Jump to content

Recommended Posts

Thank you everyone for the feedback. We are currently aware of this issue and are researching a fix. Microsoft has also been made aware of this issue.

January 24, 2019 3:15 pm 
Announcing Windows 10 Insider Preview Build 18323
https://blogs.windows.com/windowsexperience/2019/01/24/announcing-windows-10-insider-preview-build-18323/

 

Quote

REMINDER: As is normal with builds early in the development cycle, builds may contain bugs that might be painful for some. If this makes you uncomfortable, you may want to consider switching to the Slow ring. Slow ring builds will continue to be higher quality.

https://docs.microsoft.com/en-us/windows-insider/


Ron

 

Share this post


Link to post
Share on other sites

Thank you to everyone who has provided feedback on this issue. We're investigating the cause and will provide further details shortly. Please keep in mind that with this issue affecting a beta Operating System, issues are to be expected.

It would help if troubleshooting logs could be provided. Please refer to the following topic:
https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/

In addition, a Process Monitor log would also be helpful. Please refer to the steps below.

MgeHyNE.png Run Process Monitor

  • Quit Malwarebytes by right-clicking the Malwarebytes notification area icon (next to the clock) and clicking Quit Malwarebytes.
  • Please download run_procmon.bat using the link below.
    https://malwarebytes.box.com/s/he92cwwd71sa0w7waiub8wx69ymb5d4i
  • Open your Downloads folder.
  • Double-click CX41PDv.png run_procmon.bat. Click Yes if prompted by AVOiBNU.jpg User Account Control.
  • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
  • A black Command Prompt window will appear.
  • When prompted to carry out the tasks, please do the following:
    • Try to launch Malwarebytes and wait for the DDA Driver error.
    • Don't click Yes to restart.
  • Once done, click inside the Command Prompt window and press Y on your keyboard followed by Enter.
  • Upon completion, a file named HSPwQfy.png procmon-log.zip will be saved to your Desktop. Please attach the file in your next reply.
  • Note: If the file is too large, you will be provided instructions to upload the file to a file hosting website (wetransfer.com).

Share this post


Link to post
Share on other sites

Unfortunately the rootkit error didn't reappear while i was running the proc monitor exe. Nevertheless, i uploaded the log file to the webpage as directed but this zip file will not have my license key in it, correct? 

Share this post


Link to post
Share on other sites
On 1/24/2019 at 11:25 PM, 1PW said:

Hello @siliconman01:

If you have the ability to fall back to 18317, would you?

Thank you for the mbst-grab.

I did and it worked, but there were unrelated problems with that build.

Share this post


Link to post
Share on other sites
36 minutes ago, radBrad said:

What email do you send the We Transfer to?

You don't need to send it to an email address.  In WeTransfer click on the ... circular button and select Send as link and it should provide a URL for you to copy/paste when it's done.  Just post that link in your reply here on the forums.

Share this post


Link to post
Share on other sites

Thanks for providing these.  All this data should prove very helpful to the team troubleshooting the issue and will hopefully lead to a prompt resolution.

Share this post


Link to post
Share on other sites

I followed the instructions in post #31 above, but didn't get any notice about the DDA error. This has been the case with system reboots over the last few days, both on my desktop and my Surface Pro 4. Both systems are running Insider build 18323.1000. I get the message about protection being turned off on both systems.

https://we.tl/t-vYvWtnoQ9R

Share this post


Link to post
Share on other sites

@Imod - Yah i was getting the DDA error after reboots too but later today that specific error has disappeared for me as well. I noticed i was getting the DDA error sometimes after reboots and then when i checked protection, "scan for rookits" would also be disabled. Now this afternoon, i am noticing that rootkit options stays enabled and no errors for DDA  but the others are all still disabled such as

Web protection is off

Malware protection is off

Ransomware protection is off

Share this post


Link to post
Share on other sites

You can verify whether rootkit scanning is enabled or not by attempting to perform a Threat scan.  Just open Malwarebytes and click Scan Now on the Dashboard and see if it is able to install the anti-rootkit driver and scan for rootkits (it should throw the DDA driver error if it isn't able to), and if it works you should see it performing the Scan for Rootkits portion of the scan near the beginning just after Pre-Scan Operations if you view the Scan tab while the scan is going.

Share this post


Link to post
Share on other sites

@exile360 yes thanks. It is working and also does work in the scans but part of this glitch was that after pc  reboots it would turn off rootkit scanning and hence that error would return as well. Fortunately the "scan for rootkits" slider does work when you try to turn it back on to enable unlike Web protection, Malware protection and Ransomware protection . Those 3 options will not allow you to even slide them back to on but rookit scan is available to turn back on if it goes to disabled thankfully

Share this post


Link to post
Share on other sites

Rootkit scanning works a bit differently which is why I asked that you try a scan.  The driver doesn't actually try to install itself when you turn the feature/switch on unlike the protection components as the rootkit scanning driver is only loaded when rootkit scanning is enabled and you attempt to run a scan.  As long as you were able to scan and the scan log shows rootkit scanning was enabled and you saw that portion of the scan complete without any errors about the driver then it should be working.

Share this post


Link to post
Share on other sites

Hmm, when I try to run a scan on my desktop system, I get this more or less blank window. I rebooted the system after attempting a scan and getting this blank window, but the reboot hasn't changed the situation. A scan ran when I first logged onto the system this morning, and reported that no threats were detected. That was before I ran " run_procmon.bat "

A scan has just ran to completion, including scanning for rootkits, on my Surface Pro 4

image.png.a49ab45459703299e291dae8ed78b956.png

 

Share this post


Link to post
Share on other sites

Hmm, yeah, I suspect that is being caused by the driver not being able to load.  In fact, if you open Malwarebytes and go to Settings>Application and enable the option under Event Log Data then replicate the issue once more by trying to run a scan again it should log what happened.  Once that's done, go ahead and run the Malwarebytes Support Tool again and have it collect the logs then post the ZIP file.

Once that's done, go ahead and disable the option under Event Log Data again that way it doesn't continue its verbose logging (those logs can get pretty big fast because it logs a LOT of stuff, so we only advise using it temporarily for support and troubleshooting).

Share this post


Link to post
Share on other sites
26 minutes ago, exile360 said:

Hmm, yeah, I suspect that is being caused by the driver not being able to load.  In fact, if you open Malwarebytes and go to Settings>Application and enable the option under Event Log Data then replicate the issue once more by trying to run a scan again it should log what happened.  Once that's done, go ahead and run the Malwarebytes Support Tool again and have it collect the logs then post the ZIP file.

Once that's done, go ahead and disable the option under Event Log Data again that way it doesn't continue its verbose logging (those logs can get pretty big fast because it logs a LOT of stuff, so we only advise using it temporarily for support and troubleshooting).

Here is the Support tool log

mbst-grab-results.zip.

Attempting to run a scan still results in a blank window. A Hyper Scan appeared to run to completion, reporting no threats. But a Custom Scan (C: Drive only) resulted in this report. I strongly suspect the "Items Scanned" number is a carry over from the Hyper Scan.

image.png.9b1fc4f4ec042e9b41ea7420f19d05b0.png

 

Share this post


Link to post
Share on other sites

Yes i am getting the same issue as Imod now. I will run a scan first with event log data enabled as you mentioned and then run the Support tool asap

Share this post


Link to post
Share on other sites

Thank you to everyone who has provided feedback and data on this issue.

For further details on the issue, please see this post:


The feedback and data provided will help us confirm the nature of this issue and what steps are required to move forward.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.