Jump to content

Malware Bytes crushes Defender


Recommended Posts

  • Replies 90
  • Created
  • Last Reply

Top Posters In This Topic

Thanks for the reports.

I noticed AllJoyn Router Service used on this machine & do wonder if that has a bearing on the current issue.

I see that the Windows Defender service is running, as well as the Malwarebytes service.

Let's be sure that the Malwarebytes for Windows stays on the Beta program option.

Start Malwarebytes for Windows.  Click Settings ( gear ) icon.

Click the general tab.  Scroll down to Beta Updates.

On the line just under it, be sure that the button is licked to the Right.   ( right is the ON setting).

Scroll back up to the top of the tab.

Click once on "Check for updates".

Link to post
Share on other sites

Start FRSTENGLISH   which is on the Downloads folder.
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button

( be sure you copy the whole line as-is.   There is 1 space after the colon mark

SearchAll: ajrouter

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

One more thing, I need a verification that you can start Windows Defender.   I would also like a new overall status of the original issue.

 

Link to post
Share on other sites

Thanks.   Let us do a different search.

Start FRSTENGLISH   which is on the Downloads folder.
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button

( be sure you copy the whole line as-is.   There is 1 space after the colon mark

SearchAll: windefend

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

Link to post
Share on other sites

Thank you for doing those searches.  My apologies for the queries about AjRouter.  That turns out to be normal.

This last search report is quite revealing.  There is a registry sub-key of firewalllpolicy that should not be there.

 

 I have a new custom fix script for you.   Please delete any prior Fixlist.txt  on the Downloads folder before we start.

Please Close and Save any open work you may have open.

Please close as many un-needed app-windows that you yourself may have open at this point.   So you can have a clear field of view.

 

This custom script is for  Goldanorack   only / for this machine only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DOWNLOADS  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder

Start the Windows  File Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Fixlist.txt

Link to post
Share on other sites

So, I ran the fix you gave me. here is the fixlog  Fixlog.txt

I don't have any firewall notifications anymore, but now I got this1521051296_Annotation2020-02-04211136.png.2d157984c57479790245b6c4f4c95b9b.png

I tried to go in services and run Windows Defender Firewall and it returned an error saying the file didn't exist. I restarted again, had the error again and when I launched the Firewall, It started running. but I still had the Firewall Off Notification, Defender still says I have no providers for firewall and now I got this :2136376971_Annotation2020-02-04211645.png.3718396b541b1307f218f1becd98b142.png  ( I am not currently shutting down the computer) 

Link to post
Share on other sites

see this  https://www.tenforums.com/tutorials/70749-restore-default-windows-defender-firewall-settings-windows-10-a.html

I suggest to use Option One or Two.

I regret all the trouble you have run into.   It does seem like this system is super-hyper-sensitive.

If the methods above do not cure this,  I may advise on a windows-repair-install.

Link to post
Share on other sites

Oh sorry, thought it was the same thing - I'll try to find how to do a repair install ! 

I'll do it tomorrow. while wandering into Services.exe, I noticed Windows Firewall was Running and Starting and Stopping in loops, that's odd. I also noticed the path to the firewall is C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p which I find a bit strange, and I found the application also in my Task Manager. hope i can fix this with a repair install or with BitDefender. Thanks for your help and for sticking with me throughout all this.  

Annotation 2020-02-05 004844.png

Link to post
Share on other sites

The "execution path" for the Windows Defender Firewall is indeed thru the svchost   ( which is a mechanism engineered by Microsoft Windows to run many of its services).

The  C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p   is correct.

The Windows Defender Firewall service should be set as startup type Automatic  & its status should be Running.

 

The "Windows Repair" procedure is discussed on this article.at Tenforums

You may do a Windows 10 "repair install" by following a guide article at Tenforums.
The title is "How to Do a Repair Install of Windows 10 with an In-place Upgrade"
https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

Study that article first.  
Read the top of the article.  & also study all of step 6

 

NOTE:  The repair procedure takes several hours & requires much patience.   You are encouraged to consider that this may take 6 hours or so.

And if you do do it,  First do a Windows Restart   before starting on this.

Link to post
Share on other sites

Hi.  After writing the previous reply, it occurred to me that we should try this procedure for the firewall.  It does not take a lot of time.   A few minutes.

for the WIN10 Windows Defender Firewall service.
First, we will need you to get a download and then Save to a known area on your computer, and then "merge" it into the system.  Save the download first Such as DESKTOP or the Downloads folder.

Click this link / then Download / then SAVE from this link


Once after Mpssvc.reg is on your pc, go to that area ( that folder) and then
RIGHT-click with your mouse  on    Mpssvc.reg       and select MERGE and allow it to proceed and to merge into the system.
Windows will show a confirmation when done.

That done, my expectation is that this ought to be a tremendous help. So, next, please do a Windows Restart..
 

Edited by Maurice Naggar
Link to post
Share on other sites

Hi ! after trying your solution of merging the Mpssvc.reg to my own, it partially worked : I got my permissions back,  can access the startup options of firewall (was greyed out before) and I believe it repaired some internal things because LocalServiceNoNetworkFirewall.exe isnt taking up 5% of my CPU anymore (which was a heavy amount) my system looks back on track too, it is snappier. Now, the Windows Defender Firewall isn't rebooting itself in loops anymore, it just stays on starting - maybe there are some files missing, did Microsoft made the default files for Windows Firewall avaible in case of broken install ? or do I have to run, like you said, a repair ? 

Link to post
Share on other sites

You reported several improvements.   And it seems to me that the firewall service is now normal.   I have no basis to presume something is missing.

The registry merge operation we did put the Windows Defender Firewall service back to normal settings.

The service Startup type is supposed to be Automatic.   I feel we have the firewall situation back to standard.

Here is a snapshot view in Service.msc

image.thumb.png.2c4d52981e944f9405e72d80550c59aa.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.