Ransomeware Protection won't turn on

[Sergiu_S]

Hello Malwarebytes team,

For the last weak or so, I started receiving notifications from the malwarebytes app that the Ransomeware protections is turned off.

I tried clicking on Turn On but nothing happens. after reading some related posts, I also places the Malwarebytes in an exclusion folder for windows Defender and restarted but no success.

I also made sure I downloaded the latest version and reinstall it but still not able to turn on Ransomware protection.

See attached Log files.

Thank you

Sergiu_S

mbst-grab-results.zip

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
  
   
• Click the Gather Logs button
  
  
   
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
• Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
  
     
  
  
  Click "Reveal Hidden Contents" below for details on how to attach a file:
   
  Spoiler

  To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

  
   

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[exile360]

Greetings,

Please remove the exclusions in Malwarebytes referencing locations on drive F:\ which does not appear to be attached to your system any longer.  This is consistent with similar cases where a bug in the most recent version of Malwarebytes causes Ransomware Protection to fail to start whenever an exclusion exists for a location on a drive that is no longer attached to the system.  Hopefully this will be fixed in the next release, however for the time being such exclusions must be removed in order for Ransomware Protection to function.

Please let us know how it goes and if there are any additional problems.

Thanks

[Sergiu_S]

That worked like a charm...

Thanks

[exile360]

Excellent, I'm glad that it worked.  If there is anything else we might assist you with please don't hesitate to let us know.

Thanks  

[babylon_nl]

@exile360 - I recently found this topic and I have to add that it's not just USB devices that are no longer attached to the system are causing this problem.

In my case it was a folder in a network attached storage device (NAS) that I had to delete in order to have ransomware protection enabled, eventhough the drives are mapped in my system permanently (tho I realize there might be a moment in startup where the mapped drives are not yet available but MB might already be running, but if this was simply the case, just restarting MB should fix it: it doesnt.)

Also good to mention is that after the exclusion was removed, i had to restart MB...

How will i know i can safely add the exclusion back again and this bug is fixed? Trial and error? 

Thanks!

[exile360]

Yep, that makes sense since Malwarebytes can't actually scan network attached storage devices (you can't have it scan any files/folders on network drives as it is unable to access them due to permissions quirks in Windows in how it implements network storage).

I don't know if or when it will be fixed, but it is likely that it will be mentioned in the change log/release notes for the version that fixes this issue, and it's likely that it will be included in the next release so I'd suggest keeping an eye on the pinned topic at the top of this area of the forums for announcements of the next release to see when it gets fixed.

[dcollins]

@babylon_nl you are correct, it's not just USB devices, it's any drive that does not exist, including network devices. And you also hit the nail on the head by stating that your network drives actually take a few seconds to attach on system startup, whereas services and drivers will generally start before that, hence this error. This should be fixed in our next release which is slated soon, but no timeline yet.

[babylon_nl]

Thanks @dcollins and @exile360 for the feedback, I never actually realised network drives couldnt be scanned, so the exclusion was useless to begin with haha.. 

Thanks for a good product and good support, keep it up!

[exile360]

Yeah, network drives are tricky due to the way that permissions are handled for them in Windows because since they technically aren't a part of the system, Windows doesn't provide the same level of access to them for processes that would normally have full access to privileged/protected locations such as system files and folders as well as the shell folders for other users/user accounts (i.e. administrative permissions and even SYSTEM account permissions) so getting the appropriate access to a network storage device for an anti-malware tool is a complicated issue, since it must have full read/write/delete access to be able to scan for, detect and remove threats.  There are some "tricks" that can be done to implement it such as "spoofing" other users (your local, limited user account actually has full write access even though the built in SYSTEM account does not) which would be necessary since the scanner and protection components run under MBAMService which runs as SYSTEM (highest level local permissions for the local system/storage devices).

I have no doubt that they will eventually implement full support for network storage devices, but it's not likely to happen any time soon given how infrequently they are used these days and how complex it would be to make it work (many users have stopped using attached storage due to threats like ransomware an worms that spread to attached storage devices, including those connected through the network so removable storage media such as USB drives and external SATA (eSATA) are more often used as a means of backing up files in case of emergency).