Jump to content

Slow response times for Malwarebytes


Recommended Posts

  • Root Admin

I don't believe this software was listed as one of the affected SolarWinds products that were hacked, but I'd highly recommend that you or your IT Support double-check and verify this software is not involved in anyway to the hack on SolarWinds

Solarwinds Discovery Agent (HKLM-x32\...\Solarwinds Discovery Agent 2.0.7) (Version: 2.0.7 - Solarwinds)

The SolarWinds application also faulted.

Error: (04/05/2021 12:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SamanageAgentWatchdog.exe, version: 1.0.0.3, time stamp: 0x571c7a82
Faulting module name: SamanageAgentWatchdog.exe, version: 1.0.0.3, time stamp: 0x571c7a82
Exception code: 0xc0000409
Fault offset: 0x00013e6b
Faulting process id: 0x3cb8
Faulting application start time: 0x01d7266cbbfff561
Faulting application path: C:\Program Files (x86)\Solarwinds Discovery Agent\agent\watchdog\SamanageAgentWatchdog.exe
Faulting module path: C:\Program Files (x86)\Solarwinds Discovery Agent\agent\watchdog\SamanageAgentWatchdog.exe
Report Id: cd36451e-ce2b-49f2-bbd8-1c9074ee1e39
Faulting package full name:
Faulting package-relative application ID:

 

 

 

Can you temporarily uninstall the McAfee Endpoint Security Platform and all related software.

The FireEye Endpoint Agent looks to possibly either be the cause or at least partially involved. Over and over when Malwarebtyes starts to read then the FireEye agent also immediately reads too.

I'd like to also temporarily uninstall the FireEye Endpoint Agent and then see if Malwarebytes is still taking a long time to open with both of those programs uninstalled.

 

System errors:
=============

Error: (04/05/2021 06:38:51 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume WIN10_2016_04.

 

Not really sure why your work would be running this over and over. Once disabled SMB1 would not re-enable itself. Also, without looking it up I'm pretty sure Windows 10 comes out of the box with SMB1 disabled.

Error: (04/05/2021 06:19:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: NT AUTHORITY)
Description: 0 failed.
    GPO Name : LITS-IS-GPO_Disable SMBv1 PS
    GPO File System Path : \\Eu.Emory.Edu\SysVol\Eu.Emory.Edu\Policies\{24A9B611-F00C-44C6-87EA-449FF9E3D1E4}\Machine
    Script Name: DisableSMB1.bat

 

You do have these restriction on the system but I assume they're all legit from your work?

GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\daschul\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-4279633407-28481931-2677731258-38347\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

 

Your Google Updater is old and out of date. Even if you check for updates in Chrome it normally doesn't seem to update that file. I'd recommend you export your bookmarks. Then uninstall Google Chrome from the Control Panel, then restart the computer and reinstall Google Chrome.

Task: {730798F5-6FC3-46B1-9086-E968A4812223} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-25] (Google Inc -> Google Inc.)

 

Please check on the DISK ERROR I would highly recommend you run at least a short disk check on the C: volume. You may want to possibly consider running a Full disk check.
To run the short disk check run the following from an Elevated Admin Command Prompt

ECHO Y|CHKDSK C: /F

To run a Full disk check run the following from an Elevated Admin Command Prompt

ECHO Y|CHKDSK C: /R

Then restart the computer.

 

Is the computer a Dell Latitude E7450?

If so there appears to be updated BIOS and other drivers for the system.

Your current version:
BIOS: Dell Inc. A12 04/17/2016
Motherboard: Dell Inc. 0D8H72

 

image.png

 

 

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

A little good news / bad news in response.

My IT department decided it was about time to replace my six-year-old laptop anyway, so I am now running a (relatively) new machine with the same software installed, and MWB doesn't seem to be having the long delay that was previously present (now running closer to 15 seconds for the GUI to appear, with only a slight hiccup delay in menu appearing on right click of the icon in the taskbar). Unfortunately, that means we won't get a chance to tweak the old machine to see if we can identify the culprit responsible for the delays. 

I am very appreciative of the help of both of you @AdvancedSetup and @Porthos.

 

Link to post
Share on other sites

Looks like I spoke too soon :) While the GUI is definitely not taking 5 minutes to open anymore. It is now up to 1-2 minutes routinely. I'll touch base with my IT folks about some of the recommendations you previously made, but my guess it that removing the security software may be a non-starter.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.