need it (they have 3 pages of older builds of Glasswire in that list).  FileHippo is a reputable site that archives previous versions of software and a good resource if you need to grab an older version of something which is no longer available.

Share this post


Link to post
Share on other sites

By the way, if all you require is a free firewall to block outbound connections for specific apps, then there are plenty of options available.  I myself using Windows 10 Firewall Control by Sphinx Software.  They have a free version with basic functionality, including prompting you to allow or block any app that tries to connect to the web on your PC.  Like Glasswire, it too uses the built in WFP functionality in modern Windows versions and although it's named Windows 10 Firewall control, it is compatible with all Windows versions since Vista (I'm using it on Windows 7 x64 currently).

Share this post


Link to post
Share on other sites

Hi, any ETA on this? Add me to the list of crashes... I just bought MBAM premium for myself, dad, and sister after singing it's praises and waiting for webroot's protection to expire. Now as soon as I buy it, im crashing. Figures..

Share this post


Link to post
Share on other sites

Ok mates, been dealing with this headache since yesterday. Same BSOD, same .sys (netio.sys) but different .EXE in my case Agent.exe, related to the BattleNet game platform. More precisely when a game suddenly starts to download a new patch (in my case World of Warcraft). After a couple of minutes of downloading the yet-to-come patch, i'm getting the BSOD. But if i just open the game itself,no BattleNet launcher in the middle, it works like a charm and i dont get a single BSOD. Just disable the Web Protection as said in this thread and it seems to have solved (3h without issues so far). Don't know if this helps much, just wanted to help you guys from Malwarebytes team. We go waaaaayyyy back ;) gonna stick with my homies, you've never failed me!! Heads up when this issue is fixed, mates.

Share this post


Link to post
Share on other sites
3 minutes ago, shadowownz said:

Ok mates, been dealing with this headache since yesterday. Same BSOD, same .sys (netio.sys) but different .EXE in my case Agent.exe, related to the BattleNet game platform. More precisely when a game suddenly starts to download a new patch (in my case World of Warcraft). After a couple of minutes of downloading the yet-to-come patch, i'm getting the BSOD. But if i just open the game itself,no BattleNet launcher in the middle, it works like a charm and i dont get a single BSOD. Just disable the Web Protection as said in this thread and it seems to have solved (3h without issues so far). Don't know if this helps much, just wanted to help you guys from Malwarebytes team. We go waaaaayyyy back ;) gonna stick with my homies, you've never failed me!! Heads up when this issue is fixed, mates.

Weird, mins happened when i was downloading the overwatch update. IO started researching it immediately and arrived to turning off the web filtering and kept going with the update, no problems since.

Maybe something to do with battle.net?

Share this post


Link to post
Share on other sites

Thanks for these reports, can you also provide the logs mentioned in the post below so we can try to reproduce internally?

 

Share this post


Link to post
Share on other sites

I installed 3.4.5 over 3.5.1 and have not got a single BSOD since then. Cleaned cache and registry and done.

I don't use NOD32 but I have Microsoft Security Essentials.

Share this post


Link to post
Share on other sites

I triggered a BSOD today for NETIO.SYS, it has been ok since my last report few weeks ago, I know MB has updated since then, but this time I managed to get system dmp files, I have zipped and uploaded it to my website server for your evaluation.

The event that triggered the BSOD was simply me uploading a JPG for an avatar pic via firefox browser at avid.com the system dmp file location has been messaged to admin.

Cheers

Ryan

Edited by risey

Share this post


Link to post
Share on other sites

Its bee close to 1 week without Glasswire 1.0 running but Eset Antivirus installed and MBAM 3.5.1 running without Web protection. No BSOD so far but one never knows with this issue..

Share this post


Link to post
Share on other sites

After my last BSOD on 6-23 I disabled web protection on 3.5.1 and have not had another one since. Malwarebytes is the first and only paid for spyware prevention product I've purchased. I did so in Sept of last year. Since then MB has had two problems with their updates. From 1995 to Sept 2017 using freeware versions I had none. So, come Sept when my paid subscription expires I will have a big decision to make.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.