Jump to content

Excluding UWP app / periodic freezes in AoEII:DE


Recommended Posts

I didn't want to resurrect this topic - https://forums.malwarebytes.com/topic/268898-malwarebytes-causes-lags-in-age-of-empires-2-definite-edition/?tab=comments#comment-1431101 - but I had a similar issue, with a slightly different context.

I'd been having issues while running Age of Empires II: Definitive Edition. During offline campaign games vs. AI, every couple of minutes the game would hang momentarily, then continue running. After a fair bit of digging around on different forums, the common thread seemed to be Malwarebytes - apparently AoEII triggers MBAM's real-time ransomware protection for whatever reason. The suggested solutions were: 1) uninstall MBAM (For me, not an option. I think MBAM is an excellent piece of software and I'm not going to switch/pay for a whole different software for one game.), 2) disable MBAM while playing AoEII (To me, this is tantamount to uninstalling. What good is the real-time protection if you're turning it off regularly?), and 3) the user in the other forum post found that adding AoEII:DE's folder to the exclusions/allow list in MBAM solved the issue.

The difference in my situation is that I can't access the game's folder. AoEII:DE is (I assumed all versions, but I guess the Steam version is not) a Universal Windows Platform app, meaning that the program folder itself is within a "WindowsApps" folder that is not further accessible without a non-obvious workaround. I had tried simply adding the whole WindowsApps folder to the exclusions list, to no avail. I stumbled upon another unrelated forum post that discussed how to gain access within the WindowsApps folder:

  1. Go to C:\Program Files\WindowsApps
  2. Right click the WindowsApps folder and select properties.
  3. Click on the Security Tab
  4. Click on the "Advanced..." button
  5. Under Owner - click on change
  6. Click on Advanced
  7. Click on Find now
  8. Look for your login/username
  9. Select your login
  10. Click okay
  11. Below Owner - there will a check box - replace owner on sub containers and objects. Tick/check the box then Select Apply.
  12. Click okay

Functionally what this entails is opening the security properties of the WindowsApps folder and changing owner to your user account from Admin or whatever superuser-type account Windows locks ownership of WindowsApps to. Once doing this, I could navigate inside the WindowsApps folder, select the specific program's folder, and add it to the exclusions list within MBAM. No apparent issues since.

I wanted to share this for a twofold reason: 1) in the hopes that it can assist others having similar issues with AoEII:DE specifically, or UWP apps in general, and 2) to see if anyone sees any major security flaws in using this method that I am not recognizing. I realize that I am circumventing the sandbox that Microsoft has created around UWP apps, but I guess that there is a relatively low chance that changing the permissions as suggested above opens me up to nearly the same vulnerability that turning off real-time protection does.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

14 minutes ago, brettygud_ said:

Functionally what this entails is opening the security properties of the WindowsApps folder and changing owner to your user account from Admin or whatever superuser-type account Windows locks ownership of WindowsApps to. Once doing this, I could navigate inside the WindowsApps folder, select the specific program's folder, and add it to the exclusions list within MBAM. No apparent issues since.

Essentially you removed the protection/security that Windows enabled(for your protection) of that entire folder.

You could have just disabled ransomware protection when playing the game. The rest and more protective components of Malwarebytes would still be active and protecting the computer

The Ransomware Protection component is the least proactive in Malwarebytes because it relies entirely on active application behavior in memory to make detection's, meaning your system would first need to actually be infected by a live ransomware threat for Ransomware Protection to detect anything.  This is extremely unlikely since you still have the other more proactive components active which should prevent any infection from infiltrating your system in the first place, including ransomware. 

 

 

Link to post
Share on other sites

I just tested, and I was able to exclude a folder under the WindowsApps folder by quitting Malwarebytes (right-click the Malwarebytes tray icon and select Quit Malwarebytes), then re-launching Malwarebytes by right-clicking its START menu>All Programs shortcut and selecting Run as administrator.  This allowed me to access the sub-folders of C:\Program Files\WindowsApps to exclude one of the sub-folders there.  Once done, I then quit Malwarebytes from the notification area once more and then re-launched it normally.

Anyway, I will report this issue to the Product team in case there is anything they can do without messing with Malwarebytes' UI's default permissions (there's a reason it runs by default with the current user's credentials rather than requiring a UAC prompt), but this procedure may be useful as a workaround for such situations for now.

  • Thanks 1
Link to post
Share on other sites

3 minutes ago, exile360 said:

I just tested, and I was able to exclude a folder under the WindowsApps folder by quitting Malwarebytes (right-click the Malwarebytes tray icon and select Quit Malwarebytes), then re-launching Malwarebytes by right-clicking its START menu>All Programs shortcut and selecting Run as administrator.  This allowed me to access the sub-folders of C:\Program Files\WindowsApps to exclude one of the sub-folders there.  Once done, I then quit Malwarebytes from the notification area once more and then re-launched it normally.

Anyway, I will report this issue to the Product team in case there is anything they can do without messing with Malwarebytes' UI's default permissions (there's a reason it runs by default with the current user's credentials rather than requiring a UAC prompt), but this procedure may be useful as a workaround for such situations for now.

Awesome, thanks for the suggestion.

1 hour ago, Porthos said:

Essentially you removed the protection/security that Windows enabled(for your protection) of that entire folder.

You could have just disabled ransomware protection when playing the game. The rest and more protective components of Malwarebytes would still be active and protecting the computer

The Ransomware Protection component is the least proactive in Malwarebytes because it relies entirely on active application behavior in memory to make detection's, meaning your system would first need to actually be infected by a live ransomware threat for Ransomware Protection to detect anything.  This is extremely unlikely since you still have the other more proactive components active which should prevent any infection from infiltrating your system in the first place, including ransomware. 

 

 

So you're indicating that the UWP sandboxing is probably a greater security benefit than the real-time ransomware protection on MBAM?

I think maybe I'm just unclear on what the major benefit of UWP sandboxing is, when most other (or at least an equal amount of) applications on a Windows machine will not be UWP, in addition to the Microsoft Store/Xbox App being run by Microsoft and with MS ostensibly vetting the software on that platform. I'll do some reading and attempt to educate myself, I'm just interested to hear outside perspectives.

Link to post
Share on other sites

4 minutes ago, brettygud_ said:

So you're indicating that the UWP sandboxing is probably a greater security benefit than the real-time ransomware protection on MBAM?

The ransomware protection is reactive not proactive.

5 minutes ago, brettygud_ said:

meaning your system would first need to actually be infected by a live ransomware threat for Ransomware Protection to detect anything.

 

Link to post
Share on other sites

  • Root Admin

It has to start a process. In most cases we will stop it from working but there are cases where a couple files may get processed before we can stop it. In most cases we know, find, block the droppers that try to get on the box in the first place.

https://www.malwarebytes.com/antivirus/

Allowing files, or processes is much safer than disabling any of the Protection Modules

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.