Jump to content

Malwarebytes and application startup time...


Recommended Posts

As a follow up to the year old posting below:

I did remove Malwarebytes 3.3.1.2183 last February and left Vipre only for protection against malware. The yearly renewal for Malwarebytes license arrived and reminded me to test the performance again. Installed MBAM 3.6.1.271 with the latest component package next to Vipre 11.0.3.20. The test results for MS Word 2013 are even worse than they have been with the year old version of Malwarebytes:

6.6401
5.0041
4.9077
4.9388

Was there a change in supporting/recommending "traditional" A/V solutions with Malwarebytes? Do you recommend having Malwarebytes the only security protection for the system and remove Vipre?

TIA...

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

For Windows 10 machines, our recommendation is to use Malwarebytes in conjunction with the built-in Windows Defender. We believe this offers the best combination of protection and performance.

Aside from that, many users run Malwarebytes along with a third-party Anti-Virus without issue. However, this is not always the case and can result in performance issues or other problems with the computer. We typically recommend configuring mutual exclusions in both products if a third-party Anti-Virus is installed alongside Malwarebytes. This resolves any issues in a lot of cases. Other times, tweaking settings may be required to allow coexistence between the two products.

Have you configured mutual exclusions in Malwarebytes and VIPRE?
If you fully disable or temporarily uninstall VIPRE, does the issue persist?

Link to post
Share on other sites

Just to add to the info LiquidTension provided above, I do recall that in the past, as with several other AV products, the web filter/web protection components in the two products do sometimes conflict on some systems (similar issues have been observed occasionally with Avast, AVG, Avira, ESET, Bitdefender and Kaspersky to name a few, though it does not always occur) and if exclusions don't resolve the issue you might try disabling the web protection/web filter/bad website blocking component in VIPRE (I'm not sure of the exact name of the feature but it should be easy to locate based on its name and/or description in the product interface).  If that works, you can try re-enabling it then testing to see if disabling the Web Protection component in Malwarebytes also eliminates the issue.  If so, this will at least point us in the right direction as to the exact cause.

Alternatively you might try disabling the Ransomware Protection component as it too has been known to cause performance issues from time to time under certain conditions/on certain systems.

I mention these things because this info could be useful for the Developers in optimizing the performance and finding and fixing any potential issues in these particular components and with compatibility for these third party AVs.

Link to post
Share on other sites

@LiquidTension

So, the recommendation did change, thanks...

Some details of the system in question...

The OS is Windows 10 Pro 64-bits, version 1809 (OS bui;ld 17763.253), with Malwarebytes 3.6.1.271 with the latest component package. MBAM and Vipre on the same system seemingly caused some conflict, based on the application startup time for both from a local drive and from networked resource. As suggested, Vipre had been uninstalled.

After rebooting the system, Windows Defender A/V activated itself with MBAM active, the applications had been retested. Opening a word document improved and shown below:

2.4065
0.9997
0.9895
1.0071

That's pretty much on paar with Vipre, when it's been the only third-party A/V that was active prior to removing it. Unfortunately, it did not fix the issue of opening documents from a networked resource. While there are no issues with browsing the network, just as fast as it used to be prior to MBAM, opening Word documents take 6 - 8 seconds, measured by stopwatch.

Excel on the other hand takes more than twice as long to startup, when the spreadsheet opened from the local drive, With Vipre only on the same system Excel started up in a third of a second:

0.3898
0.3653
0.3741
0.3586

Excel with MBAM and WD A/V:

1.2636
0.7804
0.7960
0.7867

Opening Excel spreadsheet from network share is marginally better than Word documents, 4 - 5 seconds passes by before the spreadsheet is opened.

The LAN is fully switched, gigi network, that had no issues prior to MBAM and it still does not. Disabling Windows firewall did not seem to matter, opening the file from network share still took a long time. 

Exclusions for Windows Defender A/V didn't help either, from an older link below:

https://forums.malwarebytes.com/topic/200162-exclusions-for-windows-defender-users/

Is there anything else that can be done for removing the delay for opening documents from the network shares? 

As a reminder... There had been no issues with application startup time, be that local or from network share, LAN, regardless if the firewall had been active or not. 

TIA...

Link to post
Share on other sites

Thanks, yes, I do suspect it's an issue with one of the modules.  If disabling Ransomware Protection doesn't eliminate it then I'd suggest disabling the others one at a time to see if that helps.  It may be an issue with Ransomware Protection, Web Protection, Malware Protection or even Exploit Protection (particularly since those MS Office apps are all shielded by Exploit Protection by default).

A capture of the process when attempting to open one of the programs/documents via Process Monitor could also prove useful as it should reveal what Malwarebytes and other programs are doing when the issue occurs which could help the Devs in trying to improve things.

Create a Process Monitor Log:

  • Create a new folder on your desktop called Logs
  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on File at the top and select Backing Files...
  • Click the circle to the left of Use file named: and click the ... button
  • Browse to the Logs folder you just created and type MB3 Log in the File name: box and click Save
  • Then click on File and select Capture Events to start logging
  • Replicate the issue by opening one or more of the documents
  • Close Process Monitor
  • Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Please attach the Logs.zip file you just created to your next reply, or if it is too large, please upload it to WeTransfer and post the link to the file

Link to post
Share on other sites

Thanks excile...

Disabling modules didn't help, for that matter, just disabling MBAM service didn't help either. I did uninstall/reinstall MBAM, but it made it worse, if anything...

Procmon shows a lot of "PATH NOT FOUND" for MBAM, when trying to replicate network connections with Word:

2001987277_notfound.jpg.08cdcd79fbe72b4209622f61747218c1.jpg

I am not certain why these error messages from MBAM?

My system has six internal drive, two of the SSD drives have Windows 10 installed, Disk 0 and Disk 1. The latter one has MBAM and Office '13, while on Disk 0 there's no MBAM and has Office '10 installed. Maybe MBAM is getting confused and looking for the path on Disk 0? It's unlikely, but possible.... 

Here is the Word start up time for MS Word, with the reinstalled MBAM:

1.9816
1.0359
1.0330
1.0156

The same for MS Excel:

1.1391
0.8267
0.7938
0.8176

Opening documents from network shares has also increased, now around 7 - 8 seconds...

Link to post
Share on other sites

Interesting, thanks.  Did you upload the logs to WeTransfer and do you have a download link for them?

Next, please also try disabling self-protection in Malwarebytes to see if that makes any difference.  It can be found under Settings>Protection under Startup Options called Enable self-protection module.  That's the only other loaded component I can think of that might be affecting things, especially since you killed the service and the issue was still present.

If that makes no difference then let's gather some more data for the Devs (in addition to the Process Monitor logs which I hope you've uploaded):

Create Process Memory Dump using Windows Task Manager on Windows Vista/7/8/8.1/10:

  • Open Task Manager by pressing Ctrl+Shift+Esc on your keyboard
  • Click Show processes from all users at the bottom to enable that option and click Yes if prompted by User Account Control
  • Click on the Image Name column near the top to sort the list of running processes by name
  • Replicate the issue by trying to open an Office document from your network drive
  • While the CPU usage is high/the program is trying to load, locate the MBAMService.exe process and right-click on it, selecting Create Dump File
  • Wait a moment while Windows creates the dump file
  • Once it completes it will inform you of the name and location of the dump file (typically C:\Users\Your user name\AppData\Local\Temp\MBAMService.dmp
  • Navigate to this location and right-click on the MBAMService.dmp file and choose Cut
  • Right-click on your desktop or some other convenient location where you'd like to place the file and choose Paste
  • Right-click on the MBAMService.dmp file you just moved and hover your mouse over Send to and choose Compressed (zipped) folder
  • Attach the MBAMService.zip file you just created to your next post or if it is too large, upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply

That last one may take a couple of tries to get the timing right so please be patient and do the best you can to get a dump file while the performance issue is occurring.

Finally, one more method to gather info would be to enable verbose logging in Malwarebytes and replicate the issue.  To do that, open Malwarebytes and navigate to Settings>Application and enable the option under Event Log Data then replicate the issue a few times, then run the Malwarebytes Support Tool and have it gather logs, then attach those logs to your next reply.  Once that's done be sure to disable the enhanced log collection option in Malwarebytes so that it doesn't continue creating those verbose logs as they can get pretty big after a while and end up taking up a lot of unnecessary space on your drive.

Link to post
Share on other sites

@exile360

I did not upload logs, dumps, etc., nor did disabling the self-protection module helped. The files are huge and I am hesitant to upload all of that data about my system to "WeTransfer" without knowing what's in the files and where it'll end up. Yes, I could research where the files end up, privacy policies, etc., but I already spent too much time on this problem.

The issue had been resolved anyway, Malwarebytes was uninstalled and system performance restored to where it should be. I'll be back again next year to test the future Malwarebytes version, will not drop the three device license. 

I do appreciate you trying to help me, it's not you, it's me...

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.