MBAM Premium and MSE conflict on Win 7 Pro - system freezes

[robhab]

I am a brand new first time forum member.

I have been using Microsoft Security Essentials (MSE) on a Win 7 Pro 64 tower PC since it was purchased in 2015 .

Also, I have been using MBAM  for manual scans, and a few months ago, I  upgraded to the premium version running real time.

Everything was fine until Dec 20, 2018 at 7:23 am when I found  my PC totally non responsive (frozen).  I had to do a hardware reboot, and the normal restart procedure worked fine.

Then the system suffered three seemingly random system freezes all requiring hard reboots... prompting me to backup all files and carefully investigate the system. 

I could not find in malware - but who really knows these days?

I found several online references to a conflict between MBAM and MSE when both programs scan in real time.

After checking some file dates, I noticed that MSE had auto-updated its definition file just before the problem started.

So I tried to run a manual MSE scan and the system froze.

Sigh... 

I deactivated the real time scanning in MBAM and the freezing stopped.

I think there is a conflict.

 

So now what?

I would like to restore MBAM to real time scanning, but cannot afford to have the system down or unrecoverable.

I am not Windows software expert either.

I searched the forum and searched online, but none of the proffered advice fits exactly (and I am loath to do anything that is not exactly has described).

I would like to try the file exclusion idea in MBAM and MSE,  but the listed files are not found under the listed directory locations. 

Can some one explain what files to exclude and where they are are in my older Win 7 Pro 64 system?

Thank you and Happy Holidays.

 

 

 

[usasma]

Well, it looks like you've isolated the problem - real time scanning in MBAM/Defender.  Not much else I can do for you here.
Have you filed a report with Microsoft?  With MalwareBytes?

To start, here's a link where you can get further advice:  https://support.malwarebytes.com/
You can also post in the MalwareBytes forums here:  https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

And you can report problems to Microsoft using the suggestions here:  https://www.thewindowsclub.com/how-to-report-bug-issue-or-vulnerability-to-microsoft
and here's Microsoft's support link:  https://support.microsoft.com/en-us/contactus/

 

Edited December 22, 2018 by usasma

[bashbish]

I  and many others are experiencing this "Hard Freeze" issue . I am not running MSE so no conflict there.

Put in search term "freeze" and you will  find many others with the issue. Many of them are IT Professionals that have multiple clients reporting this issue. It seems to be happening mostly on W7 OS, although I have seen some saying they are W10.

 

[exile360]

Yes, there is a known issue currently with the most recent build of Malwarebytes 3 causing freezing on some systems.  Generally it can be worked around by disabling either Ransomware Protection or Web Protection depending on which module is causing it on your specific installation (it's generally one or the other but shouldn't be both).

If the issue is Web Protection and you choose to keep it disabled until the issue is fixed then I would recommend installing the Malwarebytes browser extension beta.  It is available for both Chrome (and other Chromium based browsers like Vivaldi and SRWare Iron) as well as Firefox.  It blocks the same sites as Web Protection in Malwarebytes 3 but only shields your browser, not the entire system, however it does have some advantages including blocking many ads and tracking servers to protect your privacy and make the web faster/safer and also includes behavior based blocking for tech support scam sites, phishing sites and several other malicious website types and also includes blocking for clickbait sites; all things that the Web Protection component in Malwarebytes 3 currently does not do.  It is also fully compatible with Web Protection in Malwareybtes 3 so once this issue is fixed you may continue using the browser extension along with Web Protection to continue to take advantage of its advanced capabilities.  You can find out more and download the browser extension at the following links:

Chrome
Firefox

[bashbish]

Thanks for the info.

This beta version for Firefox add on:

Accesses your data for all websites
downloads files and reads the browsers download history
access browser tabs
store unlimited amount of client-side data

This is a bit more privacy than I am willing to give up. I understand its a beta version and they need as much data as possible to build it. Maybe it will be less intrusive if and when its gets past the Beta version.

In the meantime I have been taking my chances (freeze-wise) with full MWB (incl Real Time and Ransomware). No freezes in 15 hours.(I had longer stretches than that so I am not assured by this fact). Hope they can resolve soon.

 

[exile360]

It actually doesn't collect any more data than the Web Protection built into Malwarebytes 3 Premium.  The reason it has to access that stuff is just to read the sites/connections and webpage contents for blocking (such as matching against the blacklists as well as the behavior blocking components).  It isn't sending all that data back to Malwarebytes' servers.

[bashbish]

If that"s the case I guess I'll give it a try but not while its beta. Thanks.

[exile360]

Sure, no problem.  I don't know how much longer it will be in beta, but it's possible that once it's out of beta that it will be integrated with Malwarebytes Premium.  I don't think they've decided yet how they're going to release it (i.e. as a free standalone tool or as part of Premium).

[LighteningSam]

Same problem here. 3.6.1.

Have a customer with  20 computers all have Malwarebytes installed. Most are Win 7, some are Win10. Have no problems with Win 10. About 7 computers (that we know of) randomly freeze since the end of November. We use MSE, Malwarebytes (paid), QuickBooks Enterprise, Office 2016 (not 365), Chrome as our common software. Freezes, and Ctrl-Alt-Del, doesn't work... must power off. 

If Malwarebytes is uninstalled we experience no problems. 

All OS is up to date and we stay current. Ditto QuickBooks. 

 

[usasma]

I'd suggest posting over in the Business section for some help:  https://forums.malwarebytes.com/forum/120-malwarebytes-business-products-comments-and-suggestions/

You may also get help with the MalwareBytes 3 forums here:  https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

Finally, as paying business customer, why not start a support ticket here:  https://support.malwarebytes.com/community/business/pages/contact-us

[mkaz]

I am very disappointed that Malwarebytes is not owning this from a communication standpoint and that it takes forum members to keep each other updated.  Thank goodness for forum member support!  I expected at a minimum that Malwarebytes would would be pinned something acknowledging that there is an issue, they are working on a solution, etc..  There is nothing here: https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

It is as if there is an internal policy that they can never let the public know they messed up.  I for one appreciate honesty and can be accepting of some rare issues as long as I see the ownership and the communication is out quickly.  I can't imagine how many individuals without knowledge of this forum have spent countless hours trying to identify the source of the issue, lost documents they were working on, re-installed the OS only to see the issue re-occur, etc.

There are Norton haters out there and I am not promoting Norton, but at least they will own an issue.  They will pin the issue here, in the case of Norton Security: https://community.norton.com/en/forums/norton-security

And an example of a thread with clear involvement from Staff supporting identification of issues leading towards resolution: https://community.norton.com/en/forums/hot-issues-and-fixes

This may be the 2nd or 3rd major issue I've witnessed with Malwarebytes and I can't think of a time where they owned the communication letting users know of the issue, that they are working on a fix, and finally that the fix was out.  If I am incorrect, feel free to point out an example I may have missed where they communicated quickly from beginning to end.

[exile360]

Thanks for the feedback.  I do know for a fact that in the past there have been many instances where they provided pinned topics and public announcements with known issues and occurrences where the software broke in one way or another.  In this case I suspect that the number of issues/regressions present in this particular build has had them much more focused on chasing down the cause and data to more quickly provide a resolution/fixed build than on providing any sort of FAQ or public announcement (though I do believe they did pull the build from the automatic update/upgrade channel/servers to reduce the number of users who would receive the affected build until the issue is resolved, however I don't have any info on precisely when that occurred).

I will let them know however that such documentation has been requested and hopefully they will get something up, assuming they don't have a fix forthcoming in the immediate future.

As for instances in the past where there was a widespread issue, you'll find one example here (and the same issue was announced/documented here as well as here).  There have been plenty of other times, but I believe that in this instance it is largely due to the fact that not all users/systems are affected (not even Windows 7 users; I myself am running Windows 7 x64 SP1, fully patched with build 508 of Malwarebytes and have experienced none of the issues being reported so far, and I've been running that build since the first day it was made available, and in fact I'm writing this post from that very system as it's my only one).

I still am going to request that they provide some kind of announcement/FAQ though, because I do think it would be a good idea at this point given how many issues there are with this particular release/build even if not all users are affected because there appear to be a sufficient number of impacted users awaiting a fix to make it worthwhile.

That said, they have been very good about notifying users when an issue has been resolved in a release, and I can provide numerous examples of that as well if you wish (all I'd need to do is take a look at the posts from certain staff members the day certain builds/fixes/updates were released to see where they literally went through the entire forum responding to every thread where a fixed issue had been reported to notify everyone in that thread that the issue was resolved and the steps to take to get the fix/patch/update installed to correct the issue).  I'm certain they'll handle these issues in the exact same manner, however at this point there probably isn't much of an update to report, at least nothing that would do us any good because the Developers are still working on the issue, and until they have a build for us to install/test, there's nothing to notify us about except the same message that they're working on it.

[dcollins]

Sorry for the lack of response so far. Our engineering teams have been working hard to try and replicate this issue so we can understand what's going on and get a solution in place. This issue looks to affect a very small subset of users (less than 1%), couple that with the nature of the issue (the entire machine locking up), and this is a very difficult issue for us to reproduce and understand exactly what's causing. That being said, even though it's only happening to a small number of users, we obviously still want to find a solution for those users who are impacted. As such, can you please follow the instructions below to gather some logs for us so we can try to understand what is happening:

1. Download and run the Malwarebytes Support Tool
2. Do not click on Start Repair
3. Click on Advanced on the left side and then click Gather Logs
4. This process will take a few minutes and once completed, it will put a zip file on your desktop named mbst-grab-results.zip
5. Please upload that zip file in your response

There's a second set of logs that will help as well:

1. Download and extract the attached RUNME.zip
2. Right click on RUNME.bat inside the extracted folder and choose Run as Administrator
3. Choose Option 1 and press Enter
   1. This will enable driver verifier for our web protection module and turn on a complete memory dump instead of just a kernel memory dump
4. Reboot 
5. Turn on Web Protection, and use your computer as normal until it freezes again.
6. Once the computer freezes, it should cause a blue screen.
7. After rebooting, copy C:\Windows\memory.dmp to your desktop.
8. Right click on memory.dmp on your desktop and choose Send to -> Compressed (Zipped) folder. This should create a file named memory.zip
9. Upload the zip file to wetransfer.com and provide the link in your response
10. Once completed, you can then redo steps 2, 3 and 4, but this time choose Option 2 to change things back to default

While we have logs from our users so far, getting logs from multiple users helps us see what similarities there are between these computers to understand what's going on. Thanks in advanced, and we will do our best to make sure we're staying more responsive.

RUNME.zip

Edited December 29, 2018 by dcollins

[robhab]

dcollins

I appreciate the effort behind your request, but I am really torn in two directions here.  I would like to help you out, but I cannot afford to screw up my system again.

I am reluctant to run your scripts to intentionally force my system to lock up.  Who will help me unscramble the mess, if I cannot hard reboot my system?

In the 34 years that I have been using PCs, first for my graduate work and then for my professional practice, I never had a single system crash caused by malware.

In that same period,  Microsoft updates bricked my PCs three times; and Norton updates bricked them twice. 

I stopped buying systems from Dell, because of the problems with McAfee... 

For me, the cure has been worse than the disease.  Enormously inconvenient and aggravating.

 

I  may be better off just giving up on MBAM for now.

 

 

 

     

   

[usasma]

I am not a MalwareBytes employee, I am just a volunteer that works here because they offered to host a BSOD forum.

The staff/developers do monitor this forum.  They watch to see what happens here and if it starts to point to a MalwareBytes issue, they jump right on it."
They may not post, but they are working on it.

In the past, there was a conflict between MalwareBytes and a popular antivirus program.  This spawned a lot of BSOD's and we worked hard to isolate the problem.
As with the current issues, the problems seemed to point to MalwareBytes.  After a lot of work and a lot of discussions, the antivirus company issued a fix and all was well.

My point here is that it's not necessarily MalwareBytes' fault, even if the crash dumps/diagnostic procedures seem to implicate it.  Replicating the issue is the crucial first step - without that, they can't fix what they can't see

[LighteningSam]

As a previous programmer, before there was even a Microsoft, I can say one of the worst things you can do (for all parties involved) is taking ownership of a problem that may not be yours (and just as bad blaming others). You first go through these steps:

1. Consistently duplicate the problem. (Clearly, intermittent problems take the longest to identify)
2. Find in your code where the problem occurs.
3. Find out if it is actually your code causing the problem or some other app causing the problem, such as a third party conflict, API, MS update, etc.
4. Then decide what you are going to do.
   1. If it's your code, you fix it.
   2. If caused by an outside source you find out if they can or will fix it and when.
      1. Then decide if it is best if you create a workaround until the original source is fixed.
5. Notify the customers your findings and solution.

Obviously, you really need to be certain the fix is not going to create additional problems before it is released.

The steps 1-3 are usually the "We're looking into it, or we're working on it" phase.

So let's give them a break until they identify the problem. 

Many years ago I met the flight engineer that delivered the first Lockheed C-5 Galaxy (huge transport plane) to the government. When I asked him what it was like when they were testing it, he said, "I was amazed everytime it got off the ground." That's probably how we should be feeling about Malwarebytes removing a virus. 

[JimOPI]

Just letting you know I am also experiencing regular freezes with MBAM Web Protection. 

I have been running MBAM Premium for years with no problems until the freezes started on December 19, 2018.

The freezes occur several times a day and sometimes when the PC is just sitting idle. 

After disabling MBAM for days at a time, I finally discovered that the freezes appear to only occur when MBAM is running and only when Web Protection is On. 

I am running Windows 7 pro 64 bit and the event log never shows any kind of errors after each freeze. 

Something changed on the December 19th updates.  

[usasma]

I suggest that you follow dcollins suggestion to submit reports from Post #15:

Good luck!

[JimOPI]

Attached is the logs from my MBST run.

mbst-grab-results.zip

[robhab]

JimOPI

That is exactly what happened to me at exactly the same time under exactly the same Win and app configuration.

If you check your logs closely, you will see that MSE updated its virus definitions just before the seemingly random freeze started.

You probably caused the first freeze when you booted up and both MBAM and MSE tried to run at the same time.

[LAVA]

On 12/22/2018 at 6:11 AM, robhab said:

I am a brand new first time forum member.

I have been using Microsoft Security Essentials (MSE) on a Win 7 Pro 64 tower PC since it was purchased in 2015 .

Also, I have been using MBAM  for manual scans, and a few months ago, I  upgraded to the premium version running real time.

Everything was fine until Dec 20, 2018 at 7:23 am when I found  my PC totally non responsive (frozen).  I had to do a hardware reboot, and the normal restart procedure worked fine.

Then the system suffered three seemingly random system freezes all requiring hard reboots... prompting me to backup all files and carefully investigate the system. 

I could not find in malware - but who really knows these days?

I found several online references to a conflict between MBAM and MSE when both programs scan in real time.

After checking some file dates, I noticed that MSE had auto-updated its definition file just before the problem started.

So I tried to run a manual MSE scan and the system froze.

Sigh... 

I deactivated the real time scanning in MBAM and the freezing stopped.

I think there is a conflict.

 

So now what?

I would like to restore MBAM to real time scanning, but cannot afford to have the system down or unrecoverable.

I am not Windows software expert either.

I searched the forum and searched online, but none of the proffered advice fits exactly (and I am loath to do anything that is not exactly has described).

I would like to try the file exclusion idea in MBAM and MSE,  but the listed files are not found under the listed directory locations. 

Can some one explain what files to exclude and where they are are in my older Win 7 Pro 64 system?

Thank you and Happy Holidays.

 

 

 

 

For the sake of brevity, I'm going to 'second' the above, except we've been paying for Premium on 3 machines for a 2+ years.

MBAM 3.6.1 has been causing 'hard' hang on a fresh install of: Windows Enterprise 7 sp1.  Installed MBAM on 12/28/2018.

Only way to restart system was via Power Button (holding it for 8+ seconds).  No blue or black screen, just DWM freeze.

Hardware: Dell T3610 Precision Workstation, Nvidia Quadro, Intel DC-S3520 SSD

Software: MS Office Pro Plus 2010, Adobe CC 2018

After removal of MBAM today (1/1/2019), not a single hang or freeze. 

(wasted 2 days on event logs, hardware swaps, testing... finally decided to rollback/remove MBAM)

[LAVA]

2 hours ago, LAVA said:

 

For the sake of brevity, I'm going to 'second' the above, except we've been paying for Premium on 3 machines for a 2+ years.

MBAM 3.6.1 has been causing 'hard' hang on a fresh install of: Windows Enterprise 7 sp1.  Installed MBAM on 12/28/2018.

Only way to restart system was via Power Button (holding it for 8+ seconds).  No blue or black screen, just DWM freeze.

Hardware: Dell T3610 Precision Workstation, Nvidia Quadro, Intel DC-S3520 SSD

Software: MS Office Pro Plus 2010, Adobe CC 2018

After removal of MBAM today (1/1/2019), not a single hang or freeze. 

(wasted 2 days on event logs, hardware swaps, testing... finally decided to rollback/remove MBAM)

 

For clarification, my system's hang/lockup behavior is identical to "JimOPI" above.

[bashbish]

6 hours ago, robhab said:

JimOPI

That is exactly what happened to me at exactly the same time under exactly the same Win and app configuration.

If you check your logs closely, you will see that MSE updated its virus definitions just before the seemingly random freeze started.

You probably caused the first freeze when you booted up and both MBAM and MSE tried to run at the same time.

I have Avast not MSE and I have been getting the hard freezes since mid December.  I uninstalled MWB for 3 days , no freezes. I reinstalled MWB this morning. One freeze so far. At this point I am "Quitting" (turning off)  MWB when I am not using the Internet. I turn it back on when I go On the internet.

[buttoni]

My 2cents worth:  The Microsoft community forum has ALWAYS said not to run MSE concurrently with any other realtime antimalware/anti-virus software lest one wants to experience "system instability".  What changed?   I was shocked to read here on the forums this week that MBAM says it WILL run alongside MSE or Windows Defender!   Maybe not........ 

I just installed the free-standing Malwarebytes last week (basically just a manual scanner as I understand it) as I haven't run MBAM in a number of years.   Wanted to see how it has changed since I last ran it.  Since the non-premium MBAM has no realtime protection, I on my Win7 Home Premium x64, have NOT experienced any freezes.  I did install the MBAM browser add-on though and it, too, has caused no issues on my Win7 machine.

I plan on upgraded to the premium version eventually (when and IF this Win7 freeze issue is resolved), but will ABSOLUTELY uninstall MSE and turn off Defender when I do upgrade.  I wasn't aware MS had ever changed their position about MSE (or Defender) not being compatible with other realtime scanners. 

 

[LAVA]

1 hour ago, buttoni said:

My 2cents worth:  The Microsoft community forum has ALWAYS said not to run MSE concurrently with any other realtime antimalware/anti-virus software lest one wants to experience "system instability".  What changed?   I was shocked to read here on the forums this week that MBAM says it WILL run alongside MSE or Windows Defender!   Maybe not........ 

I just installed the free-standing Malwarebytes last week (basically just a manual scanner as I understand it) as I haven't run MBAM in a number of years.   Wanted to see how it has changed since I last ran it.  Since the non-premium MBAM has no realtime protection, I on my Win7 Home Premium x64, have NOT experienced any freezes.  I did install the MBAM browser add-on though and it, too, has caused no issues on my Win7 machine.

I plan on upgraded to the premium version eventually (when and IF this Win7 freeze issue is resolved), but will ABSOLUTELY uninstall MSE and turn off Defender when I do upgrade.  I wasn't aware MS had ever changed their position about MSE (or Defender) not being compatible with other realtime scanners. 

 

 

(Also attn: DCOLLINS)

We have two older Win7 machines running with MBAM 3.6.1 and Defender:  Windows Pro 7.1 and Ultimate 7.1  no updates since 2016. (MBAM Premium licenses)

Our newest box, with fresh up-to-date installation of Enterprise 7.1 (updates), is the box that keeps freezing/hanging. (MBAM Trial, waiting to transfer 1 license)

Will report back on Windows 8.1 Enterprise systems when I return to work.  No, we do not use Win10 on anything.