Jump to content

Recommended Posts

Hello. I had a Windows update on FRI 1-10-2020.  Over this weekend my server rebooted after BSOD. Over 12 times since Fri.  BSOD points to MWAC.SYS. IRQL not less or equal. 

Windows cumulative update windows server 2019 (1809) x64 based --      (KB4530715)

We Shut off service to keep business running for the day will try reinstall malwarebytes tonight. 

I have extracted the dump file text and memory dump text. 

From what i gather  windows and malwarebytes are fighting for file control due to file protection, and system protection.

I have not been able to test but an uninstall and reinstall maybe the fix. Basically resetting permissions after Windows does what ever it thinks it needed to do. 

BSOD MalwareBytes .jpg

Capture WinUpdate1.JPG

event viewer MBAM Kernal.JPG

Dumpfile text .txt MemoryDMP.txt

Link to post
Share on other sites
  • AlexSmith changed the title to MWAC BSOD Windows server 2019 (1809) x64

When we got the product installed about a month ago, only issue I ran in to was we set to scan for root kits and that BSOD the server. After reading somewhere, root kits needs to be turned off. So we turned that off and had no problems up until now.  I will download the tool and create the logs and use the clean up tool before a fresh install.

 

Link to post
Share on other sites
58 minutes ago, ChrisK1965 said:

Bought from business tab. Malwarebytes for teams.  4.0.4.49 installed.

That version is not supported on any server OS. It works for most but there is another option for servers. The version you have is for the workstation/computers.

But that is not the issue with the blue screens.

Edited by Porthos
Link to post
Share on other sites
44 minutes ago, ChrisK1965 said:

After reading somewhere, root kits needs to be turned off. So we turned that off and had no problems up until now. 

The Web protection is the issue with the blue screens. Turn that off and it will stop.

Link to post
Share on other sites

< kibbitz >  @ChrisK1965   

I believe Nikhils meant for you to attach the ZIP file here in this thread-topic.    Otherwise, if you wish, you may attach into a personal message to him.

As far as "scan for rootkits" it should be Off by design / default.  Having the rootkit scan makes runs run longer.  It is not needed in most cases.

 

Link to post
Share on other sites

OK, after uninstalling MB,  run windows update. Ran clean up.   Re-installed MB,   ran fine all night.  This morning the system logs looked good.   On another computer on the network, we tried to access our DC drive. Clicked on the short cut folder, and the DC BSOD.  Same error.  MWAC.sys Driver IRQL not less or equal.

 

This short cut worked fine before the windows update on the 01/10/2020  The short cut link is through the network.   \\DC\C$\   Just a basic shortcut. From what I see our security rights for the shortcut is correct.

with out MB, shortcut works fine.      

@nikhils     This zip is from this mornings BSOD.

We are wondering what version of software is needed for use on our server. Its only one server. Nothing elaborate. We were hit with a ransomware in December and are looking for anti-exploit and anti-ransom software that functions but doesn't have the corporate level price and subscriptions.

mbst-grab-results.zip

Link to post
Share on other sites

@ChrisK1965

Also Malwarebytes for Teams (MB 4.x)  is not officially supported on Server OS.

I would recommend going for either EP/EPR for businesses.

They have a minimum seat count of 10 but you could technically protect multiple devices/endpoints in your business.

Link to post
Share on other sites

OK. Thanks for your help. I am hopeful you can find support for server 2019 at some point, its based on Windows 10 environment correct?

At this point we are looking at our options.    Thanks for the info and your help, I hope I was able to help you guys too .

 

Link to post
Share on other sites

Hello @ChrisK1965

Your logs was certainly helpful. We are still discussing the possibility of Consumer products supported on servers.

As far as the BSOD goes we plan to have a fix for this issue soon.

You can continue to run the Malwarebytes for Teams on the server but please remember it's not officially supported.

Hope that helps.

Link to post
Share on other sites

I've read every word of this thread.  I have this same problem.  BSOD points to mwac.sys. IRQL not less or equal.

Can you please send me the URL to an earlier version of MB version 4.  I am running the latest 4.04.49  (4.0.0.473 Executables).

I've been running MalwareBytes Premium for many years on this PC without issue until the last few days.

I really need the Web protection to stay on. That is my greatest concern on this PC.

Cheers,

Link to post
Share on other sites
2 hours ago, Juna said:

I've read every word of this thread.  I have this same problem.  BSOD points to mwac.sys. IRQL not less or equal.

Can you please send me the URL to an earlier version of MB version 4.  I am running the latest 4.04.49  (4.0.0.473 Executables).

I've been running MalwareBytes Premium for many years on this PC without issue until the last few days.

I really need the Web protection to stay on. That is my greatest concern on this PC.

Cheers,

If you wish to revert to an earlier version, download links can be found here: https://forums.malwarebytes.com/topic/255466-mwacsys-bsod/?do=findComment&comment=1355676

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.