Jump to content

Recommended Posts

Collected logs while reproducing with MBAM 4.1.2.73 CU 1.0.988, but I encountered these with CU 1.0.979 as well, so it's not beta specific.

1. Certain definition updates can cause PendingFileRenameOperations for files in 'C:\ProgramData\Malwarebytes\MBAMService\IrisPlugins'
2. After a few such updates, usually 2 of them it is possible for network connections to be slow to establish after last batch of PendingFileRenameOperations is resolved by Windows on boot.

The network connections being slow to establish affects all programs but web browsers are less affected with Firefox handling this best.
Things are very bad with command line tools, for example `pacman -Syu` always fails in MSYS2 if updates available.

Disabling malware protection then rebooting makes network connections being slow to establish problem go away for good, PendingFileRenameOperations still happen.

Other symptoms along with slow network connection establishing:

- Windows security center can take long time to display content;
- Windows hangs to black screen if you log off for at least 5-10 minutes if not permanently;
- Farbar Recovery Scan tool can hang during scan in Other areas part;
- Malwarebytes UI can take a long time to start if it even starts;
- You are very likely to get "Cannot connect to license server" error if Malwarebytes UI opens.

logs-PFRO-freshly-created.zip logs-PFRO-post-apply.zip logs-slow-connections-establish-FRST-hang.zip pacman-syu-fail.txt

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Greetings,

Please try restoring User Account Control to its default settings:

UAC Settings
==================================
EnableLUA:                      On
Consent Prompt Behavior Admin:  Off

Details on how to do so can be found in this article.

Once that is done, restart your system then proceed with the following to see if it helps:

  1. Run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

Please let us know if this helps or not.

Thanks

Link to post
Share on other sites

2 hours ago, exile360 said:

Please try restoring User Account Control to its default settings:


UAC Settings
==================================
EnableLUA:                      On
Consent Prompt Behavior Admin:  Off

 

This is trickier than it seams. See attached video. None of the options seam to match the defaults Windows comes with:

- dim screen on prompt;

- prompt on program install with admin rights;

- no prompt with Windows settings change.

Link to post
Share on other sites

11 hours ago, exile360 said:

It's the second option regarding installing programs with admin rights I believe.

Yes, when you are logged on as standard user, but you are not allowed to select it. When you are logged on as admin it's 3rd option.

With that said I was able to reset UAC to defaults.

15 hours ago, exile360 said:

Once that is done, restart your system then proceed with the following to see if it helps:

 

  1. Run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

 

Please let us know if this helps or not.

Thanks

It helped immediately as it always helped, but the question is for how long. I attached cleanup log.

This time I decided to play on safe side with MBAM settings:

- stayed on stable CU 1.0.979;

- only disabled anti-ransomware protection, notifications when realtime protections are off and scheduled scans and didn't change anything else.

 

Some problems with Support Tool:

1.It didn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults at the time I ran Support tool to begin cleanup. I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded and unpacked executable to admin user temp folder have admin rights flag set.

2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 a few weeks ago shortly after it's release when slow network connections establishing in MBAM was far worse and I tried the cleanup procedure to battle it. Things got better with CU 1.0.979 but we still have these issues.

mbst-clean-results.txt

Link to post
Share on other sites

Thanks, it definitely sounds like something strange is going on with your system, possibly with permissions or something related to it.  If you wouldn't mind, I would like to get a member of the staff to take a look to dig deeper into this issue.

In the meantime, I will be reporting this to the Product team for analysis, so if they were not already aware of such a case, they will be soon.

@AdvancedSetup, would you please take a look?  I suspect a permissions issue due to the update files needing to be set as PendingFileRenameOperations rather than in-place as well as other symptoms which seem to indicate a permissions problem or similar.

Link to post
Share on other sites

Hello,

The PFROs in this case are expected. These files are not related to definitions but rather in-app messaging. The PFROs you're seeing are deletion operations for files no longer required. Deleting the file on-reboot is used in this case for simplicity to avoid complications with determining if the file is intentionally still in use or not. It's not related to file permissions or indicative of any sort of issue.

Are you stating that you only see an issue after startup with slowness/hangs when these PFROs are processed by Windows?

If you delay the start of Real-Time Protection (Settings -> Security -> Windows startup -> Advanced -> Delay Real-Time Protection...), does this have any impact?

Edited by LiquidTension
Link to post
Share on other sites

1 hour ago, LiquidTension said:

Hello,

The PFROs in this case are expected. These files are not related to definitions but rather in-app messaging. The PFROs you're seeing are deletion operations for files no longer required. Deleting the file on-reboot is used in this case for simplicity to avoid complications with determining if the file is intentionally still in use or not. It's not related to file permissions or indicative of any sort of issue.

Ok.

 

1 hour ago, LiquidTension said:

Are you stating that you only see an issue after startup with slowness/hangs when these PFROs are processed by Windows?

It takes a few Windows boots span across a few days until slow connections establishing and other potential glitches manifest. I never experienced overall system slowdown. I consistently saw more than 1 PFRO stack from Malwarebytes during this randomly long interval until issue manifests, but I can't confirm that MBAM PFRO are the cause of it. PFRO from other programs are not at all a factor in this.

 

1 hour ago, LiquidTension said:

If you delay the start of Real-Time Protection (Settings -> Security -> Windows startup -> Advanced -> Delay Real-Time Protection...), does this have any impact?

I haven't tried that in a while. Last time I used it, it was just delaying issue from manifesting by the amount of time set. If a program that uses network connections is running when issue kicks in, it's unaffected until it's closed and reopened.

Link to post
Share on other sites

It took 2 days with 2 batches of PFRO from Malwarebytes and slow resolving hosts issue and other connected glitches didn't happen. I think it's caused by hibernation in any form (ordinary hibernation or fast startup). Doing either just once is enough for issue to trigger in 2 days. Hearing that others had success with component 1.0.990 I decided to play braver:

- Enrolled in beta channel and performed component update;

- Enabled fast startup as I am on HDD;

- Re-enabled optional scanning settings and optional anti-exploit settings for browsers and chromium-based browsers;

- Changed UAC back to maximum protection.

- Rebooted to ensure component update is in effect even though it didn't ask for full system restart and it didn't create any PFRO.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.