Spritesprint #1 Posted July 23, 2018 (edited) Hi, my MBAE beta updated from 1.12.1.90 to 1.12.1.97 today and I came here to check release notes which don't exist yet... Anyway, straight away I started having issues with, definitely chrome but also maybe firefox where pages just didn't even attempt to load. This happens frequently with chrome and even when closing the browser the chrome processes persist. Killing them and trying again the web pages may load and if not when closing the processes persist again. Reverting to 1.12.1.90 resolves this issue. With the issue present I couldn't even load chrome settings, extension settings or browsing history clear pages. Thanks for reading. p.s. are there any plans to ever support Vivaldi as a default shield? :) *edit* I've just tried this on a second PC and the issue is present there too. Both PCs running Windows 7 64 bit. Edited July 23, 2018 by Spritesprint another PC same issue Share this post Link to post Share on other sites
Aeternum #2 Posted July 23, 2018 Can confirm, update breaks Chrome/chromium builds >60.0 at least. Doesnt seem to affect my old build of chrome (50.0) tho Share this post Link to post Share on other sites
Shep7000 #3 Posted July 23, 2018 Yep, same here Chrome 67.0.3396.99 Windows 10 Pro 1803 build 17134.165 Share this post Link to post Share on other sites
Kassandra #4 Posted July 23, 2018 OMG after (only luckily!) 2 hours of bitching around with Opera resetting and reinstalling stuff I finally found it was because of this. So yeah big fatty problems. I could only load pages in a new tab after restarting the browser for like 10 sec or so and then nothing would work anymore inside that new tab or any other tab, not even going to settings and opera://flags or the extensions. I even deinstalled all extensions and then tried reinstalling them but they wouldnt install back anymore. Firefox on the other hand seems to be working fine tho, apart from one crash which I haven't experienced before in a very long time. But that may either be due to that I tried to close it too quickly after opening it, but yes it could very well be because of MBAE. I didn't try Chrome yet, so can't confirm that. Win 10 - 1709, 16299.551 Opera 54.0.2952.60 Share this post Link to post Share on other sites
cousinit99 #5 Posted July 24, 2018 +1 The issue is just as the OP described. Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present. For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually. Share this post Link to post Share on other sites
CompCav #6 Posted July 24, 2018 I have Chrome version 67.0.3396.99 and it broke it. When I deactivate chrome works fine. So new version of MBAE is bad with chrome. Share this post Link to post Share on other sites
DougCuk #7 Posted July 24, 2018 (edited) Agree - there are big problems with Chrome v67 and v68 Opening links in a new tab gives blank page (endless loading), attempting to add extensions freezes during "Checking", attempting to open internal chrome pages freezes with blank page (eg Extensions, Settings) and chrome.exe modules remain resident after closing program - preventing a reload. Reverting to build 90 solves all issues. Edited July 24, 2018 by DougCuk Share this post Link to post Share on other sites
Spritesprint #8 Posted July 24, 2018 11 hours ago, cousinit99 said: +1 The issue is just as the OP described. Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present. For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually. Yeah I had an issue on one machine where MBAE didn't appear to be running, even after re-installs. Easy fix though, I made sure the folder in program files was gone and deleted the Malwarebytes Anti-Exploit folder in c:\programdata (which is a hidden folder), re-installed (after disabling the network connection so that it didn't auto update and I could therefore disable auto updates) and it worked fine. I just wish it didn't nag you so much to update when you have disabled auto updates because inevitably a user will go to the PC, see an update and click to do it and then wonder why chrome isn't working. Share this post Link to post Share on other sites
Bytesuser #9 Posted July 24, 2018 Same here Chrome v.66 on Windows 10 Pro 64 bit 1703 build 15063.0 Share this post Link to post Share on other sites
Bytesuser #10 Posted July 24, 2018 Same here Chrome v.66 on Windows 10 Pro 64 bit 1703 build 15063.0 Share this post Link to post Share on other sites
rayny2e4034 #11 Posted July 24, 2018 Same issue here with Chrome being blocked. Can someone please help me to find the previous version 1.12.1.90 and advice as to how i can revert back to it? Any help is much appreciated,Thank you in advance.. Share this post Link to post Share on other sites
Spritesprint #12 Posted July 24, 2018 17 minutes ago, rayny2e4034 said: Same issue here with Chrome being blocked. Can someone please help me to find the previous version 1.12.1.90 and advice as to how i can revert back to it? Any help is much appreciated,Thank you in advance.. https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-112-build-90-released/ Previous build is linked for download in that post. Uninstall your current build, download build 90, disable your network adapter so it doesn't auto update and install build 90, go to settings and untick automatically upgrade...then enable your network adapter. Share this post Link to post Share on other sites
cutting_edgetech #13 Posted July 24, 2018 Just for informational purposes: I have not ran into any problems yet using build 1.12.1.97, and I have been using it for 2 days now. I have not rebooted since upgrading. Maybe it requires a reboot before problems begin. I'm using Firefox, and Chrome. I'm using Windows 10 X64 Pro version 1709. Share this post Link to post Share on other sites
BlueFin #14 Posted July 24, 2018 Further to this behaviour (me too), version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho. Added a new outbound firewall rule to take care of that invasion. Share this post Link to post Share on other sites
rayny2e4034 #15 Posted July 24, 2018 Thank you very much SpriteSprint, i'll do as you suggest and hope for the best. I appreciate you taking the time to reply and for the great info you provided for me. Share this post Link to post Share on other sites
Kassandra #16 Posted July 24, 2018 Aside from the browser problems that everyone mentioned here I also found out that one of my Win10 Store Apps doesn't work properly. Horizon TV app. I had to login with my account, which normally isn't needed anyway except for the very first time having it installed ofcourse. Then after login the app works for a split second and then crashes and restarts, then it goes back to asking me to log in again. It continues like that. Share this post Link to post Share on other sites
dcollins #17 Posted July 24, 2018 Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available Share this post Link to post Share on other sites
Bytesuser #18 Posted July 24, 2018 (edited) 54 minutes ago, dcollins said: Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages. 4 hours ago, BlueFin said: Further to this behaviour (me too), version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho. Added a new outbound firewall rule to take care of that invasion. I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install. Opening the above address in Firefox I get: The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. 83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN And then pinging: c:\>ping -a 83.56.43.254 Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data: Reply from 83.56.43.254: bytes=32 time=66ms TTL=45 Is this ok? Edited July 24, 2018 by Bytesuser Share this post Link to post Share on other sites
cousinit99 #19 Posted July 24, 2018 3 hours ago, dcollins said: Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available Just got the auto-update notification for this. A little warning before the instantaneous, no-chance-to-save-anything reboot would've been nice. Share this post Link to post Share on other sites
tacua #20 Posted July 24, 2018 3 hours ago, dcollins said: Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available Tried the new test beta, seems to work fine. Canary ver. 70.0.3501.2 is still listing MBAE 1.12.1.100 as incompatible software, but it is working now. I believe eventually Google Chrome has said that it will delete incompatible software. Canary is just an omen of what regular Chrome will become. Share this post Link to post Share on other sites
Aeternum #21 Posted July 25, 2018 Seems be be working for chromium 63 with new update Share this post Link to post Share on other sites
Darkdirk #22 Posted July 25, 2018 12 hours ago, Bytesuser said: Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages. I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install. Opening the above address in Firefox I get: The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. 83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN And then pinging: c:\>ping -a 83.56.43.254 Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data: Reply from 83.56.43.254: bytes=32 time=66ms TTL=45 Is this ok? I noticed this exact same thing yesterday around 8pm. A big spike of outbound traffic to 83.56.43.254. Considerably more being uploaded than being downloaded. Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me. Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address? Share this post Link to post Share on other sites
Bytesuser #23 Posted July 25, 2018 13 minutes ago, Darkdirk said: I noticed this exact same thing yesterday around 8pm. A big spike of outbound traffic to 83.56.43.254. Considerably more being uploaded than being downloaded. Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me. Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address? Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address: 52.0.161.176:443. It seems to be a major change... Then pinging: c:\>ping -a 52.0.161.176 Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data: Request timed out. Request timed out. Probably a Malwarebytes server hosted on Amazon AWS. Share this post Link to post Share on other sites
Spritesprint #24 Posted July 25, 2018 except 83.56.43.254 is a Spanish IP address registered to telefonica... makes it look a wee bit odd Share this post Link to post Share on other sites
Darkdirk #25 Posted July 25, 2018 45 minutes ago, Bytesuser said: Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address: 52.0.161.176:443. It seems to be a major change... Then pinging: c:\>ping -a 52.0.161.176 Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data: Request timed out. Request timed out. Probably a Malwarebytes server hosted on Amazon AWS. Thanks for that info. I’ve never paid much attention to the mbae network traffic before. That said, the only reason I really paid attention this time was because I noticed that a pretty good-sized chunk of data (~10Mb maybe) being uploaded, which I’d never seen prior to yesterday. I’m used to programs constantly phoning home and sending out small packets of data and then receiving large update files. But I’ve never seen a big automated upload of data like that. Any theories on what that was all about? Share this post Link to post Share on other sites