Jump to content

New instances of ig.exe constantly needs whitelisting


Recommended Posts

I use Malwarebytes with a child-account, having set up Family Safety to only allow programs to run which are whitelisted.

However, the latest version of Malwarebytes keeps creating new versions of ig.exe, like ig-0.exe, ig-1.exe, ig-2.exe, when starting an automated scan. These have to be whitelisted again and again. It is getting quite annoying. Can you stop creating new instances of ig.exe? Does it affect the scan when not allowing the new instances to run? I noticed the scan starts anyway.

Anyone else having this issue?

Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Greetings,

I believe IG.exe is a component of the new heuristics in Malwarebytes' scans, and it creates a new instance/version for every scan that runs, likely as a tactic to evade threats that might try to block Malwarebytes from running.  Unfortunately this means that you probably won't be able to easily whitelist it using your current setup.  If possible I would suggest excluding either its location or all executables belonging to the specific vendor (Malwarebytes), however I don't know if that is an option or not as I have never used Windows in that level of a restricted configuration so it might be unavoidable.

I will pass on your experience to the Product team for review and hopefully it is something the Developers can reconcile in a future release.

Link to post
Share on other sites
7 minutes ago, exile360 said:

Greetings,

I believe IG.exe is a component of the new heuristics in Malwarebytes' scans, and it creates a new instance/version for every scan that runs, likely as a tactic to evade threats that might try to block Malwarebytes from running.  Unfortunately this means that you probably won't be able to easily whitelist it using your current setup.  If possible I would suggest excluding either its location or all executables belonging to the specific vendor (Malwarebytes), however I don't know if that is an option or not as I have never used Windows in that level of a restricted configuration so it might be unavoidable.

I will pass on your experience to the Product team for review and hopefully it is something the Developers can reconcile in a future release.

Thanks for your reply. Unfortunately I cannot whitelist programs based on their location or vendor. For now I disabled automatic scan and see whether the whitelist request returns or not. If it does I'll keep disabling protecting options until notions stay away, so I'll know which part is responsible.

Hopefully the developers will come with a solution for this, perhaps an option to turn this behavior off.

Link to post
Share on other sites

Yes, and I could also see this potentially becoming a problem with third party AV compatibility as static/persistent exclusions may be required to avoid performance issues and other problems, so I also made a note of that possibility to try and persuade them to reconsider this behavior so hopefully it is something that they can resolve in an upcoming update/release.

Link to post
Share on other sites

Hi @Rix643,

This is behaviour related to the new engine introduced with the Malwarebytes version 4 update. It will occur during both scans and when Malware Protection is enabled. Impeding this behaviour will impact the detection/malware protection capabilities of Malwarebytes scans/Real-Time Protection. However, it won't impact other protection components and when considering the overall protection of the machine offered by Malwarebytes, you will still be more than adequately protected.

Do you have the option to add partial filenames/use wildcards (e.g. ig-*.exe)?

Link to post
Share on other sites

Hi @LiquidTension,

Thanks for the explanation! No, I don't have the option to add partial filenames/use wildcards. The whitelisting is based on complete path/filename plus file characteristics like creation date et c.  

Switching real time malware protection off seems to do the trick, I haven't seen the whitelisting request for some time, and scans seem to work.

I can live with this for now, but I hope in a future release there will be an option to turn this behavior off. I rather have a weak malware protection layer than none at all.

 

Regards, Rick.

 

Link to post
Share on other sites
  • 1 month later...
1 hour ago, AmbularD said:

What concerns me about this is that it's causing a lot of small, frequent write operations, which shortens the life of SSDs.

SSD's are more resilient than they used to be. The avg SSD will last a lot longer than you think. Those little writes are nothing compared to the normal functions of Windows itself.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.