Jump to content

Recommended Posts

I've discovered that MalwareBytes is blocking the esptool.exe executable that uploads code to ESP32 microcontrollers over a COM port.

I'm getting an Access is denied error and if I look at the activity on my COM port using the app from

https://serial-port-monitor.org 

I can see MBAM is interfering.

If I turn off Ransomware Protection it all works as expected.

I've tried adding an exception in MBAM for esptool.exe and for its parent folder but that doesn't seem to have any effect.

Edited by AdvancedSetup
Disabled live hyperlink
Link to post
Share on other sites

1 hour ago, yorrrick said:

I can see MBAM is interfering.

Does it cause an actual block notice? If so the log would be helpful.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

No. There's nothing in the MBAM log.

However, here are two logs from the Serial Port Monitor tool showing the activity on COM5 when I try to run esptool.exe with MBAM Ransomware Protection switched off and then with it switched on.

In the first trace esptool gains control of COM5 and goes about its business. 

In the second trace MBAMService.exe appears to be repeatedly accessing COM5 instead of esptool.exe.  It does this about 30 times a second for the couple of seconds before esptool gives up and throws an access denied exception.

There is no activity on COM5 before I start esptool running.

For simplicity while exploring this issue I've been executing esptool from a CMD window as:

C:\Users\xxx\AppData\Local\Arduino15\packages\esp32\tools\esptool_py\3.0.0>

esptool --port COM5 read_mac

Normally esptool is executed from the Arduino IDE tool chain at the point executable code needs to be uploaded into the ESP32.

 

spm-session1.jpg

spm-session2.jpg

Link to post
Share on other sites

I too am having this same problem.  I don't think I can add any technical details to the discussion.  Disabling Ransomware protection allows Arduino to access the serial port properly.  When enabled, access to the serial port is denied.

Any word on when this problem will be addressed?

Thanks,

Scott

 

Link to post
Share on other sites

  • 2 weeks later...

Yep, me too... this has been driving me nuts since earlier this month.  This never use to be a problem until the last (recent) upgrade to Malwarebytes.

I can confirm that you can't set any type of allow for the file specifically or the entire path.  In fact, using Malwarebytes has always been a problem with the speed at which the Arduino IDE compiles.  I have tried adding entire folders to the allow list and it makes no real difference in compile speed.  If I physically quite Malwarebytes then the compile speed is normal. But right now, unless you quit or at least turn off the randsomware protection you can't send anything to an Arduino board using the esptool, regardless of what is using the esptool Arduino IDE, PlatformIO, etc.

I am hoping you can reverse whatever change that you made between upgrades to fix this problem and maybe fix the issue with slow compiles.

Thanks!

 

Link to post
Share on other sites

  • Staff

Hi all. This issue is not exactly a False Positive, so I've moved it to the more general Malwarebytes Support area.
This issue seems similar to another issue reported, which we have a fix for, but due to many circumstances, it's yet to be delivered in MBAM.

If someone in this thread would like to work with me on verifying if the fix we have also addresses this issue, let me know. We believe it should.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Hi @andyn_ff and all. I know this is taking longer than any of us wanted to get the fix into a release build of MBAM, and for that I do apologize. Certain other issues have come up which required our immediate attention and have delayed the integration into MBAM of the ArwSDK (Anti-Ransomware component) which contains this fix. At this time, we unfortunately cannot provide an ETA. We ask for your continued patience.
Thank you.

Edited by tetonbob
  • Like 1
Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.