Jump to content
DimGian

component update 1.0.390 beta

Recommended Posts

All 3 boxes checked under internet properties here, too.

I'm on Win8.1 Pro, kept up to date except for the obnoxious GWX KB's.

It's probably worth noting that the last release of AdGuard introduced TLS1.3 as the default for all sites that support it, with a fallback to 1.2. Disabling 1.3 in AdGuard settings didn't change the outcome, however. Though that's not suprising, considering the issue has thus far been isolated to non-https connections.

Share this post


Link to post
Share on other sites

TLS 1.3 is the newer standard.  You do want that enabled.

There is  another possibility you need to be aware of.  Some antivirus apps do monitor and filter communications ( including the web addresses, whether secure or insecure).

I believe at least two of you have ESET.   It would be worthwhile to check  out  ESET settings  and do some short tests.

turning off one of the following settings in ESET  and then turning it back on may help out.

  • Enable application protocol content filtering
  • Enable SSL/TLS protocol filtering

 

 

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

If are you experiencing this issue and have not provided logs, please provide the logs mentioned in post #2 above so we can diagnose what's going on here. Thanks.

Edited by dcollins

Share this post


Link to post
Share on other sites
41 minutes ago, Maurice Naggar said:

There is  another possibility you need to be aware of.  Some antivirus apps do monitor and filter communications ( including the web addresses, whether secure or insecure).

I believe at least two of you have ESET.   It would be worthwhile to check  out  ESET settings  and do some short tests.

turning off one of the following settings in ESET  and then turning it back on may help out.

  • Enable application protocol content filtering
  • Enable SSL/TLS protocol filtering

 

 

Could you please clarify what would be the best procedure?

For example, right now I am using ESET Internet Security and Malwarebytes Premium but with "Web Protection" OFF. Should I disable one of the ESET features mentioned above, then enable Malwarebytes "Web Protection" and then re-enable the ESET feature I disabled?

Share this post


Link to post
Share on other sites

@DimGian if you disable ESET entirely and then turn on Malwarebytes Web Protection, does the issue go away? I'm not saying this is the best solution, but rather it would be a test to see what's at the root cause of the issue.

Share this post


Link to post
Share on other sites
1 hour ago, dcollins said:

@DimGian if you disable ESET entirely and then turn on Malwarebytes Web Protection, does the issue go away? I'm not saying this is the best solution, but rather it would be a test to see what's at the root cause of the issue.

Web Protect "ON: I tried Maurice's (2) ESET Turn Off/Back On (they're in the Web - Email section) individually, careful to Clk Out and OK the UAC each time. No luck.

With Web Protect "OFF" I Disabled ESET Protect/Paused FW, Turned Web Protect back "ON" ..... No luck. I'm seeing "Waiting on Mozillazine.com" vs TLS Handshake.

w/.390 .... Web Protect Off still the fix. I'm Win 7-64 SP1 Hm Prem.

Edited by CraigS

Share this post


Link to post
Share on other sites
57 minutes ago, CraigS said:

Web Protect "ON: I tried Maurice's (2) ESET Turn Off/Back On (they're in the Web - Email section) individually, careful to Clk Out and OK the UAC each time. No luck.

With Web Protect "OFF" I Disabled ESET Protect/Paused FW, Turned Web Protect back "ON" ..... No luck. I'm seeing "Waiting on Mozillazine.com" vs TLS Handshake.

w/.390 .... Web Protect Off still the fix. I'm Win 7-64 SP1 Hm Prem.

Forgot the ZIP File.     Ref .390  &  HTTP:// No-Loads .......

You have to Turn-Off Web Protect to Dnload the (http://) FRST and I at first forgot to Turn Web Protect back ON B4 running the Analysis Tool.

Results with .390 Comp Pkg & Web Protect & ESET "ON".

 

mbst-grab-results.zip

Edited by CraigS

Share this post


Link to post
Share on other sites

Why all the focus on Eset? I don't use it and I have the same problem as the others.

Yes, even turned Avast protection OFF and the problem was still there. I turned of SAS paid, WinPatrol pd and the same problem.

So, it is not just an Eset problem,or so it seems. It appears to be a MBAM problem.

It started on mine several days ago when Comcast had that major problem and I just thought it was their fault and never suspected anything else until I started searching and experimenting. 

So, get off that single minded Eset cause, IMHO.

If you actually think my sending in some report will help, tell me exactly how to do it and what to turn off and on before doing it, and I will do it.

Thanks,

Edited by Buffalo
added info

Share this post


Link to post
Share on other sites

@Buffalo we do not believe the issue is an ESET problem, just that it exposes whatever compatibility issue is going on. We have been able to reproduce this issue with a few different AV's in house and we are working on a solution now.

That being said, in our testing with Avast, disabling Avast does in fact solve the problem. Specifically, disabling the Avast Web Shield. Can you double check that Avast is disabled properly on your machine and if you're still getting the block, please follow the steps below to gather some logs:

  1. Download and run the Malwarebytes Support Tool.
  2. Accept the EULA and click on Advanced Options on the main page.
  3. Click Gather Logs and wait for the process to finish.
  4. Once it finishes, please upload mbst-grab-results.zip from your desktop to your reply.

Share this post


Link to post
Share on other sites

To muddy the water ....  (2nd time/ 1st didn't Help) I just tried again Maurice's ESET Disable in Web-Email section - Enable application protocol content filtering - and then Turn Back On ... and Firefox Forum is loading again. -- Web Protect is "ON". -- This Re-Try was because I couldn't log into the John Hancock site even with https ( https://www.jhannuities.com ). & Firefox popup said it was Unverifiable Security Issue and to Try the Same ESET OFF / Back ON as Maurice suggested here. Had an Avast section too in popup.

I'm sure I Turned App Protocol Content Filter Back ON the last time for success BUT NOW It only loads http with the Filter OFF. Turning back On fails now.

I'll watch awhile as nothing I do to net success repeats & I don't want to confuse things.

Edited by CraigS

Share this post


Link to post
Share on other sites

I tried it with all Avast shields disabled several days ago and it didn't help. Today I tried it with all Avast shields disabled and also with just the Avast web shield disabled and it worked.

I don't know why it didn't work earlier when I disabled the Avast shields but it does now. Perhaps operator error. :(

So far so good. Now I have to decide which 'web shield' I should use.

Thanks,

Buffalo

Edited by Buffalo
emoticon

Share this post


Link to post
Share on other sites
14 hours ago, Buffalo said:

I tried it with all Avast shields disabled several days ago and it didn't help. Today I tried it with all Avast shields disabled and also with just the Avast web shield disabled and it worked.

I don't know why it didn't work earlier when I disabled the Avast shields but it does now. Perhaps operator error. :(

So far so good. Now I have to decide which 'web shield' I should use.

Thanks,

Buffalo

I use Avast as well. Have you tried disabling HTTPS scanning?

Click menu> settings> components

Then click customize on the same tab as the web shield. Then uncheck enable HTTPS scanning. It might help you.

Share this post


Link to post
Share on other sites
6 hours ago, Sfrush said:

I use Avast as well. Have you tried disabling HTTPS scanning?

Click menu> settings> components

Then click customize on the same tab as the web shield. Then uncheck enable HTTPS scanning. It might help you.

I just tried that "disabling HTTPS scanning and it didn't help.I am using "weather.com" as my test URL. I tested on different browsers.

I also unchecked everything in there except the "Enable Web Scanning" box and it still didn't work.

I then unchecked EVERY BOX in the Web Shield customize page and closed out and it still did not work.

But when I turned Web Shield to OFF everything worked. Unchecked all and it didn't help BUT turning Web Shield itself to OFF does. Must be another component in there you can't turn off or on. 

Hopefully MBAM experts will figure it out shortly.

Happy 4th of July.

Buffalo

 

Share this post


Link to post
Share on other sites

p.s.  In the process of splitting off one post, and putting it elsewhere, ran into some edit issues.   As a result, you may notice this thread's subject line changed.

Apologies.

 

As far as the gist of this thread goes, it is fair to say that there is a handful of 3rd party AV products  ( such as AVG, Avast, Eset) that need some specific adjusting.

Products that have web shields ( web guards) often need extra attention.

Share this post


Link to post
Share on other sites
15 hours ago, Maurice Naggar said:

p.s.  In the process of splitting off one post, and putting it elsewhere, ran into some edit issues.   As a result, you may notice this thread's subject line changed.

Apologies.

 

As far as the gist of this thread goes, it is fair to say that there is a handful of 3rd party AV products  ( such as AVG, Avast, Eset) that need some specific adjusting.

Products that have web shields ( web guards) often need extra attention.

Meaning We go to them for a Solution - Or - you guys are still researching it for an Mbam fix?

No issues until Comp Pkg .374 (AT&T Hm Pg Block) and .390 (no http loading)/ Eleventeen can't load most sites is in special category.

Share this post


Link to post
Share on other sites

In the ESET settings,   you should try  turn off

  •  application protocol content filtering
  •  SSL/TLS protocol filtering

Share this post


Link to post
Share on other sites

We are still working on a solution from the Malwarebytes side of things to see if we can resolve the compatibility issue.

Share this post


Link to post
Share on other sites
6 hours ago, dcollins said:

We are still working on a solution from the Malwarebytes side of things to see if we can resolve the compatibility issue.

Well, it was most likely something that MBAM changed to cause the problem. Might not be your fault, but if you revert back to the way it was before the problem started and then WAIT until you get it figured out, no matter whose fault it was.is) that would be beneficial to those of us with that problem.

Thanks,

PS: Where's Diesel when you need him? :)

Share this post


Link to post
Share on other sites
20 minutes ago, Buffalo said:

Well, it was most likely something that MBAM changed to cause the problem. Might not be your fault, but if you revert back to the way it was before the problem started and then WAIT until you get it figured out, no matter whose fault it was.is) that would be beneficial to those of us with that problem.

The problem with that approach is that several bugs, both major and minor, with Web Protection have been fixed over the past few releases of Malwarebytes, so reverting the code would cause all of those problems to return, some of which were failure of Web Protection to run at all, as well as several BSOD issues.  I believe there have also been enhancements to Web Protection to add new blocking capabilities which are now in use by the Research team, so rolling back those changes would also mean that there would be some improved methods for blocking known and unknown malicious content that would no longer be functional.  There also may be dependencies for other components such as MBAMService, which itself interacts with all of the protection drivers/components, so to roll back just the Web Protection component would also mean they'd likely have to roll it back as well along with changes made to the other protection components.  Unfortunately with a product of this complexity, rolling back the code is no simple feat and at this point, without knowing the exact cause(s) it would also mean that they'd be blindly seeking bugs in the code that they have yet to fully understand.  If the Quality Assurance team (the product testers) can gather enough data from affected users, then they should be able to isolate the exact circumstances to reliably replicate this issue which should aid the Developers in tracking down the exact cause(s) and writing a solution into the code, but until that happens they're probably just going to have to keep gathering reports and data from affected users.

The only potential action which might aid them in tracking down the issue faster would be to write a special debug build of the driver (and likely the service) to have Support deploy to affected users so that they can get raw data from the malfunctioning components on precisely what they are doing when these issues occur.  That would likely illuminate precisely where the problem in the code is, but I don't know if they are planning to take that approach or not as there are also certain risks in exposing that much of the internal workings of their code publicly.  Ideally, if QA could replicate all of these scenarios, then the Devs could provide them with debug builds to ferret out the issue(s), but with so many different hardware and software configurations involved, that seems unlikely as we see systems which appear pretty much identical where one user is having this problem yet others are not so even though there appear to be a wide array of affected systems and configurations, the actual number of affected users with common configurations seems like a fairly small sub-set of the total number of users running those configurations, especially when you factor in the vanilla Windows installations where none of the apparently affected AVs are installed (like ESET and Avast! Antivirus).

My suspicion is that this isn't actually one issue at all, but is actually several issues which display similar symptoms but have an array of trigger mechanisms.  Likely some kind of race condition where, when certain factors are present, the Web Protection component misinterprets its block list/databases resulting in sites and processes being blocked which should not be.  That means the problem has to do with the WFP APIs in use in the Web Protection component or the database interpreter built into the service/driver, so it may even be revealed that the root cause is a bug in Microsoft's own APIs which is being exposed by one or more of the recent changes in Malwarebytes 3's Web Protection component (it wouldn't be the first time an MS API bug was uncovered by Malwarebytes' Developers implementation of them; I know because I was Product Manager for Malwarebytes years ago when precisely that situation occurred, and incidentally it just so happened to be Web Protection that exposed it).

Whatever this bug is, it seems to be a tough nut to crack and either way, I do hope the Developers figure it out and get it fixed soon.

Share this post


Link to post
Share on other sites

Apologies for disappearing - it's been a bit of a crazy week and I basically just kept MBAM web protection disabled until today. With the 1.0.391 component update, things are much better! I'm able to connect to sites with both MBAM and ESET enabled, and everything seems to be back to normal. Thank you Malwarebytes guys! ?

Share this post


Link to post
Share on other sites

I just turned on the Avast Web Protection and everything is working properly so far, so it seems

I guess it was a MBAM problem after all, as most of us thought. 

But THANKS for fixing it.  Kudos!!!!

Buffalo

 

Share this post


Link to post
Share on other sites
12 hours ago, exile360 said:

That's great guys, thanks for confirming that the beta has corrected the issues.

Happy for those 2 guys.

I don't want to Turn-Off ESET Modules so I'll live with Web Protection being "Off". I still can't load -- http -- sites with it On but it isn't worth a project just for one guy..... And, http should be disappearing in time so it won't matter then.

Share this post


Link to post
Share on other sites
8 minutes ago, CraigS said:

And, http should be disappearing in time so it won't matter then.

This is true.  The efforts of the likes of Google, Microsoft and others is putting a lot of pressure on hosts to make the permanent switch to HTTPS, and soon.  In fact, I don't think Chrome will even allow you to visit HTTP sites any more, at least not without a block/warning that you must override; at least the last I heard, that was their plan (not sure if they've actually implemented it yet, but if they haven't, they will in one of their upcoming builds).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.