Jump to content

FP (steam stream


Durew
 Share

Recommended Posts

Hi @LiquidTension,

Then one last request. I notice MBAM still having version number 4.0.0. Is this correct or did the program update fail?

Edit: the update failed. Need to try again.

Regards,
Durew

Edited by Durew
discovered the mbam.exe file is months old
Link to post
Share on other sites

  • Staff

It may be advisable to first remove the existing beta, then install the latest beta fresh just to make certain all files are replaced as they should be (I recall there being reported issues when upgrading to the latest beta from the previous one as well as issues upgrading from the latest RTM version to the first beta, though upgrading from the latest RTM version to the most current beta should be fine).

Link to post
Share on other sites

Hi exile360, LiquidTension,

I've removed the old version and installed the new.
The good news is that the FP no longer occurs.
The bad news is that the anti-exploit is having the same issues as the previous version.

The worse news is that I cannot enable the self-protection. Clicking the switch makes no difference. (rebooted several times, didn't work)

The worst news is that the same applies to the real-time malware protection.

Does the beta-version have a clean-removal tool that could help?
PC specs attached

Regards,
Dures

P.S. Even without MBAM my PC is sufficiently protected against malware, so I'm not worried about getting infected.

specs.txt

Link to post
Share on other sites

  • Staff

I'd go with Porthos' suggestion above, and if that doesn't correct the issue, do a normal uninstall (assuming the uninstaller is still present), reboot, then do the following and I can guide you an deleting any major remnants, including any active components and their associated loading points:

Create an Autoruns Log:

Please download Sysinternals Autoruns from here and save it to your desktop.

Note: If using Windows VistaWindows 7Windows 8/8.1 or Windows 10 then you also need to do the following:

Right-click on Autoruns.exe and select Properties
Click on the Compatibility tab
Under Privilege Level check the box next to Run this program as an administrator
Click on Apply then click OK

  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:

Hide empty locations
Hide Windows entries

  • Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:

Verify code signatures
Check VirusTotal.com

  • Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns.
  • Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP folder you just created to your next reply
Link to post
Share on other sites

Hi all,

@Porthos @exile360 thanks for your suggestions and swift replies. The self-protection and real-time malware protection are up and running again.

No false positives showed up during the scan.
The issues with the exploit protection however remains. Just like with the previous version. As I couldn't find it in the known problems list I was somewhat disappointed. @LiquidTension Could you add this to the known problems list?

Regards,
Durew

Link to post
Share on other sites

  • Staff

That is unfortunate; hopefully we can find a fix for it or the Developers will be able to correct the issue assuming it is a bug.

In the meantime it may prove helpful if you would provide some additional data.  If you're up for it, please open Malwarebytes and navigate to the settings page and under the General tab enable the option under Event log data then reboot your system and replicate the issue and once that is done, please do the following:

  1. Run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Once that is done go ahead and disable the Event log data option in Malwarebytes again (otherwise the logs will likely grow to enormous size over time as it creates a LOT of entries as it is quite verbose for the sake of troubleshooting/diagnostics).

Thanks

Edited by exile360
Link to post
Share on other sites

Hi all,

I turned on logging, rebooted the computer and the systemtray icon was gone. As this also meant that the messages that an exploit was blocked were gone as well this was somewhat inconvenient. After the reboot I launched an exploit it would detect at 9:41, launched all heapsprays the tool offered (wich it could not detect) at 9:42 and the first exploit again at 9:43.

As the systemtray Icon disappeared I also added the autoruns-file for the standard-user account I always use.

Regards,
Durew

mbst-grab-results.zip autorunsStandardUser.zip

Link to post
Share on other sites

  • Staff

Thanks, it may help to disable fast startup in Windows if you haven't done so already as this setting can definitely impact Malwarebytes and many other applications in a negative way.  You can find instructions on how to do so here as well as here.

I don't see any major issues offhand just skimming your logs so far except maybe that UAC isn't set to default (though I doubt it has any bearing on these issues):

UAC Settings
==================================
EnableLUA:                      On
Consent Prompt Behavior Admin:  Off

If you wish to try resetting it to defaults just to make certain, you can.  Just change the settings for UAC back to default then reboot the system and see if things improve, but I doubt it will make any difference honestly.  Some kind of conflict or corruption is far more likely I would think.  You can test the former by trying another uninstall/reboot/reinstall of the latest beta, then reboot the machine one more time to ensure that it starts up normally/properly afterwards since that first reboot works different from subsequent reboots since that is when a lot of the drivers and other background components get installed and launch for the first time (the second reboot ensures that they should load normally going forward, though obviously this is not always the case, especially if the issue is an intermittent one).

Please give that a try and let us know how it goes.

Thanks

Link to post
Share on other sites

Hi Exile360, mods,

Thanks for your reply.

The systray-icon is fixed now. It was indeed a software conflict, part of mbam was missing on a whitelist of the anti-executable (I'm playing with). This prevented part of MBAM from running, as the anti-executable was disabled during the setup of the new mbam version the problem did not occur earlier.

As the systemtray part of mbam is back I did not follow Exile360's troubleshooting advice for fixing it.

The anti-exploit still refuses to see heapspraying. This was already replicated by @nikhils during the private beta and some exploits are caught so I do not think that is related to a faulty installation. I've attached the software I used for testing the anti-exploit, I could be wrong and perhaps it does work on a different computer. Do make sure to add the executables to the list of software protected by the anti-exploit part of MBAM, otherwise it would be a somewhat pointless test.

Regards,
Durew

hpma-test.zip

Link to post
Share on other sites

  • Staff

Hi @Durew,

Thanks again for testing out the Malwarebytes beta.

In regards to the concern you raised on the HitmanPro.Alert test - here are a few points of consideration:

  • Malwarebytes is committed to providing excellent protection against real-word threats and attack vectors that pose a true danger to computer users. We believe everyone is entitled to a malware-free existence and thus dedicate as many resources as we can to helping achieve this.
  • We consider any indication of Malwarebytes Anti-Exploit being unable to provide protection against a real-world exploit as a serious and urgent matter.
  • Test utilities such as the HitmanPro.Alert test are not real-world exploits with no guarantee of even closely resembling a real threat. It would be a disservice to Malwarebytes Anti-Exploit users if we were to dedicate time and resources away from combating actual threats that pose a true danger to computers.
  • Third-party utilities may be updated and changed on a regular basis, with no rules or guarantees in place that such utilities still function as intended. As a result, not only an initial but also a continual dedication of resources would be required to maintain "support" for these utilities. We simply believe time and resources are better spent fighting actual malware.
     

As a result, we cannot commit to providing support for any and all third-party exploit test utilities.

Edited by LiquidTension
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.