Jump to content

Recommended Posts

  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Thank you everyone for the feedback. We are currently aware of this issue and are researching a fix. Microsoft has also been made aware of this issue.

January 24, 2019 3:15 pm 
Announcing Windows 10 Insider Preview Build 18323
https://blogs.windows.com/windowsexperience/2019/01/24/announcing-windows-10-insider-preview-build-18323/

 

Quote

REMINDER: As is normal with builds early in the development cycle, builds may contain bugs that might be painful for some. If this makes you uncomfortable, you may want to consider switching to the Slow ring. Slow ring builds will continue to be higher quality.

https://docs.microsoft.com/en-us/windows-insider/


Ron

 

Link to post
Share on other sites

Thank you to everyone who has provided feedback on this issue. We're investigating the cause and will provide further details shortly. Please keep in mind that with this issue affecting a beta Operating System, issues are to be expected.

It would help if troubleshooting logs could be provided. Please refer to the following topic:
https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/

In addition, a Process Monitor log would also be helpful. Please refer to the steps below.

MgeHyNE.png Run Process Monitor

  • Quit Malwarebytes by right-clicking the Malwarebytes notification area icon (next to the clock) and clicking Quit Malwarebytes.
  • Please download run_procmon.bat using the link below.
    https://malwarebytes.box.com/s/he92cwwd71sa0w7waiub8wx69ymb5d4i
  • Open your Downloads folder.
  • Double-click CX41PDv.png run_procmon.bat. Click Yes if prompted by AVOiBNU.jpg User Account Control.
  • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
  • A black Command Prompt window will appear.
  • When prompted to carry out the tasks, please do the following:
    • Try to launch Malwarebytes and wait for the DDA Driver error.
    • Don't click Yes to restart.
  • Once done, click inside the Command Prompt window and press Y on your keyboard followed by Enter.
  • Upon completion, a file named HSPwQfy.png procmon-log.zip will be saved to your Desktop. Please attach the file in your next reply.
  • Note: If the file is too large, you will be provided instructions to upload the file to a file hosting website (wetransfer.com).
Link to post
Share on other sites

I followed the instructions in post #31 above, but didn't get any notice about the DDA error. This has been the case with system reboots over the last few days, both on my desktop and my Surface Pro 4. Both systems are running Insider build 18323.1000. I get the message about protection being turned off on both systems.

https://we.tl/t-vYvWtnoQ9R

Link to post
Share on other sites

@Imod - Yah i was getting the DDA error after reboots too but later today that specific error has disappeared for me as well. I noticed i was getting the DDA error sometimes after reboots and then when i checked protection, "scan for rookits" would also be disabled. Now this afternoon, i am noticing that rootkit options stays enabled and no errors for DDA  but the others are all still disabled such as

Web protection is off

Malware protection is off

Ransomware protection is off

Link to post
Share on other sites

You can verify whether rootkit scanning is enabled or not by attempting to perform a Threat scan.  Just open Malwarebytes and click Scan Now on the Dashboard and see if it is able to install the anti-rootkit driver and scan for rootkits (it should throw the DDA driver error if it isn't able to), and if it works you should see it performing the Scan for Rootkits portion of the scan near the beginning just after Pre-Scan Operations if you view the Scan tab while the scan is going.

Link to post
Share on other sites

@exile360 yes thanks. It is working and also does work in the scans but part of this glitch was that after pc  reboots it would turn off rootkit scanning and hence that error would return as well. Fortunately the "scan for rootkits" slider does work when you try to turn it back on to enable unlike Web protection, Malware protection and Ransomware protection . Those 3 options will not allow you to even slide them back to on but rookit scan is available to turn back on if it goes to disabled thankfully

Link to post
Share on other sites

Rootkit scanning works a bit differently which is why I asked that you try a scan.  The driver doesn't actually try to install itself when you turn the feature/switch on unlike the protection components as the rootkit scanning driver is only loaded when rootkit scanning is enabled and you attempt to run a scan.  As long as you were able to scan and the scan log shows rootkit scanning was enabled and you saw that portion of the scan complete without any errors about the driver then it should be working.

Link to post
Share on other sites

Hmm, when I try to run a scan on my desktop system, I get this more or less blank window. I rebooted the system after attempting a scan and getting this blank window, but the reboot hasn't changed the situation. A scan ran when I first logged onto the system this morning, and reported that no threats were detected. That was before I ran " run_procmon.bat "

A scan has just ran to completion, including scanning for rootkits, on my Surface Pro 4

image.png.a49ab45459703299e291dae8ed78b956.png

 

Link to post
Share on other sites

Hmm, yeah, I suspect that is being caused by the driver not being able to load.  In fact, if you open Malwarebytes and go to Settings>Application and enable the option under Event Log Data then replicate the issue once more by trying to run a scan again it should log what happened.  Once that's done, go ahead and run the Malwarebytes Support Tool again and have it collect the logs then post the ZIP file.

Once that's done, go ahead and disable the option under Event Log Data again that way it doesn't continue its verbose logging (those logs can get pretty big fast because it logs a LOT of stuff, so we only advise using it temporarily for support and troubleshooting).

Link to post
Share on other sites

26 minutes ago, exile360 said:

Hmm, yeah, I suspect that is being caused by the driver not being able to load.  In fact, if you open Malwarebytes and go to Settings>Application and enable the option under Event Log Data then replicate the issue once more by trying to run a scan again it should log what happened.  Once that's done, go ahead and run the Malwarebytes Support Tool again and have it collect the logs then post the ZIP file.

Once that's done, go ahead and disable the option under Event Log Data again that way it doesn't continue its verbose logging (those logs can get pretty big fast because it logs a LOT of stuff, so we only advise using it temporarily for support and troubleshooting).

Here is the Support tool log

mbst-grab-results.zip.

Attempting to run a scan still results in a blank window. A Hyper Scan appeared to run to completion, reporting no threats. But a Custom Scan (C: Drive only) resulted in this report. I strongly suspect the "Items Scanned" number is a carry over from the Hyper Scan.

image.png.9b1fc4f4ec042e9b41ea7420f19d05b0.png

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.