Jump to content

Update to version 4.1.1.71 - CU 1.0.927


Recommended Posts

Posted (edited)

The update happened without problem in 2 steps:

1. clicking on "Check for updates" updates only the CU from 1.0.924 to 1.0.927 and this message shows up in the main UI.

19861028_MB4.1.0.56-1.0_927.jpg.a8b7b46035361e0c7e41da93f6780451.jpg

2. clicking  on "Mettre à jour maintenant" (Update now) updates the program from version 4.1.0.56 to version 4.1.1.71. No reboot needed.

Be advised that I had to re-enable the self-protection module.

 

- Win 10 2004 - Build 19041.264 -

 

 

Edited by throkr
added OS details
Link to post
Share on other sites
Posted (edited)
16 hours ago, AdvancedSetup said:

If you can upload the MBST logs that may help us with future updates to prevent issues.

Upload Malwarebytes Support Tool logs offline

 

 

Well, I already used the MBST to reinstall MB without any problem but now I can't collect the logs.

After clicking on "Gather logs", the scan gets stuck in the second step "Run FRST" and never ends; I had to cancel it. I even tried with the real-time protection  temporarily disabled in Microsoft Defender antivirus.

I really don't understand why this is happening ...

 

53 minutes ago, LiquidTension said:

Thank you for the feedback! We have a defect filed for the issue with Self-Protection.

Thank you for that.

Edited by throkr
Link to post
Share on other sites
23 hours ago, throkr said:

Well, I already used the MBST to reinstall MB without any problem but now I can't collect the logs.

After clicking on "Gather logs", the scan gets stuck in the second step "Run FRST" and never ends; I had to cancel it. I even tried with the real-time protection  temporarily disabled in Microsoft Defender antivirus.

I really don't understand why this is happening ....

@AdvancedSetup, @LiquidTension,  I finally found out the culprit who was blocking the execution of the MBST: the ransomware protection module of MB ! :P            

Once the ransomware protection temporarily disabled before starting the tool, there was no problem and the zip file was created ...

But, is this normal ???  :blink:

mbst-grab-results.zip

Link to post
Share on other sites

Thank you for the information. We're looking further into this. It appears to be related to the registry backup functionality in FRST.

If you run MBST again with Ransomware Protection, do you still encounter an issue? Now that FRST was able to complete successfully and perform the registry backup, there's a good chance it will run successfully now.

Link to post
Share on other sites
3 hours ago, throkr said:

I finally found out the culprit who was blocking the execution of the MBST: the ransomware protection module of MB ! :P            

 

Link to post
Share on other sites
Posted (edited)
2 hours ago, LiquidTension said:

Thank you for the information. We're looking further into this. It appears to be related to the registry backup functionality in FRST.

If you run MBST again with Ransomware Protection, do you still encounter an issue? Now that FRST was able to complete successfully and perform the registry backup, there's a good chance it will run successfully now.

Correct, the second time I ran MBST, it went through all the steps without problem with the ransomware enabled.

It should be noticed that during the initial scan (on Win 10 2004), MB didn't react in comparison to Win 10 1909 where MB opens an alert window. 

Another good feedback: scans (quick + threat, for me) are significantly faster with this version 4.1.1 compared to version 4.1.0, at least for me.

 

52 minutes ago, Porthos said:

 

Thanks @Porthos, but MB is obviously not reacting in the same way on Win 10 1909 and on Win 2004 (which I'm using); see my answer just above to @LiquidTension

Edited by throkr
Link to post
Share on other sites
4 minutes ago, throkr said:

Thanks @Porthos, but MB is obviously not reacting in the same way on Win 10 1909 and on Win 2004 (which I'm using); see my answer just above to @LiquidTension

I have had Ransomware protection off for a long time now, Just do not need or use it so I reactivated it and I see your issue with 2004.

Link to post
Share on other sites
Posted (edited)

Thanks @throkr.

The revised beta version (1.0.931) we released now may have a fix for this issue.

Please do the following to confirm:

  • Delete the C:\FRST folder.
  • Rerun MBST.
  • Verify there are no issues when Ransomware Protection is enabled.
Edited by LiquidTension
Link to post
Share on other sites
Posted (edited)

@LiquidTension

The new beta CU 1.0.931 did not fix this issue;  ransomware protection still has to be disabled before starting the tool to have the zip file created with the correct infos (*) (this is important !).

I have now more important infos for you:

  • with 1.0.931: if you rerun MBST after a first complete execution (with ransomware protection disabled), you'll still have to disable ransomware protection (this wasn't the case with CU 1.0.927, as we saw earlier)
  • if you don't disable ransomware before starting the tool, it gets stuck at the second step "Run FRST" (as I mentioned it earlier in this topic). If you disable ransomware protection whilst the tool is stuck (= still running), it will immediately go further and the logs are created  (*) BUT they are incorrect as they don't reflect the reality: in mb-checkresults.txt, under ARW Controller Config it says Protection State: enabled (which is wrong as the protection was disabled whilst MBST was running). My attached logs reflect this "wrong" situation.
  • After running the tool, I noticed that all the drive letters of my non-connected (position "OFF" during the scan) external HDD drives were changed (this doesn't affect USB drives, at least for me). This is important as I use one of these external HDD drives for my backups ...

Well, I hope that my explanations are clear enough and that it will help ..... :)

mbst-grab-results.zip

Edited by throkr
typo
Link to post
Share on other sites
Posted (edited)

Hi @throkr,

Thanks for the update.

 

Quote

BUT they are incorrect as they don't reflect the reality: in mb-checkresults.txt, under ARW Controller Config it says Protection State: enabled (which is wrong as the protection was disabled whilst MBST was running).

This is expected as the report was generated before you disabled Ransomware Protection.
 

Quote

After running the tool, I noticed that all the drive letters of my non-connected (position "OFF" during the scan) external HDD drives were changed (this doesn't affect USB drives, at least for me). This is important as I use one of these external HDD drives for my backups ...

Could you elaborate on this? What do you mean by position "OFF"? Where did you see the drive letters change? Was this a permanent change?

-----

Some additional information would be useful.

  • Delete C:\FRST.
  • Enable debug logging in MB4 (Settings -> Event log data -> Enable "Collect enhanced...".
  • Run Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
  • With Ransomware Protection enabled in MB4, run MBST.
  • Wait for the hang to occur.
  • Once the hang has occurred, stop the Process Monitor capture (File -> Capture Events).
  • Save the Process Monitor log and zip it up.
  • Zip up the following folders:
    • C:\ProgramData\Malwarebytes\MBAMService\Logs
    • C:\ProgramData\Malwarebytes\MBAMService\ARW
  • Attach the zipped up Process Monitor log and folders.

 

Also, whilst still in the issue state (so before you disable Ransomware Protection), please open Task Manager and look for the FRST process.
Expand it if there are child processes running and take a screenshot of what you see.

Edited by LiquidTension
Link to post
Share on other sites
Posted (edited)
On 6/1/2020 at 3:08 PM, LiquidTension said:

This is expected as the report was generated before you disabled Ransomware Protection.

I understand that; my point is (was) that a reader of this report could think that it was made with ransomware protection enabled (which isn't the case), unless I tell him that I disabled the protection whilst MBST was running ..... Or am I missing something here ?    

On 6/1/2020 at 3:08 PM, LiquidTension said:

Could you elaborate on this? What do you mean by position "OFF"? Where did you see the drive letters change? Was this a permanent change?

My external HDDs are connected but not always running (= powered ON) and not visible in File Explorer. After running MBST, if I make them visible again in File Explorer (by turning the power switch on the HDD to ON), I see that the drive letter has been changed.

BTW today I made a test: I left the HDDs ON (visible in File Explorer) whilst running MBST and this has the same effect; once you set the HDD to OFF and again to ON, the drive letters in File Explorer are changed.

On 6/1/2020 at 3:08 PM, LiquidTension said:

Some additional information would be useful.

Attached you'll find the logs, except the Process Monitor Log (apparently not allowed, file to big) so I uploaded it here: https://www.transfernow.net/Ba0joK062020

On 6/1/2020 at 3:08 PM, LiquidTension said:

Also, whilst still in the issue state (so before you disable Ransomware Protection), please open Task Manager and look for the FRST process.
Expand it if there are child processes running and take a screenshot of what you see.

Here you go (no child processes present)

1405645680_TaskManger-FRSTprocess.jpg.31ed23b8dc53f14c02e9e2fbff3fee08.jpg

MB ARW + LOGS.zip mbst-grab-results.zip

Edited by throkr
typo + updated download link
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.