Jump to content
arbrich

Unify Controller conflict with Malwarebytes Premium

Recommended Posts

Running  Malwarebytes and it causes Unify Controller to stop. 

I have tried turning the Java Protection Off with no luck as well as setup exclusions for The entire Ubiquiti UniFi folder and for the ace.exe that runs the controller.

Running on Windows 10 1809

If I turn off Malwarebytes exploit and web protection, Controller will run fine.

I am looking for some way to put in Exclusions or change malware settings to allow the controller to run without stopping.

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Greetings, @arbrich
 
Please do the following so that we may take a closer look at what is going on with your system to try and solve the problem:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply


Thanks

Share this post


Link to post
Share on other sites

Here are the logs. I ran this while the Unify Controller was running and it had not failed yet. 

Again the goal is to determine what Exclusions I need to put in so the Controller will not shut down.

If I turn OFF Web Protection and Exploit Protection the Controller will continue to run normally.

I was able to keep the Controller Running when I just turned of Web Protection today.

 

 

 

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Just an update that the Controller continued to run normally overnight with only the Web Protection turned off.

So we just need to figure out what exception to put in to keep it running and allow me to keep web protection on.

Thanks

 

Share this post


Link to post
Share on other sites

Greetings,

I would suggest excluding each of the program's active/running processes when the program is running/in use to see if that helps.  Be sure to exclude them by selecting the Exclude an Application that Connects to the Internet option described in the section of the same name in this support article.  That should hopefully resolve it, but if it does not then it may prove helpful to grab a WireShark log of the communication from the app when it's being used to determine exactly what IPs/domains it connects to then excluding each of them using the Exclude a Website option described in the same support article and hopefully that will resolve it.

Share this post


Link to post
Share on other sites

I assume I should Exclude the java applications as well since this runs through java ?

Share this post


Link to post
Share on other sites

Yes, that would be a good idea as one of the Java components may be the executable that is actually being blocked trying to connect.

Share this post


Link to post
Share on other sites

I excluded everyhting I could see running including Unify.exe, mongod.exe, java.exe, javaw.exe and javaws.exe with no luck.

Can you guide me on Wireshark at all  ??  - I did download and install it.

Share this post


Link to post
Share on other sites

Here are 2 captures:

Cap1 is The controller running and then failing and I stopped the capture

Cap2 is after the Controller has failed.

The Client PC is 192.168.1.244 where the controller is running.

captures.zip

Share this post


Link to post
Share on other sites

Thanks, I'm sure they'll prove useful.  I'm no expert on Wireshark myself, but it is often used for tracing connections and checking connectivity issues so the network/Web Protection guys should be able to use them to determine where the block is occurring and why.  I'll ping one of them to come take a look at the data you've provided and hopefully we can get this figured out and fixed for you.

@Dashke or @Zynthesist could one of you guys please take a look here to try and determine why Web Protection is preventing Unify Controller from connecting when active?  Wireshark logs are provided above along with all the Malwarebytes logs and data from the Support Tool.  Web Protection doesn't appear to be blocking anything according to the logs, but if Web Protection is active Unify can't connect, and if Web Protection is disabled it can connect and Web Exclusions for all of its associated processes hasn't helped so my guess is that it might be some kind of driver and/or WFP conflict maybe?  Unify is a VPN/cloud application and likely uses WFP itself, though the only registered WFP filters showing in the logs are those from MWAC/Malwarebytes and the ones belonging to MS/defaults.  I'm hoping there's a simple solution here like an exclusion we're missing or something.

Thanks

Share this post


Link to post
Share on other sites

Guys any update on this ticket, It has been over a month now ??

Zynthesist asked me to check in with support again ?

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.