Jump to content

Issues with 1.12.1.97

Spritesprint

By Spritesprint
in Anti-Exploit Beta

 Share

Recommended Posts

Spritesprint

Spritesprint

Posted
Posted (edited)

Hi, my MBAE beta updated from 1.12.1.90 to 1.12.1.97 today and I came here to check release notes which don't exist yet...

Anyway, straight away I started having issues with, definitely chrome but also maybe firefox where pages just didn't even attempt to load.

This happens frequently with chrome and even when closing the browser the chrome processes persist. Killing them and trying again the web pages may load and if not when closing the processes persist again. Reverting to 1.12.1.90 resolves this issue.

With the issue present I couldn't even load chrome settings, extension settings or browsing history clear pages.

Thanks for reading.

p.s. are there any plans to ever support Vivaldi as a default shield? :)

*edit*

I've just tried this on a second PC and the issue is present there too. Both PCs running Windows 7 64 bit.

Edited by Spritesprint
another PC same issue
Link to post
Share on other sites
Kassandra

Kassandra

Posted
Posted

OMG after (only luckily!) 2 hours of bitching around with Opera resetting and reinstalling stuff I finally found it was because of this. So yeah big fatty problems. I could only load pages in a new tab after restarting the browser for like 10 sec or so and then nothing would work anymore inside that new tab or any other tab, not even going to settings and opera://flags or the extensions. I even deinstalled all extensions and then tried reinstalling them but they wouldnt install back anymore.

Firefox on the other hand seems to be working fine tho, apart from one crash which I haven't experienced before in a very long time. But that may either be due to that I tried to close it too quickly after opening it, but yes it could very well be because of MBAE. I didn't try Chrome yet, so can't confirm that. 

 

Win 10 - 1709, 16299.551

Opera 54.0.2952.60

Link to post
Share on other sites
cousinit99

cousinit99

Posted
Posted

+1

The issue is just as the OP described.  Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present.  For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually.

Link to post
Share on other sites
DougCuk

DougCuk

Posted
Posted (edited)

Agree - there are big problems with Chrome v67 and v68

Opening links in a new tab gives blank page (endless loading), attempting to add extensions freezes during "Checking", attempting to open internal chrome pages freezes with blank page (eg Extensions, Settings) and chrome.exe modules remain resident after closing program - preventing a reload.

Reverting to build 90 solves all issues.

Edited by DougCuk
Link to post
Share on other sites
Spritesprint

Spritesprint

Posted
  • Author
Posted
11 hours ago, cousinit99 said:

+1

The issue is just as the OP described.  Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present.  For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually.

Yeah I had an issue on one machine where MBAE didn't appear to be running, even after re-installs.

Easy fix though, I made sure the folder in program files was gone and deleted the Malwarebytes Anti-Exploit folder in c:\programdata (which is a hidden folder), re-installed (after disabling the network connection so that it didn't auto update and I could therefore disable auto updates) and it worked fine.

I just wish it didn't nag you so much to update when you have disabled auto updates because inevitably a user will go to the PC, see an update and click to do it and then wonder why chrome isn't working.

Link to post
Share on other sites
Spritesprint

Spritesprint

Posted
  • Author
Posted
17 minutes ago, rayny2e4034 said:

Same issue here with Chrome being blocked. Can someone please help me to find the previous version 1.12.1.90 and advice as to how i can revert back to it? Any help is much appreciated,Thank you in advance..

https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-112-build-90-released/

Previous build is linked for download in that post.

Uninstall your current build, download build 90, disable your network adapter so it doesn't auto update and install build 90, go to settings and untick automatically upgrade...then enable your network adapter.

Link to post
Share on other sites
BlueFin

BlueFin

Posted
Posted

Further to this behaviour (me too),  version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho.

Added a new outbound firewall rule to take care of that invasion.

Link to post
Share on other sites
Kassandra

Kassandra

Posted
Posted

Aside from the browser problems that everyone mentioned here I also found out that one of my Win10 Store Apps doesn't work properly. Horizon TV app.

I had to login with my account, which normally isn't needed anyway except for the very first time having it installed ofcourse. Then after login the app works for a split second and then crashes and restarts, then it goes back to asking me to log in again. It continues like that.

Link to post
Share on other sites
Bytesuser

Bytesuser

Posted
Posted (edited)
54 minutes ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages.

4 hours ago, BlueFin said:

Further to this behaviour (me too),  version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho.

Added a new outbound firewall rule to take care of that invasion.

I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install.

Opening the above address in Firefox I get:

The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN

And then pinging:

c:\>ping -a 83.56.43.254

Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data:
Reply from 83.56.43.254: bytes=32 time=66ms TTL=45
 

Is this ok?

Edited by Bytesuser
Link to post
Share on other sites
cousinit99

cousinit99

Posted
Posted
3 hours ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Just got the auto-update notification for this.  A little warning before the instantaneous, no-chance-to-save-anything reboot would've been nice.

Link to post
Share on other sites
tacua

tacua

Posted
Posted
3 hours ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Tried the new test beta, seems to work fine.  Canary ver. 70.0.3501.2 is still listing MBAE 1.12.1.100 as incompatible software, but it is working now.  I believe eventually Google Chrome has said that it  will delete incompatible software.  Canary is just an omen of what regular Chrome will become.

Link to post
Share on other sites
Darkdirk

Darkdirk

Posted
Posted
12 hours ago, Bytesuser said:

Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages.

I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install.

Opening the above address in Firefox I get:

The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN

And then pinging:

c:\>ping -a 83.56.43.254

Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data:
Reply from 83.56.43.254: bytes=32 time=66ms TTL=45
 

Is this ok?

I noticed this exact same thing yesterday around 8pm.  A big spike of outbound traffic to 83.56.43.254.   Considerably more being uploaded than being downloaded.  Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me.  Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address?

Link to post
Share on other sites
Bytesuser

Bytesuser

Posted
Posted
13 minutes ago, Darkdirk said:

I noticed this exact same thing yesterday around 8pm.  A big spike of outbound traffic to 83.56.43.254.   Considerably more being uploaded than being downloaded.  Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me.  Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address?

Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address:  52.0.161.176:443. It seems to be a major change...

Then pinging:

c:\>ping -a 52.0.161.176

Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data:
Request timed out.
Request timed out.

Probably a Malwarebytes server hosted on Amazon AWS.

Link to post
Share on other sites
Darkdirk

Darkdirk

Posted
Posted
45 minutes ago, Bytesuser said:

Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address:  52.0.161.176:443. It seems to be a major change...

Then pinging:

c:\>ping -a 52.0.161.176

Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data:
Request timed out.
Request timed out.

Probably a Malwarebytes server hosted on Amazon AWS.

Thanks for that info. I’ve never paid much attention to the mbae network traffic before.  That said, the only reason I really paid attention this time was because I noticed that a pretty good-sized chunk of data (~10Mb maybe) being uploaded, which I’d never seen prior to yesterday.   I’m used to programs constantly phoning home and sending out small packets of data and then receiving large update files.   But I’ve never seen a big automated upload of data like that.  Any theories on what that was all about?

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.