Jump to content

MBAE64.DLL causing Windows Event ID 3033 (Code Integrity)


Recommended Posts

Windows 10 event log ID 3033

"Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements."

I am unsure at this point if this is Windows 10 AMSI interface being overzealous, Firefox doing something wrong, or the MBAE64.DLL not being fully AMSI compliant?

Why would Firefox want to load YOUR AV routine, surely this is mbae64.dll just trying to check out this executable?

Edited by td47
Typo
Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Root Admin

Hello @td47

Can we get some logs, please? In general, these issues are often quite transitory and a reboot of the computer typically will not generate the error again in many cases.

 

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

@AdvancedSetup I assume that now this is stated as "Working As Designed", your comment about needing MWB logs can be ignored (as this is a Windows generated event log, and NOT an MWB log)? A reboot does NOT fix this condition.

As long as my MWB Premium is functional with this Event 3033 happening, I will ignore it for the time being.

I WOULD like it fixed though, as I was fed up with seeing my Event Logs cluttered with similar Data Integrity logs with Norton Security active, that I have got rid of a while ago, and now continue  ONLY to use (the otherwise excellent) MWB. As an aside, I am NOT a fan of the "working as designed" term, but I know that many software companies use it a lot in their technical responses (Microsoft, Apple etc). I suspect that is why the current state of Firmware in older Routers and IoT devices is such a mess!

Link to post
Share on other sites

  • Root Admin

Malwarebytes is fully functional. From my understanding, it's more of a nuance of when to step in and allow our product to manage an exploit versus Microsoft. I'm not a developer so they might explain it a bit differently. Regardless, they're aware and will be looking at making some changes in the future.

I hear you on the mess in the Event Logs. I use to be very on top of it during the Windows XP days and my systems were always clean from errors and events in the early days. Today though computers are much more complex and much more capable of so many things. It is almost impossible to keep clean Event Logs.

Cheers

 

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.