Jump to content

Realtime scanning constantly working with Adobe Camera Raw camera DCP files


Recommended Posts

Whenever I view the Windows 11 Resource Monitor the disk activity is always indicating that MBAMService.exe is actively scanning Adobe Camera Raw camera profiles, *.dcp.  Not that this is consuming large amounts of resources, but is certainly seems to be quite confusing to the service and causing it to likely spend more time than necessary with these files.  So, not looking for a solution, but a suggestion as to whether this is normal or should be reported.  I'll attach a screenshot.  Thanks in advance.

Screen capture 2024-02-27_190130.jpg

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

@Tom_O 

Please do the following so that we may take a closer look at your system.

Do these 2 steps FIRST so that files and folders are set to SHOW, plus also, Turn OFF Windows Fast Start.

Show-Hidden-Folders-Files-Extensions
https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

Then please restart the computer and then do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool. The tool also downloads and runs a file called FRSTEnglish. Please allow it to run.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine 


image.png.79d4442a821713608fa60808a98c2e69.png 

image.png.98d86a6c3017d2bbba48877ea4f6ba45.png

  • A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply

     

Thank you

 

Link to post
Share on other sites

@Tom_O First, I suggest you add the folders that from your screenshot are using the MB service to the allow list. See if it reduces the disk usage.

This folder to be exact. image.png.be7229deb50105ccd863bc2d3de76e70.png

Malwarebytes for Windows Allow List

  1. Open Malwarebytes for Windows.
  2. Click the Detection History card.
  3. Click the Allow List tab.
  4. To add an item to the Allow List, click Add.
  5. Select the type of exclusion you want to add.
    DOC-3543-1.png

The following sections detail how to add an exclusion of each type.

Allow a file or folder

Allowing a file or folder instructs Malwarebytes for Windows to ignore the file's location. If you allow a folder, every file and folder inside is also excluded from Malwarebytes scans.

  1. Click Allow a file or folder.
  2. Click Select a file or Select a folder.
  3. Choose the file or folder you wish to exclude, then click Open.
  4. Under Exclusion rules, choose how you would like to exclude the file or folder.
    • Exclude from all detections
    • Click Done to confirm your changes.

I also suggest the following.

Please make the following change in Malwarebytes if you're using the Premium or Trial version

  • Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security tab.
  • Then turn off "Always register Malwarebytes in the Windows Security Center"
  • Restart the computer

image.png.ced4aa64af4718ab767f579cc39014

It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions
between Malwarebytes and Windows Defender

Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

Link to post
Share on other sites

I decided to try one suggestion at a time, just so we know which affected what.  And, I thought it best to truncate the last folder in case Adobe makes a change to where they store camera profiles.  So, I excluded the C:\ProgramData\Adobe\CameraRaw\CameraProfiles folder (less the \AdobeStandard), as you instructed above, and that seems to have corrected the issue.  I did wait 20 minutes or so as well, just to ensure the system and the scanning process had an opportunity to calm down and settle on those same files.  I did not see any evidence that the files remained an issue.

Before I deregister Malwarebytes with Windows Security Center, I was wondering why you suggested that, if because it might be related to the above, or it solves some other issue you noticed in the logs.  I want to say I recall an issue with Windows Sec. Center always generating a message on reboot when it is not registered.  It has been a long time since I've seen that message, so I can't even tell you what it said.  But, it rings a bell that there was a reason I had always set it to be registered.

Link to post
Share on other sites

9 minutes ago, Tom_O said:

I was wondering why you suggested that

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block files like these if malicious on execution-only.

And,

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

An AV will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, you get an email with an infected attachment, Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made. Macrium Reflect free is the program I use and place on every computer I service.

Link to post
Share on other sites

Thanks for those details. It's probably been a couple years since I reviewed the interaction between the two. I thought Defender remained fully active with Malwarebytes, and that is what I wanted.  I quickly read another thread that had a short confirmation of your answer... no, WD essentially stops it's AV functionality. So, I'll proceed to deregister it as you suggested. Thanks for your help on both issues.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.