techstrong Posted August 9, 2022 ID:1528156 Share Posted August 9, 2022 (edited) I have a client who purchased Malwarebytes Privacy and cannot turn the VPN on without losing her internet. I have not used the VPN so I do not have any experience with it. She has used a Verizon hotspot and can be online for a few minutes sometimes before she loses internet. She also has access to a public wi-fi and it gets disconnected as soon as she activates the VPN. This is a brand new installation less than a week ago and has not worked correctly since day 1. She regains internet connection as soon as she turns the VPN off. Any thoughts? Edited August 9, 2022 by techstrong corrected misspelling and grammar Link to post
Root Admin AdvancedSetup Posted August 9, 2022 Root Admin ID:1528162 Share Posted August 9, 2022 Hello @techstrong We would need to get some logs from the system to see what's gong on. To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post
techstrong Posted August 11, 2022 Author ID:1528328 Share Posted August 11, 2022 Sorry for the delay, here is the log file the tool saved. mbst-grab-results.zip Link to post
Root Admin AdvancedSetup Posted August 11, 2022 Root Admin ID:1528342 Share Posted August 11, 2022 Could not open MBPrivacy version information.MBPrivacy software is not found. We would need to have the software actually installed so that we can check logs to see what's going on. Some suggestions to try. 1. Uninstall Bonjour (this is a sharing protocol driver from Apple that is not needed on Windows in the vast majority of cases. Maybe if you had an Apple TV you're trying to connect to Windows, but even then you still might be able to do it without Bonjour. That is just an extremely noisy, chatty protocol that causes many networking issues) 2. Current DNS Servers: 192.168.100.1 Please consider changing your default DNS Server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Serverhttps://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed 3. ATTENTION: System Restore is disabled (Total:235.71 GB) (Free:117.62 GB) (50%) Please enable System Protection and create a new System Restore Point 4. Notice there are quite a few Network related issues. You may want to consider at least temporarily uninstalling ESET antivirus Malwarebytes in paid or trial mode with Windows Defender is on par or possibly even a better combination, so the computer will be protected without ESET System errors: ============= Error: (08/11/2022 11:15:31 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (08/11/2022 11:07:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The MBVpnService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/11/2022 09:23:32 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {b1557ce1-ee13-4900-85bc-3cc9f35f921b}, had event 74 Error: (08/10/2022 09:15:35 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (08/10/2022 09:15:26 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (08/10/2022 09:15:26 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (08/10/2022 11:35:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The ExpressConnect Network Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300 milliseconds: Restart the service. Error: (08/10/2022 10:57:17 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {b1557ce1-ee13-4900-85bc-3cc9f35f921b}, had event 74 Not saying the Dell Optimizer is bad, but review and be careful on what changes it allows or makes to the Network settings. Sometimes the automation is wrong and can work against you. C:\Program Files\Dell\DellOptimizer\DellOptimizer.exe Personally, on devices I've supported over the years the Logitech Downloader has often been problematic. If you really don't need it you might want to consider disabling it HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) The following it not a default folder. You may want to check on it and see what it's doing C:\Program Files (x86)\Temp You may be the one using this Remote Access, but just making you or the customer aware its running. Personally not a fan of running such tools from Temp, but some programs that are temporary in nature do that. (C:\Users\User\AppData\Local\Temp\unpacksos\2\SRFeatureSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRAppSOS.exe (C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRAppPBSOS.exe (C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRFeatureSOS.exe (C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRServerSOS.exe (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe (Splashtop Inc. -> Splashtop Inc.) C:\Users\User\Desktop\Monte REmote.exe Thanks @techstrong Link to post
techstrong Posted August 15, 2022 Author ID:1528756 Share Posted August 15, 2022 Hey There! I removed bonjour and made the other adjustments you suggested. I also reinstalled Malwarebytes Privacy. Still having the same symptoms. Here is the new log file after I did all the adjustments and experienced the symptoms again. mbst-grab-results.zip Link to post
Root Admin AdvancedSetup Posted August 15, 2022 Root Admin ID:1528773 Share Posted August 15, 2022 (edited) When did you uninstall Bonjour? I don't see the entry in Add/Remove anymore but I also don't see a log entry where it was uninstalled. That is normally logged. You can see here where it is wreaking havoc in the logs, at least yesterday. Application errors: ================== Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-EI7VGSM.local already in use; will try DESKTOP-EI7VGSM-2.local instead Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-EI7VGSM.local. Addr 192.168.1.147 Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from :5353 16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68 Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-EI7VGSM.local. AAAA FE80:0000:0000:0000:5875:0675:E340:1C68 Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from :5353 16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68 Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 DESKTOP-EI7VGSM.local. Addr 192.168.1.147 Error: (08/14/2022 07:05:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from :5353 16 DESKTOP-EI7VGSM.local. AAAA 2600:100E:B079:9846:5875:0675:E340:1C68 The logs also indicate a timing issue. It shows time is in the past when requesting a connection. Can you please double-check with a Time Clock resource that Windows is on the exact correct date and time? Can you try the other driver and see if that makes any difference? Tunnel driver: By default, Malwarebytes Privacy uses the Malwarebytes MBtun driver to connect to VPN. To use a Windows tunnel driver, you can select the Wireguard Wintun driver from the dropdown menu. The Wintun driver does not support the VPN Bypass feature. https://support.malwarebytes.com/hc/en-us/articles/360045211174-Settings-in-Malwarebytes-Privacy-VPN-for-Windows Edited August 15, 2022 by AdvancedSetup Removed local IP info Link to post
Solution techstrong Posted August 18, 2022 Author Solution ID:1529124 Share Posted August 18, 2022 Looks like the tunnel setting did the trick. We are now online and staying online without being kicked off. Here is a log file just to be sure everything is behaving nicely. Thanks for all your help. @AdvancedSetup mbst-grab-results.zip 1 Link to post
Root Admin AdvancedSetup Posted August 18, 2022 Root Admin ID:1529129 Share Posted August 18, 2022 Great, glad to hear the tunnel driver change worked. The log does show it connecting but not a lot of long history to show stability. If you do continue to have issues though, please let us know. Cheers @techstrong Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now