Jump to content
Spritesprint

Issues with 1.12.1.97

By Spritesprint, in Anti-Exploit Beta

Recommended Posts

Spritesprint   

Spritesprint
Posted (edited)

Hi, my MBAE beta updated from 1.12.1.90 to 1.12.1.97 today and I came here to check release notes which don't exist yet...

Anyway, straight away I started having issues with, definitely chrome but also maybe firefox where pages just didn't even attempt to load.

This happens frequently with chrome and even when closing the browser the chrome processes persist. Killing them and trying again the web pages may load and if not when closing the processes persist again. Reverting to 1.12.1.90 resolves this issue.

With the issue present I couldn't even load chrome settings, extension settings or browsing history clear pages.

Thanks for reading.

p.s. are there any plans to ever support Vivaldi as a default shield? :)

*edit*

I've just tried this on a second PC and the issue is present there too. Both PCs running Windows 7 64 bit.

Edited by Spritesprint
another PC same issue

Share this post

Link to post
Share on other sites

Aeternum   

Aeternum
Posted

Can confirm, update breaks Chrome/chromium builds >60.0 at least. Doesnt seem to affect my old build of chrome (50.0) tho

Share this post

Link to post
Share on other sites

Kassandra   

Kassandra
Posted

OMG after (only luckily!) 2 hours of bitching around with Opera resetting and reinstalling stuff I finally found it was because of this. So yeah big fatty problems. I could only load pages in a new tab after restarting the browser for like 10 sec or so and then nothing would work anymore inside that new tab or any other tab, not even going to settings and opera://flags or the extensions. I even deinstalled all extensions and then tried reinstalling them but they wouldnt install back anymore.

Firefox on the other hand seems to be working fine tho, apart from one crash which I haven't experienced before in a very long time. But that may either be due to that I tried to close it too quickly after opening it, but yes it could very well be because of MBAE. I didn't try Chrome yet, so can't confirm that. 

 

Win 10 - 1709, 16299.551

Opera 54.0.2952.60

Share this post

Link to post
Share on other sites

cousinit99   

cousinit99
Posted

+1

The issue is just as the OP described.  Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present.  For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually.

Share this post

Link to post
Share on other sites

CompCav   

CompCav
Posted

I have Chrome version 67.0.3396.99 and it broke it.  When I deactivate chrome works fine.  So new version of MBAE is bad with chrome. 

Share this post

Link to post
Share on other sites

DougCuk   

DougCuk
Posted (edited)

Agree - there are big problems with Chrome v67 and v68

Opening links in a new tab gives blank page (endless loading), attempting to add extensions freezes during "Checking", attempting to open internal chrome pages freezes with blank page (eg Extensions, Settings) and chrome.exe modules remain resident after closing program - preventing a reload.

Reverting to build 90 solves all issues.

Edited by DougCuk

Share this post

Link to post
Share on other sites

Spritesprint   

Spritesprint
Posted
11 hours ago, cousinit99 said:

+1

The issue is just as the OP described.  Interestingly though, on one of my machines where MBAE doesn't update automatically, the issue is seemingly not present.  For the past several updates to MBAE on this machine, MBAE fails to restart automatically after the update installer completes, and I have to go into Services.msc and start the MBAE service manually.

Yeah I had an issue on one machine where MBAE didn't appear to be running, even after re-installs.

Easy fix though, I made sure the folder in program files was gone and deleted the Malwarebytes Anti-Exploit folder in c:\programdata (which is a hidden folder), re-installed (after disabling the network connection so that it didn't auto update and I could therefore disable auto updates) and it worked fine.

I just wish it didn't nag you so much to update when you have disabled auto updates because inevitably a user will go to the PC, see an update and click to do it and then wonder why chrome isn't working.

Share this post

Link to post
Share on other sites

rayny2e4034   

rayny2e4034
Posted

Same issue here with Chrome being blocked. Can someone please help me to find the previous version 1.12.1.90 and advice as to how i can revert back to it? Any help is much appreciated,Thank you in advance..

Share this post

Link to post
Share on other sites

Spritesprint   

Spritesprint
Posted
17 minutes ago, rayny2e4034 said:

Same issue here with Chrome being blocked. Can someone please help me to find the previous version 1.12.1.90 and advice as to how i can revert back to it? Any help is much appreciated,Thank you in advance..

https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-112-build-90-released/

Previous build is linked for download in that post.

Uninstall your current build, download build 90, disable your network adapter so it doesn't auto update and install build 90, go to settings and untick automatically upgrade...then enable your network adapter.

Share this post

Link to post
Share on other sites

cutting_edgetech   

cutting_edgetech
Posted

Just for informational purposes: I have not ran into any problems yet using  build 1.12.1.97, and I have been using it for 2 days now. I have not rebooted since upgrading. Maybe it requires a reboot before problems begin. I'm using Firefox, and Chrome. I'm using Windows 10 X64 Pro version 1709.

Share this post

Link to post
Share on other sites

BlueFin   

BlueFin
Posted

Further to this behaviour (me too),  version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho.

Added a new outbound firewall rule to take care of that invasion.

Share this post

Link to post
Share on other sites

rayny2e4034   

rayny2e4034
Posted

Thank you very much SpriteSprint, i'll do as you suggest and hope for the best. I appreciate you taking the time to reply and for the great info you provided for me. 

Share this post

Link to post
Share on other sites

Kassandra   

Kassandra
Posted

Aside from the browser problems that everyone mentioned here I also found out that one of my Win10 Store Apps doesn't work properly. Horizon TV app.

I had to login with my account, which normally isn't needed anyway except for the very first time having it installed ofcourse. Then after login the app works for a split second and then crashes and restarts, then it goes back to asking me to log in again. It continues like that.

Share this post

Link to post
Share on other sites

Bytesuser   

Bytesuser
Posted (edited)
54 minutes ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages.

4 hours ago, BlueFin said:

Further to this behaviour (me too),  version .97 also appears to be phoning home during an anti-malware scan. Network write traffic due to the mbae64.exe process was running at about 100k during the scan. Hmmmm ... not good imho.

Added a new outbound firewall rule to take care of that invasion.

I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install.

Opening the above address in Firefox I get:

The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN

And then pinging:

c:\>ping -a 83.56.43.254

Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data:
Reply from 83.56.43.254: bytes=32 time=66ms TTL=45
 

Is this ok?

Edited by Bytesuser

Share this post

Link to post
Share on other sites

cousinit99   

cousinit99
Posted
3 hours ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Just got the auto-update notification for this.  A little warning before the instantaneous, no-chance-to-save-anything reboot would've been nice.

Share this post

Link to post
Share on other sites

tacua   

tacua
Posted
3 hours ago, dcollins said:

Thanks for the reports everyone, we have a beta build available for testing if you'd like: https://malwarebytes.box.com/s/22arp4fb3luo75ujopv0d63zbq6x6lhq

We are testing this internally, and once we confirm everything is working as intended we'll make it more publicly available

Tried the new test beta, seems to work fine.  Canary ver. 70.0.3501.2 is still listing MBAE 1.12.1.100 as incompatible software, but it is working now.  I believe eventually Google Chrome has said that it  will delete incompatible software.  Canary is just an omen of what regular Chrome will become.

Share this post

Link to post
Share on other sites

Darkdirk   

Darkdirk
Posted
12 hours ago, Bytesuser said:

Version 1.12.1.100 seems to fix the problem, Chrome browser now normally loads the pages.

I also confirm outbound request in my firewall from mbae64.exe process to 83.56.43.254:443 address. But this might be because of the exe file signature change with the new install.

Opening the above address in Firefox I get:

The owner of 83.56.43.254 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

83.56.43.254 uses an invalid security certificate. The certificate is only valid for rs1.malwarebytes.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN

And then pinging:

c:\>ping -a 83.56.43.254

Pinging 254.red-83-56-43.staticip.rima-tde.net [83.56.43.254] with 32 bytes of data:
Reply from 83.56.43.254: bytes=32 time=66ms TTL=45
 

Is this ok?

I noticed this exact same thing yesterday around 8pm.  A big spike of outbound traffic to 83.56.43.254.   Considerably more being uploaded than being downloaded.  Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me.  Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address?

Share this post

Link to post
Share on other sites

Bytesuser   

Bytesuser
Posted
13 minutes ago, Darkdirk said:

I noticed this exact same thing yesterday around 8pm.  A big spike of outbound traffic to 83.56.43.254.   Considerably more being uploaded than being downloaded.  Could someone from Malwarebytes please shed some light on this, as it seemed very unusual to me.  Or at the very least can you confirm whether or not this is a legit official Malwarebytes IP address?

Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address:  52.0.161.176:443. It seems to be a major change...

Then pinging:

c:\>ping -a 52.0.161.176

Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data:
Request timed out.
Request timed out.

Probably a Malwarebytes server hosted on Amazon AWS.

Share this post

Link to post
Share on other sites

Darkdirk   

Darkdirk
Posted
45 minutes ago, Bytesuser said:

Before version 1.12.1.97, it was mbae-svc.exe service process (and not the mbae64.exe process) making outgoing connection to the following address:  52.0.161.176:443. It seems to be a major change...

Then pinging:

c:\>ping -a 52.0.161.176

Pinging ec2-52-0-161-176.compute-1.amazonaws.com [52.0.161.176] with 32 bytes of data:
Request timed out.
Request timed out.

Probably a Malwarebytes server hosted on Amazon AWS.

Thanks for that info. I’ve never paid much attention to the mbae network traffic before.  That said, the only reason I really paid attention this time was because I noticed that a pretty good-sized chunk of data (~10Mb maybe) being uploaded, which I’d never seen prior to yesterday.   I’m used to programs constantly phoning home and sending out small packets of data and then receiving large update files.   But I’ve never seen a big automated upload of data like that.  Any theories on what that was all about?

 

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Anti-Exploit Beta

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept