Jump to content
mpgioia

Windows 10 Feature Update 1903; any problems with ransomware protection ?

Recommended Posts

Anyone noticed any problems with DNS client and overall abysmal network performance with the ransomware protection engine with MB3 since Windows 10 Feature update 1903 ?

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Hello @mpgioia and :welcome:

I've not personally noticed any issues. Can you follow the advice above and post back the log though so that we can review.

Thank you

Ron

 

Share this post


Link to post
Share on other sites
58 minutes ago, AdvancedSetup said:

Hello @mpgioia and :welcome:

I've not personally noticed any issues. Can you follow the advice above and post back the log though so that we can review.

Thank you

Ron

 

 

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Yeh.. the delta in perf is ridiculously noticeable.. all I have to do is disable that one of the four modules in MB3.

Not disk related.. .. seemingly at this point.. purely network related..

Share this post


Link to post
Share on other sites
Posted (edited)

Hi @mpgioia,

Thanks for the report.

How are you monitoring the network performance degradation? Does this issue affect all network activity or only when performing certain actions?

Quite often, issues of this nature are caused by the interaction between Malwarebytes and one or more other programs installed on the machine. We have not had any other reports of this and the issue is not currently reproducible, so it is likely other factors specific to your machine/environment are involved here.

Please could you perform a clean boot using the instructions linked below. Ensure you re-check Malwarebytes Service so it's left enabled.

https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

After the reboot, reassess the situation and let us know if you still encounter an issue.

Edited by LiquidTension

Share this post


Link to post
Share on other sites

 

5 hours ago, LiquidTension said:

How are you monitoring the network performance degradation?

DNS resolution RTT wise.. how quick to resolve.. how quick to access web pages..

I must say overall throughput is not degraded.. it looks to be DNS related.. first access only..

 

5 hours ago, LiquidTension said:

Does this issue affect all network activity or only when performing certain actions?

DNS related activity only I think at this point..

 

5 hours ago, LiquidTension said:

Quite often, issues of this nature are caused by the interaction between Malwarebytes and one or more other programs installed on the machine.

Yeh I get it.. makes sense.. funny how the application posture is unchanged.. purely was just Feature Update from Microsoft that did this..

And I did uninstall and reinstall.. but granted.. I did not do a 'clean removal and uninstall' as suggested by @AdvancedSetup.. i'll try that..

Share this post


Link to post
Share on other sites

UPDATE.. nope.. clean uninstall and reinstall equals no good.. that filter clobbers network.. non usable.. irony is.. I can't even shot anyone over remote session.. I can CamStudio it.. and upload if you guys want.

 

Will try to clean boot ..

Share this post


Link to post
Share on other sites

How can I debug/tail a log of just that filter/engine ?

That may show what's going on.. also when its exhibiting the problem 'MBAMService.exe' goes high in I/O .. like 8 to 10Mb/sec.

Share this post


Link to post
Share on other sites

Thanks for the information.

Please enable enhanced event log data using the steps below:

  • Open Malwarebytes.
  • Click the Settings menu.
  • Ensure the Application tab is selected.
  • Scroll down to Event Log Data.
  • Turn the Collect enhanced event log data for support setting ab4jSL6.png On.


Afterwards, generate an MBAMService memory dump. Note that this process is required due to MBAMService running as a protected service in Windows 10.

  • Please download run_procdump.bat using the link below.
    https://malwarebytes.box.com/s/e127cj2ppb2lq6njf67li2gls3kbfz24
  • Open your Downloads folder.
  • Double-click CX41PDv.png run_procdump.bat. Click Yes if prompted by AVOiBNU.jpg User Account Control.
  • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
  • A blue window will appear.
  • When prompted to reboot, type Y into the window and press Enter on your keyboard.
  • After your computer has rebooted, please do the following:
    • Reproduce the issue state.
  • Once done, open your Downloads folder and double-click the run_procdump.bat file once more.
  • Upon completion, a file named HSPwQfy.png memorydump.zip will be saved to your Desktop.
  • Please upload the file to a file hosting service and provide the download link.


Finally, please repeat the Malwarebytes Support Tool steps from post #2 so we can obtain the event log data.

The event log data combined with the memory dump should help provide further insight into the issue.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.