Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Turning on VPN kicks user off their internet


Go to solution Solved by techstrong,

Recommended Posts

I have a client who purchased Malwarebytes Privacy and cannot turn the VPN on without losing her internet. I have not used the VPN so I do not have any experience with it.

She has used a Verizon hotspot and can be online for a few minutes sometimes before she loses internet.

She also has access to a public wi-fi and it gets disconnected as soon as she activates the VPN.

This is a brand new installation less than a week ago and has not worked correctly since day 1.

She regains internet connection as soon as she turns the VPN off.

Any thoughts?

Edited by techstrong
corrected misspelling and grammar
Link to post
  • Root Admin

Hello @techstrong

We would need to get some logs from the system to see what's gong on.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
  • Root Admin

Could not open MBPrivacy version information.
MBPrivacy software is not found.

We would need to have the software actually installed so that we can check logs to see what's going on.

 

Some suggestions to try.

1. Uninstall Bonjour (this is a sharing protocol driver from Apple that is not needed on Windows in the vast majority of cases. Maybe if you had an Apple TV you're trying to connect to Windows, but even then you still might be able to do it without Bonjour. That is just an extremely noisy, chatty protocol that causes many networking issues)

2. Current DNS Servers: 192.168.100.1

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

3. ATTENTION: System Restore is disabled (Total:235.71 GB) (Free:117.62 GB) (50%)
  
    Please enable System Protection and create a new System Restore Point

   

 

4. Notice there are quite a few Network related issues. You may want to consider at least temporarily uninstalling ESET antivirus
    Malwarebytes in paid or trial mode with Windows Defender is on par or possibly even a better combination, so the computer will be protected without ESET

 

System errors:
=============
Error: (08/11/2022 11:15:31 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (08/11/2022 11:07:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MBVpnService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/11/2022 09:23:32 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {b1557ce1-ee13-4900-85bc-3cc9f35f921b}, had event 74

Error: (08/10/2022 09:15:35 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (08/10/2022 09:15:26 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (08/10/2022 09:15:26 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (08/10/2022 11:35:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ExpressConnect Network Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300 milliseconds: Restart the service.

Error: (08/10/2022 10:57:17 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {b1557ce1-ee13-4900-85bc-3cc9f35f921b}, had event 74

 

Not saying the Dell Optimizer is bad, but review and be careful on what changes it allows or makes to the Network settings. Sometimes the automation is wrong and can work against you.

C:\Program Files\Dell\DellOptimizer\DellOptimizer.exe

 

Personally, on devices I've supported over the years the Logitech Downloader has often been problematic. If you really don't need it you might want to consider disabling it

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

 

The following it not a default folder. You may want to check on it and see what it's doing

C:\Program Files (x86)\Temp

 

 

You may be the one using this Remote Access, but just making you or the customer aware its running. Personally not a fan of running such tools from Temp, but some programs that are temporary in nature do that.

(C:\Users\User\AppData\Local\Temp\unpacksos\2\SRFeatureSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRAppSOS.exe
(C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRAppPBSOS.exe
(C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRFeatureSOS.exe
(C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRServerSOS.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Users\User\Desktop\Monte REmote.exe

 

Thanks @techstrong

 

 

 

 

 

 

 

 

 

 

 

Link to post
  • Root Admin
Posted (edited)

When did you uninstall Bonjour?

I don't see the entry in Add/Remove anymore but I also don't see a log entry where it was uninstalled. That is normally logged.

 

You can see here where it is wreaking havoc in the logs, at least yesterday.

 

Application errors:
==================
Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-EI7VGSM.local already in use; will try DESKTOP-EI7VGSM-2.local instead

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-EI7VGSM.local. Addr 192.168.1.147

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from :5353   16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-EI7VGSM.local. AAAA FE80:0000:0000:0000:5875:0675:E340:1C68

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from :5353   16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 DESKTOP-EI7VGSM.local. Addr 192.168.1.147

Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from :5353   16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68

 

 

The logs also indicate a timing issue. It shows time is in the past when requesting a connection.

Can you please double-check with a Time Clock resource that Windows is on the exact correct date and time?

 

Can you try the other driver and see if that makes any difference?

Tunnel driver: By default, Malwarebytes Privacy uses the Malwarebytes MBtun driver to connect to VPN. To use a Windows tunnel driver, you can select the Wireguard Wintun driver from the dropdown menu. The Wintun driver does not support the VPN Bypass feature.

https://support.malwarebytes.com/hc/en-us/articles/360045211174-Settings-in-Malwarebytes-Privacy-VPN-for-Windows

 

 

Edited by AdvancedSetup
Removed local IP info
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.