Jump to content

v1.13.1.551 constantly sending data following Windows Update.


nukecad

Recommended Posts

Yesterday evening I updated one of my laptops to the Optional cummulative update preview for Windows 10 22H2, KB5029331, it's now at build 19045.3393
NET Framework was also updated, KB5029847, and there was a Defender update.

Nothing else was changed, simply those updates.

I noticed straightaway, and it's continued since, that following the updates MBAE v1.13.1.551 has been constantly sending/receiving data over wifi.

Turn on flight mode, turn it off again and the sending/receiving resumes.
Restart the laptop and let it settle to idle again, the sending/receiving resumes.

It is set to submit attempted exploits ananymously, but there is no log of any block.
It is also set to update automatically, but no new version has been announced.

I booted the laptop at 08:00 BST this morning and left it sat idle, MBAE is still sending/receiving data over 2 hours later.

My second laptop has not had the Windows preview update (yet), it has now had the NET Framework and Defender updates - MBAE on that is not sending anything.

I could of course try uninstalling/reinstalling the MBAE that is constantly sending data, but I'll leave it as is for now.

Anyone have thoughts or comments on what MBAE on that updated laptop is sending/receiving, and why?

Capture1.JPG.6cd9f0694a9a0eeadc0f89e64476f3b0.JPG

Capture.JPG.fd6d7e642cf12147a92a70db4bf9f64c.JPG

 

Edited by nukecad
Link to post
Share on other sites

  • Root Admin

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

Hi @AdvancedSetup

I'll get the support log shortly, (I'm running a manual Malwarebytes scan on that laptop at the moment) - but I have already done some testing and discovered the culprit.

It is "Submit drive-by exploit payloads ananymously" that is sending the data.

When I untick that setting then the sending ceases immediately.
Re-tick the setting and the sending resumes.

MBAE has never flagged up an attempted drive by on that machine, and there is nothing in the logs.

  • Like 1
Link to post
Share on other sites

Additional:

I have now applied the optional Windows update on my other laptop, that has not been affected and MBAE on that one is NOT sending anything.

(It may be the difference in the Windows status? The affected laptop is running unactivated Windows. But that's only a guess).

I will turn the setting off for now on the affected machine, whatever it is sending I'm sure that you don't want hours of it.

Link to post
Share on other sites

I have read (cannot remember where) that it is recommended that any Optional cumulative update preview, now or in the future, is not to be installed.

Edited by hake
Link to post
Share on other sites

That is one opinion that you see, often given out of context. (Usually from the same people who don't like Windows Updates at all).
Some people regard it as a beta release and don't like, or don't trust, betas.
Of course if you are on this forum then presumably you know about betas.

The optional updates are, well, optional ie. you can take them or ignore them as you want.

Sometimes I do, sometimes I don't, sometimes I'll just do it on one laptop.

I've never had any issue with them, even this case is not the Windows Update per-se, it's MBAE beta on that one laptop.
It's the kind of odd happening that betas  are meant to catch.

Edited by nukecad
Link to post
Share on other sites

Update:

This morning I ununstalled MBAE and removed traces using Revo.
I did a Restart and reinstalled MBAE from a new download.

There is no sign of the anomalous report sending from the fresh install.

Obviously something had gliched in the previous MBAE install on the laptop, caused by or triggered by that Windows Update.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.