Jump to content

mbamtray.exe


Recommended Posts

Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Greetings,

It depends on your hardware and the other startups on your system to a certain extent obviously, but that definitely sounds like longer than normal.  Please do the following so that we may take a look at your configuration to try and determine what might be the cause of the slow startup:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Thanks

Link to post
Share on other sites

6 hours ago, exile360 said:

Greetings,

It depends on your hardware and the other startups on your system to a certain extent obviously, but that definitely sounds like longer than normal.  Please do the following so that we may take a look at your configuration to try and determine what might be the cause of the slow startup:

 

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

 

Thanks

 

mbst-grab-results.zip

Link to post
Share on other sites

Thanks.  Unfortunately it looks like the tool was unable to run some components due to being unable to access the internet.  If you wouldn't mind, please try running the tool again, this time ensuring that you are connected to the internet and that the tool isn't being blocked by your firewall then upload the new ZIP file.

I also found references to these programs in your logs and it is possible that one or more of them is slowing down Malwarebytes so if you haven't excluded Malwarebytes/configured it as a trusted application in these programs, assuming they also launch on startup then that could also be a contributing factor:

NoVirusThanks
Sandboxie
Windows 10 Firewall Control
VoodooShield

I also spotted references to COMODO, though I'm unsure what COMODO program is installed.  Also keep in mind that running too many security apps at the same time may also be affecting system performance as some combinations may not get along very well so you also might try disabling and/or removing each of those one at a time and restarting after each to see if removing or disabling any one or more of them helps.

Link to post
Share on other sites

Thanks, it looks like it ran correctly that time.  I'm seeing a lot of AV references, likely leftover components/traces from past installs.  Some for Avast, Kaspersky, and there also appears to be at least one Group Policy restriction, though I'm not certain exactly what it is:

GroupPolicy: Restriction ? <==== ATTENTION

I also noticed UAC is not configured to its default setting:

Consent Prompt Behavior Admin:  Off

Those last two likely aren't related but I thought you should be aware, especially if you didn't make those changes yourself.

That said, I think I've discovered the root of the problem.  Aside from having a pretty large number of security tools running at startup, you're running a pretty old system; a Pentium D from 2006 (I used to have the precursor to your model chip; the Pentium D 830 3.0GHz so I'm pretty familiar with its level of performance):

Pentium(R) D CPU 3.40GHz

Malwarebytes is a fairly demanding app, especially on startup and when launching scans as it has to load its various drivers and databases into memory, so that's likely the cause of the delay, just waiting its turn and doing its work to get its various components into memory while all those other startups are running, and since you've got a CPU that is limited to 2 threads and has relatively low IPC compared to most modern chips/systems, that likely accounts for the delays.

As for the traces of those other AVs I found, if you want to try to remove them (I would if it were me), the following tools should prove useful:

Avast Uninstall Utility
Kaspersky Removal Tool

Instructions for resetting UAC to its default settings can be found on this page if you wish to do so.

The leftovers from COMODO probably either need to be removed by hand or by reinstalling the program temporarily then removing it normally via Programs and Features using its built in uninstaller, then if needed you can give the uninstall tool a shot again (I say this because you mentioned you already ran it, and also because they actually highlight that users should try the built in uninstaller first, and I suspect it is because they probably aren't thoroughly cleaning up every trace of the program which explains the leftovers we found):

Comodo Uninstaller Tool

Anyway, I hope this helps.  I realize it isn't likely to eliminate the performance issue you're seeing with Malwarebytes, but it still may help your overall system performance and it doesn't hurt to remove these leftovers from past AVs as they can lead to issues with other programs sometimes.

Link to post
Share on other sites

4 hours ago, exile360 said:

Thanks.  Unfortunately it looks like the tool was unable to run some components due to being unable to access the internet.  If you wouldn't mind, please try running the tool again, this time ensuring that you are connected to the internet and that the tool isn't being blocked by your firewall then upload the new ZIP file.

I also found references to these programs in your logs and it is possible that one or more of them is slowing down Malwarebytes so if you haven't excluded Malwarebytes/configured it as a trusted application in these programs, assuming they also launch on startup then that could also be a contributing factor:

NoVirusThanks
Sandboxie
Windows 10 Firewall Control
VoodooShield

I also spotted references to COMODO, though I'm unsure what COMODO program is installed.  Also keep in mind that running too many security apps at the same time may also be affecting system performance as some combinations may not get along very well so you also might try disabling and/or removing each of those one at a time and restarting after each to see if removing or disabling any one or more of them helps.

No other security apps are running but MBAM with only malware protection on. The MBAMtray.exe still takes app. 80 seconds to load. The new malwarebytes support tool download is in the above. Edit: just read your reply as I was typing this.

Link to post
Share on other sites

4 minutes ago, exile360 said:

Thanks, it looks like it ran correctly that time.  I'm seeing a lot of AV references, likely leftover components/traces from past installs.  Some for Avast, Kaspersky, and there also appears to be at least one Group Policy restriction, though I'm not certain exactly what it is:

 


GroupPolicy: Restriction ? <==== ATTENTION

 

I also noticed UAC is not configured to its default setting:

 


Consent Prompt Behavior Admin:  Off

 

Those last two likely aren't related but I thought you should be aware, especially if you didn't make those changes yourself.

That said, I think I've discovered the root of the problem.  Aside from having a pretty large number of security tools running at startup, you're running a pretty old system; a Pentium D from 2006 (I used to have the precursor to your model chip; the Pentium D 830 3.0GHz so I'm pretty familiar with its level of performance):

 


Pentium(R) D CPU 3.40GHz

 

Malwarebytes is a fairly demanding app, especially on startup and when launching scans as it has to load its various drivers and databases into memory, so that's likely the cause of the delay, just waiting its turn and doing its work to get its various components into memory while all those other startups are running, and since you've got a CPU that is limited to 2 threads and has relatively low IPC compared to most modern chips/systems, that likely accounts for the delays.

As for the traces of those other AVs I found, if you want to try to remove them (I would if it were me), the following tools should prove useful:

Avast Uninstall Utility
Kaspersky Removal Tool

Instructions for resetting UAC to its default settings can be found on this page if you wish to do so.

The leftovers from COMODO probably either need to be removed by hand or by reinstalling the program temporarily then removing it normally via Programs and Features using its built in uninstaller, then if needed you can give the uninstall tool a shot again (I say this because you mentioned you already ran it, and also because they actually highlight that users should try the built in uninstaller first, and I suspect it is because they probably aren't thoroughly cleaning up every trace of the program which explains the leftovers we found):

Comodo Uninstaller Tool

Anyway, I hope this helps.  I realize it isn't likely to eliminate the performance issue you're seeing with Malwarebytes, but it still may help your overall system performance and it doesn't hurt to remove these leftovers from past AVs as they can lead to issues with other programs sometimes.

OK. Thanks for the help and I will use the above tools to clean up the above mess.🙁

 

Link to post
Share on other sites

Sounds good, please let me know how it goes, and if there is anything else we might assist you with please don't hesitate to ask.

By the way, if you want any guidance or assistance with any of the more general PC stuff not specifically related to Malwarebytes, we do have a General PC Help area located here where you can post to seek advice and tips.  There are some very knowledgeable individuals around here who frequent these forums, including enthusiastic volunteers with many years of experience as well as Malwarebytes staff members who are always willing to lend a hand with diagnostics and troubleshooting as well as offering general computing advice.  It's totally up to you obviously, and you definitely seem to be pretty knowledgeable in your own right, but just in case you find it useful I figured I'd let you know about it.

Link to post
Share on other sites

46 minutes ago, exile360 said:

Sounds good, please let me know how it goes, and if there is anything else we might assist you with please don't hesitate to ask.

By the way, if you want any guidance or assistance with any of the more general PC stuff not specifically related to Malwarebytes, we do have a General PC Help area located here where you can post to seek advice and tips.  There are some very knowledgeable individuals around here who frequent these forums, including enthusiastic volunteers with many years of experience as well as Malwarebytes staff members who are always willing to lend a hand with diagnostics and troubleshooting as well as offering general computing advice.  It's totally up to you obviously, and you definitely seem to be pretty knowledgeable in your own right, but just in case you find it useful I figured I'd let you know about it.

Thanks again. Ran avast, kaspersky and comodo clean up tools in safe mode. Avast found a lot of stuff to my surprise, Kaspsersky a moderate amount and comodo found nothing. ?? lol. I kind of think that windows10firewall control has/had a connection with comodo dns in some way. As I recall, others complained about in the windows10firewall forum. Just a thought. As far as the computer goes it is getting long in the tooth as I purchased it with XP on it. Am an old guy with an old computer. LOL. Cheers.

Link to post
Share on other sites

Hehe, no worries, I can relate.  I held on to my old Smithfield Pentium D system for the longest time.  By the time I replaced it I'd rebuilt it like 3 times, transplanting it from its original Gateway BTX motherboard/case into a new case, swapped motherboards, added a second TV tuner, upgraded the RAM, added tons of additional drives/storage, added a second DVD-ROM drive and upgraded the graphics card like 3 or 4 times over several hardware generations (for gaming, obviously).  It started with XP Media Center Edition 2005 on it, I eventually installed a second boot partition to multiboot Windows Vista Beta 2 when it went public for testing and upgraded that through the various betas and release candidates and finally ended up installing Vista Ultimate x64 on it and ran it that way for years.  I actually fell in love with Vista and thought it was even better than XP (and still do, though you need the hardware to run it properly; too many early systems that shipped with Vista weren't really up to spec to run it well and driver support from hardware manufacturers was terrible for the first several months even though MS gave them more than a year to prep for its release as they had access to the internal alpha/beta builds and all the WDDM documentation/APIs long before the public caught wind of it and were still calling it Longhorn, not to mention NVIDIA's controversial issues with their laptop GPUs and drivers that caused many headaches that people blamed on MS/Vista when in fact it was a case of defective graphics chips produced by NVIDIA) and finally replaced it with a little 13" Samsung laptop with Windows 7 which I eventually replaced with a monsterous desktop replacement 15.6" laptop with a full desktop i7 CPU and discrete GPU (something similar to what I have now, though my current system is newer and more powerful).

Anyway, regarding Comodo, here are the entries I'm seeing in your logs; it looks like several WFP entries are being left behind:

	Registered WFP Filters
==================================
FWPM_LAYER_ALE_AUTH_CONNECT_V4
COMODO ConnectV4                                                     COMODO ConnectV4
	FWPM_LAYER_ALE_AUTH_CONNECT_V6
COMODO ConnectV6                                                     COMODO ConnectV6
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
COMODO AssignmentV4                                                  COMODO AssignmentV4
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6
COMODO AssignmentV6                                                  COMODO AssignmentV6
	FWPM_LAYER_ALE_RESOURCE_RELEASE_V4
COMODO ResourceReleaseV4                                             COMODO ResourceReleaseV4
FWPM_LAYER_ALE_RESOURCE_RELEASE_V6
COMODO ResourceReleaseV6                                             COMODO ResourceReleaseV6

Link to post
Share on other sites

23 hours ago, exile360 said:

Hehe, no worries, I can relate.  I held on to my old Smithfield Pentium D system for the longest time.  By the time I replaced it I'd rebuilt it like 3 times, transplanting it from its original Gateway BTX motherboard/case into a new case, swapped motherboards, added a second TV tuner, upgraded the RAM, added tons of additional drives/storage, added a second DVD-ROM drive and upgraded the graphics card like 3 or 4 times over several hardware generations (for gaming, obviously).  It started with XP Media Center Edition 2005 on it, I eventually installed a second boot partition to multiboot Windows Vista Beta 2 when it went public for testing and upgraded that through the various betas and release candidates and finally ended up installing Vista Ultimate x64 on it and ran it that way for years.  I actually fell in love with Vista and thought it was even better than XP (and still do, though you need the hardware to run it properly; too many early systems that shipped with Vista weren't really up to spec to run it well and driver support from hardware manufacturers was terrible for the first several months even though MS gave them more than a year to prep for its release as they had access to the internal alpha/beta builds and all the WDDM documentation/APIs long before the public caught wind of it and were still calling it Longhorn, not to mention NVIDIA's controversial issues with their laptop GPUs and drivers that caused many headaches that people blamed on MS/Vista when in fact it was a case of defective graphics chips produced by NVIDIA) and finally replaced it with a little 13" Samsung laptop with Windows 7 which I eventually replaced with a monsterous desktop replacement 15.6" laptop with a full desktop i7 CPU and discrete GPU (something similar to what I have now, though my current system is newer and more powerful).

Anyway, regarding Comodo, here are the entries I'm seeing in your logs; it looks like several WFP entries are being left behind:

 


	Registered WFP Filters
==================================
FWPM_LAYER_ALE_AUTH_CONNECT_V4
COMODO ConnectV4                                                     COMODO ConnectV4
	FWPM_LAYER_ALE_AUTH_CONNECT_V6
COMODO ConnectV6                                                     COMODO ConnectV6
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
COMODO AssignmentV4                                                  COMODO AssignmentV4
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6
COMODO AssignmentV6                                                  COMODO AssignmentV6
	FWPM_LAYER_ALE_RESOURCE_RELEASE_V4
COMODO ResourceReleaseV4                                             COMODO ResourceReleaseV4
FWPM_LAYER_ALE_RESOURCE_RELEASE_V6
COMODO ResourceReleaseV6                                             COMODO ResourceReleaseV6

 

Interesting. Don't know how I would get rid of those entries as the comodo cleanup tool doesn't find them. That answers what is was saying about the sphinx firewall and the comodo problem. Just to add, after I used the avast cleanup tool, I noticed and new entry Avast in the registry HKLM\Software\Wow6432node that I couldn't delete. Even used the RegAssassine and it couldn't delete as it was hidden from it. Couldn't take control as there was error after error popping up. Anyway I did a re-image with macrium and case solved. Now as the firewall goes, I ditched Sphinx and now running MB Windows Control Firewall and all is well. My question is how can I see if those Comodo entries are still in the WFP log file?

Link to post
Share on other sites

You can just run the Malwarebytes Support Tool again and check the mbst-check-results.txt file under the Registered WFP Filters near the end of the log and look for these entries:

FWPM_LAYER_ALE_AUTH_CONNECT_V4
COMODO ConnectV4                                                     COMODO ConnectV4
	FWPM_LAYER_ALE_AUTH_CONNECT_V6
COMODO ConnectV6                                                     COMODO ConnectV6
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
COMODO AssignmentV4                                                  COMODO AssignmentV4
	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6
COMODO AssignmentV6                                                  COMODO AssignmentV6
	FWPM_LAYER_ALE_RESOURCE_RELEASE_V4
COMODO ResourceReleaseV4                                             COMODO ResourceReleaseV4
	FWPM_LAYER_ALE_RESOURCE_RELEASE_V6
COMODO ResourceReleaseV6      

Link to post
Share on other sites

  • 1 month later...
On 6/3/2019 at 4:40 PM, w0lfrun said:

Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here.

Have got the mbamtray icon to appear now down to around 37secs.. Have enabled "Delay Protection for 15 secs." and disabled "Enable Self-protection module" and running Malware and Anti Exploit protection only. Browser is Firefox running in the protection of Sanboxie. Also am back to using Spinx Windows10 Firewall free version. This old rig is purring along quite nicely now in Windows 7. 🙂

Link to post
Share on other sites

Excellent, I'm glad you got it working.  If you haven't already, I'd definitely suggest upgrading to the new 3.8 version of Malwarebytes as it fixed a LOT of compatibility issues with the Web Protection component so it might be worth another try to see if you can get that to work with your configuration.  Worse comes to worse you can just disable the module again if it still doesn't work.

Link to post
Share on other sites

  • Root Admin

You can download the latest installer from the following link

https://www.malwarebytes.com/mwb-download/thankyou/

If you'd like further investigation into your computer I would suggest posting in the following forum and we can dig in deeper.

https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/

Thanks

Ron

 

Link to post
Share on other sites

1 hour ago, exile360 said:

Very good, did you get a chance to test to see if things are any better with Web Protection in the new build?  I'm curious to know if the issue was resolved as they did make a lot of changes and improvements to Web Protection in this release.

Activated web protection and no slow ups, and the mbamtray icon actually loads a few seconds faster. Now with Exploit Protection I can verify that it's working in FireFox by using Sysinternals Process Explorer to verify that Anti-Exploit is embedded in FF by seeing the Mbae64.dll.. My question is how can I verify the same with Web Protection. I checked in Process Explorer and I don't see any entries by Malwarebytes pertaining to Web Protection. Would there be .dll there that I should be looking for? Other than the previous, FF is running well with Web Protection activated.

Link to post
Share on other sites

Yes, that's expected.  Web Protection loads directly into the network stack via WFP (Windows Filtering Platform; the same set of APIs used by the Windows Firewall); it doesn't rely on loading directly into individual processes the way that Exploit Protection does.  To test it simply try to visit iptest.malwarebytes.com and you should see it blocked.  You can also test by trying to ping the site via the ping command (Web Protection guards all network connections, not just your web browsers; this is also how it blocks malicious incoming connections from the outside).

Link to post
Share on other sites

You're very welcome, I'm glad to be of service :)

Yep, the Web Protection component works through a driver that runs directly in the network stack.  It is controlled and monitored by the service (MBAMService.exe) as is the case for all of the protection components (one of the reasons Malwarebytes has so few processes in memory; a real advantage for remaining relatively light on resources/CPU).

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.