Root Admin AdvancedSetup Posted October 26, 2020 Root Admin ID:1416568 Share Posted October 26, 2020 (edited) We have released a new beta build to correct the following Fixed: Users report to lose connection (visibility) to the LAS or Network Neighborhood after upgrading to CU19https://forums.malwarebytes.com/topic/262752-malwarebytes-42-beta/?do=findComment&comment=1416567 Please enable beta updates and then check for updates NOTE: Please close all open applications before running this update installer. It is a mandatory reboot of the computer. Unsaved documents will be lost. Edited October 26, 2020 by AdvancedSetup updated information Link to post Share on other sites More sharing options...
Pluto Posted October 26, 2020 Author ID:1416621 Share Posted October 26, 2020 A very quick test suggests that this fault has been fixed. More testing to follow over the day or three. FWIW I can report that this update (of only the component pack) did not demand a mandatory reboot, merely a restart of the Malwarebytes application under Windows 10. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 26, 2020 Root Admin ID:1416625 Share Posted October 26, 2020 15 minutes ago, Pluto said: A very quick test suggests that this fault has been fixed. More testing to follow over the day or three. FWIW I can report that this update (of only the component pack) did not demand a mandatory reboot, merely a restart of the Malwarebytes application under Windows 10. Thank you for the feedback. I would suggest you still go ahead and restart the computer Link to post Share on other sites More sharing options...
Pluto Posted October 27, 2020 Author ID:1416707 Share Posted October 27, 2020 Sorry, I have to advise that following two or three complete restarts that this problem is not fixed on either my Windows 10 or Windows 7 machines. Back to the drawing board, folks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 27, 2020 Root Admin ID:1416710 Share Posted October 27, 2020 Hello @Pluto Can we please get some new updated logs from you so that we can review. So far this update seems to be working for everyone else so we'd like to see if there is something obvious on your system. Upload Malwarebytes Support Tool logs offline Thanks Link to post Share on other sites More sharing options...
Pluto Posted October 27, 2020 Author ID:1416718 Share Posted October 27, 2020 OK – this time I shall send logs from my Windows 7 system which will probably be a thousand times simpler to interpret. Coming up… Link to post Share on other sites More sharing options...
ratumikaele Posted October 27, 2020 ID:1416719 Share Posted October 27, 2020 Beta has resolved problem on both my Windows 10 machines. No restart required but continues to work after restart 😀 Thanks Link to post Share on other sites More sharing options...
Pluto Posted October 27, 2020 Author ID:1416725 Share Posted October 27, 2020 (edited) On 10/27/2020 at 1:38 AM, Pluto said: Coming up… As requested… Edited October 28, 2020 by AdvancedSetup log removed per request Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 27, 2020 Root Admin ID:1416730 Share Posted October 27, 2020 Thank you @Pluto Can you please try saving your current firewall settings. Then make a new System Restore Point and disable the following software application and reset the firewall to defaults temporarily HKLM\...\Run: [Malwarebytes Windows Firewall Control] => C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe [644784 2020-08-22] (Malwarebytes Inc -> Malwarebytes) You might also want to review and consider removing restrictions unless you specifically set them. GroupPolicy\User: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKU\S-1-5-21-4294570440-570648401-489032097-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Update your Google Chrome and remove these 2016 updaters Task: {63EFE5D2-3395-481A-BC19-080FEE749404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-16] (Google Inc -> Google Inc.) Task: {EABD7320-DA9F-4C8A-8DF7-B396E886883A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-16] (Google Inc -> Google Inc.) One of the logs Additions.txt did not complete for some reason. Please try restoring the firewall. Then restart the computer and let me know if that works or not Late for me so I'll check back on you again tomorrow Thanks Link to post Share on other sites More sharing options...
Pluto Posted October 27, 2020 Author ID:1416760 Share Posted October 27, 2020 This is all appreciated but the amount of time I have available to explore this issue is very limited so, please, let's not loose sight of the fact that prior to component pack 1070 this all worked! So what changed in this department with 1070? I really do not have the time to strip this machine back to basics to work this one out. Whatever happened to the old mantra to permit everything that originates within the local network? I trust (as others are saying that this update fixed the issue for them) this isn't a schoolboy error of not realising that my LAN is, a little unusually, on 192.168.2 .× ? I ask this because the issue remains with both my Windows 7 & Windows 10 machines. The two machines have little common history so it's rather odd that both should appear to suffer from the same malaise. The commonalities between the two machines are i) the network itself and ii) both developed the current issue with the arrival of component pack 1070 iii) both are cured by disabling Web Protection. I trust you follow my argument here. NB I have removed all the Google stuff from the Win7 machine. No change. Link to post Share on other sites More sharing options...
ratumikaele Posted October 27, 2020 ID:1416815 Share Posted October 27, 2020 Hi Pluto, I doubt this is much consolation but my internal LAN addresses are also 192.168.2.xxx, so no schoolboy error on your part... Windows Build is 10.0.19041 Link to post Share on other sites More sharing options...
Pluto Posted October 27, 2020 Author ID:1416822 Share Posted October 27, 2020 That's one more variable eliminated! I doubt that the Windows build is all that relevant, seeing as the issue extends across Win10 & Win7 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 27, 2020 Root Admin ID:1416845 Share Posted October 27, 2020 We have reversed the change and so far for the majority of users the updated beta has fixed the issue. Why it has not for you @Pluto is what we're attempting to try and track down. For now then if you don't have time to help us help you track it down further then please disable the Web Protection module. You can use Malwarebytes Browser Guard and/or uBlock Origin content blocker to help shore up the Web Protection module until an update that works for you is available. Thank you Link to post Share on other sites More sharing options...
Pluto Posted October 28, 2020 Author ID:1416853 Share Posted October 28, 2020 So logically, the approach should be to examine the distinctions between component packs 1061 and 1070 as the former was absolutely fine. If this were my mission I would have me run the diagnostic with each component pack in turn, changing nothing else in between. That strategy would probably reveal the issue. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 28, 2020 Root Admin ID:1416854 Share Posted October 28, 2020 As said the change was already reversed. If its not working for you and you won't allow me to help you diagnose why it's not working I don't know how else to assist you @Pluto Please try using our MBST tool and uninstall all Malwarebytes software and reboot. Do not reinstall when prompted by the program and then see if normal operation has returned for you as it has for everyone else and let us know. Thank you Link to post Share on other sites More sharing options...
Pluto Posted October 28, 2020 Author ID:1416862 Share Posted October 28, 2020 OK, a quick bash in the morning (it's 1.30am here). Exactly what you would like me to do with the support tool? Happy to try uninstall/reinstall MB etc. but not messing around with stuff that considerably pre-dates this issue which might compromise the stability of the systems. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 28, 2020 Root Admin ID:1416866 Share Posted October 28, 2020 Just uninstall all Malwarebytes software with the tool and reboot. For now, temporarily do not reinstall Malwarebytes. Then make sure that all works properly for you again https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool Link to post Share on other sites More sharing options...
Pluto Posted October 28, 2020 Author ID:1416923 Share Posted October 28, 2020 Uninstalled as asked via MBST. Interestingly, the tool did not offer to re-install. All well when MB not present, NAS detected correctly within a few seconds of clicking "Network". Reinstalled MB manually, allowed latest updates, no change from status quo ante. Web Protection inhibits detection of NAS device. Incidentally, something that might be deluding some folks here into thinking it's working, when it's not… in my case, when NAS is detected (having disabled Web Protection) that detection remains valid for a few minutes after Web Protection is resumed, even when pressing "refresh"! So those who believe that this issue is fixed, it might be useful to see if your NAS is still accessible after, say, 10 minutes of Web Protection remaining active. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 28, 2020 Root Admin ID:1416973 Share Posted October 28, 2020 Please provide MBST logs Upload Malwarebytes Support Tool logs offline Link to post Share on other sites More sharing options...
Pluto Posted October 28, 2020 Author ID:1417016 Share Posted October 28, 2020 (edited) Another logging run as requested, from my Windows 10 machine. Please delete this attachment (and others I have uploaded) after you have retrieved them. Thanks. Edited October 28, 2020 by AdvancedSetup log removed per request Link to post Share on other sites More sharing options...
Pluto Posted October 30, 2020 Author ID:1417424 Share Posted October 30, 2020 Possible clue in getting to the bottom of this – enabling SMBv1 (now highly deprecated) seems to enable discovery of NAS device. Subsequent disabling thereof restores inability to detect NAS unless web protection is disabled. Please forgive my indulgence, but why does your web protection module have any effect on the goings-on within the local network? Would it really be so much of a vulnerability to simply ignore any traffic that originates and terminates within the LAN border? Your own information flash says that web protection blocks online scams, phishing sites and sites with ransomware. So why is it having any effect whatsoever on the discovery of a simple local NAS device? Link to post Share on other sites More sharing options...
Max-H Posted October 30, 2020 ID:1417426 Share Posted October 30, 2020 5 minutes ago, Pluto said: So why is it having any effect whatsoever on the discovery of a simple local NAS device? Good question.🤔 Link to post Share on other sites More sharing options...
Dave77 Posted October 30, 2020 ID:1417467 Share Posted October 30, 2020 6 hours ago, Pluto said: So why is it having any effect whatsoever on the discovery of a simple local NAS device? Might be worth looking into: I have found that since the last update, my NAS that is discovered by WSD is showing consistently in Windows Network. My second (older) NAS and Raspberry Pi's that are discovered by NetBIOS initially show up, but disappear after a certain time. Disabling Web Protection immediately allows NetBIOS discovery computers to be seen. Link to post Share on other sites More sharing options...
Pluto Posted October 30, 2020 Author ID:1417468 Share Posted October 30, 2020 I wouldn't disagree with any of that although it's hard to prove specifically. Certainly your comment… 4 minutes ago, Dave77 said: …initially show up, but disappear after a certain time. seems in the ballpark (in my case). So it appears that MB web protection is inhibiting some aspect of the LAN communication, which appears rather odd for a protection module designed to ward off “online scams, phishing sites and sites with ransomware”. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 30, 2020 Root Admin ID:1417490 Share Posted October 30, 2020 Because NAS uses the Server Message Block (SMB) Protocol to access and allow file sharing which NAS devices use. Here is a list of vendors still using SMB1 and if your product is on this list and you disable SMB1 then you will not be able to see or access the device. https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-product-clearinghouse/ba-p/426008 We do not modify or change SMB. If you uninstall all of our software and are not changing SMB you should not see any difference on the SMB / CIFS level. We accidentally introduced a block for Web Services for Devices (WSD) which is technology from Microsoft that provides a standard method for discovering and using network-connected devices. The latest version of our software has removed that accidental block. More details from Microsoft on why SMB1 is not something you should be using Stop using SMB1 Running the following from an elevated admin command prompt on Windows 7 should show the information for SMB sc.exe qc mrxsmb10 sc.exe qc mrxsmb20 SERVICE_NAME: mrxsmb10 TYPE : 2 FILE_SYSTEM_DRIVER START_TYPE : 4 DISABLED ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\mrxsmb10.sys LOAD_ORDER_GROUP : Network TAG : 6 DISPLAY_NAME : SMB 1.x MiniRedirector DEPENDENCIES : mrxsmb SERVICE_START_NAME : SERVICE_NAME: mrxsmb20 TYPE : 2 FILE_SYSTEM_DRIVER START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\mrxsmb20.sys LOAD_ORDER_GROUP : Network TAG : 7 DISPLAY_NAME : SMB 2.0 MiniRedirector DEPENDENCIES : mrxsmb SERVICE_START_NAME : More information on the subject of SMB How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windowshttps://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 SMB is Dead, Long Live SMB!https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-is-dead-long-live-smb/ba-p/1185401 Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960https://borncity.com/win/2019/01/12/fix-for-the-windows-7-smb-network-bug-caused-by-update-kb4480970-kb4480960/ Description of the update for Windows 7 SP1 and Windows Server 2008 R2: January 11, 2019https://support.microsoft.com/en-us/help/4487345/update-for-windows-7-sp1-and-windows-server-2008-r2 Patch Lady – That SMB issue isn’t SMBhttps://www.askwoody.com/2019/patch-lady-that-smb-issue-isnt-smb/ For your Windows 7 computer @Pluto Windows 7 SP1 and Windows Server 2008 R2 SP1 update historyhttps://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history The left column of this page lists all the updates that have been released for this version of Windows. We recommend that you install all the updates for Windows that are available for your device. Installing the most recent update means that you also get all the previous updates, including important security fixes. October 13, 2020—KB4580387 (Security-only update) Read the How to get this update and the Prerequisite before installing this update https://support.microsoft.com/en-us/help/4580387/windows-7-update Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now