Support tool cannot gather logs

[HarryZ]

Aloha.  I tried to use the Malwarebytes Support Tool to gather logs for an issue I was looking at, but the program seems to hand on the 'Gather Logs' stage and eventually gives a rather generic error that it can't create the .zip file. Please note: I do NOT think I am infected. I was using the support tool only to gather logs as I could not find the details of a blocked website by looking in the GUI. I have since been informed on how to do that and just want to report an issue with the Support Tool.  I run Malwarebytes Premium, in addition to ESET Smart Security.  This is on a Windows 10 x64 Version 1909 system. 

I initially reported this in the Malwarebytes for Windows forum, and was advised there to create the FRST logs and then open a new report in this forum. (See 

)

Please let me know how to proceed with troubleshooting the Support Tool. 

Mahalo,

Harry Z

 

Addition.txt FRST.txt

[Maurice Naggar]

Hello, Harry Z

There is ( another ) area on the forum for issues related to the Support tool.

You did mention 

Quote

I could not find the details of a blocked website by looking in the GUI.

There are 2 places to look.  One is right up front / top right / after you open the program.  There is a bell icon for Notifications.  Click the bell  and drill down.

The other place to look for details of the Block event is as follows:

1. 1. Open Malwarebytes for Windows > click the Detection History card.
   2. Click the History tab.
   3. Under the Event column, open the Real-Time Protection detection report.

 

See about getting details of the last 1 or 2 Blocks from today.

 

 

[Maurice Naggar]

Good afternoon.  I hope you are doing well & enjoying the week-end.

How is the situation ?  Are you still with us ?

[HarryZ]

Aloha Maurice,

Sorry for the delay in responding.  For some reason, I don't get the emails notifying me that someone has replied, so I have to remember to check on status.

Your post said "There is ( another ) area on the forum for issues related to the Support tool."

Unfortunately, you did not provide me with the name of the area so I can pursue the Support tool issue.  Can you please provide this information.

Mahalo,

Harry Z

[Maurice Naggar]

Good morning.

First, if you have any suspicion of a potential infection then you should stick here with me here, on the malware-removal-help sub-forum.

But you had said 

Quote

Please note: I do NOT think I am infected.

 

If you want to report something about the Support tool itself,   then you can make a new post at this link

https://forums.malwarebytes.com/forum/12-malwarebytes-for-windows/

.

However,  after a re-review of the FRST report you provided, I notice that this Windows associations in the Windows Security Center, has one too many references to Malwarebytes for Windows.
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

 

The ESET Security is already set as the resident antivirus.    There is an anomaly here when there are 2 entries like above for Malwarebytes.

Let me suggest you do what follows here:

There is one setting in Malwarebytes that needs to be off.   The Premium  protections of Malwarebytes will still be on.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Click the Security Tab. Scroll down to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

Close Malwarebytes when done.

 

This has no impact on real-time protections of Malwarebytes Premium.   The program continues to provide real-time protection.

NEXT suggestion:

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.

At the prompt either type or copy/paste the following commands, tap  Enter-key after each command:

sfc /scannow

Monitor the result at the finish of that run.   If it flags something,  stop and let me know.

Otherwise, if it shows  "No integrity violations found"   then proceed with this next step

At the prompt either type or copy/paste the following commands, tap  Enter-key after each command:

DISM /Online /Cleanup-Image /CheckHealth

Monitor the result at the finish of that run. 

Edited May 27, 2020 by Maurice Naggar

[HarryZ]

Aloha Maurice,

Made the change suggested in Malwarebytes. Than ran 'sfc /scannow'. Got 'Windows Resource Protection found corrupt files and successfully repaired them.'. Do you want to see the CBS logs.  I've never found anything useful in them when I see this message that the files have been fixed.

Ran the DISM command, received

No component store corruption detected.
The operation completed successfully.

I'm going to reboot and try running the support tool again.

Harry Z

[HarryZ]

After a reboot, the Support Tool is still not running, so I will open up a 3rd discussion on this topic in the suggested forum.

Also,  here is what the Security Center part of the Addition.txt looks like after your suggested changes and a reboot:

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 

Let me know if there is anything more you want me to do.

Harry Z

[Maurice Naggar]

Good morning.

Thanks for the information.  Notice the multiple listings in the report on ESET Security.   If you plan to keep ESET Security, let me suggest that you uninstall it, reboot, then re-install it.

It ( ESET)  should only have  only one line as AV.   Not 3.  Not 2.

If on the other hand, you want to just have the built-in Microsoft Windows Defender,  then uninstall the ESET Security and restart.

.

Now then, remind me, what was the very original issue that started your quest to gather a report ?   You have written elsewhere that the original issue is resolved.

Also, as AdvancedSetup noted,  before attempting to run the Support tool, I'd suggest like he did, to disable the ESET Security  first.   The concept being to not have any potential interference.

If you have any old FRST copies lying around,  you ought to perhaps delete them prior to any attempt to get and run the Support tool.

Tell me, what is it about the Support tool for Malwarebytes, that you want to look at ?

You know you can view the history and logs of Malwarebytes withing the program itself.

.

One other possible factor:  This pc may have a old version or old component of Malwarebytes for Windows.

I would encourage you to get the very latest Beta   ( I have it on my pc,  as well as others on this forum)   and you will likely do better with it.

Start Malwarebytes.

Click the settings  ( gear icon)  off the top right corner.

Then look at the tab "General".   Then scroll down to "Beta updates".

On that line,  click it so that the radio button is to the far right.

Next, scroll back up to the section "Application updates".

Look for the blue color "Check for Updates".   Click on that.   Watch for update messages,   Follow the prompts.

If the updates to the program for Component package 1.0.927  doe not show,  then at the Top of the next Clock hour,  then repeat the Check for updates.

You can view which program component & version of Malwarebytes by click the About tab.

If it has the very latest beta, it should show  version 4.1.1.71    and  component package 1.0.927

[Maurice Naggar]

P.S.   Your other thread showed these components of Malwarebytes for Windows

Version: 4.1.0.56
Components Version: 1.0.920
Update Package Version: 1.0.24560

 

I re-encourage you to have the Beta which has fixes and improvements.

What is new in this Beta:

• Enhanced User Profiles management
• Enhanced Web protection
• Enhanced Detection and remediation

Some Issues now addressed:

     •   Fixed: mbamtray crash when iris dll is loaded/unloaded shortly after mbamservice is started

     •   Fixed: MWAC interferes with Wake-on-LAN / Logitech flow

     •   Fixed: EarlyBootStart flag is not being honored under certain circumstances

     •   Fixed: Several additional Issues relating to upgrading to 4.1

     •   Fixed: several UI issues

 

cf.   https://forums.malwarebytes.com/topic/257042-malwarebytes-41-beta/?do=findComment&comment=1382782

 

.

It is unfortunate that you encountered  a false positive on FRSTENGLISH.

As to the old stall or failure to run the support tool,  it seems there may have been other potential factors.

FRST may have stalled in its registry backup function.   

 

Bottom line, get the latest Beta and do a new Check for Update run.....to insure it has the latest definitions.

[HarryZ]

Aloha @Maurice Naggar. Mahalo for the reply. The original reason to run the Support Tool has been resolved. No need to re-hash this here.  My only concern at this point is getting the Support Tool running. As such, I will be pursuing that in this thread  

 

Harry Z

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you