"IP Protection" is untickable

[Dave316]

Hi,

I noticed this morning on my licensed version of MBAM that the "IP Protection" part of the right-click menu can't be ticked any more. Even when unticking the "Enable Protection" part because I know that you needed to have one ticked before the other when I tried to access sites which I thought were safe that the MBAM database told me were not safe.

I was wondering if anyone had noticed this because I'm at a loss as to how this could have happened. All that comes to mind is maybe there are malwares out there that might known how to attack MBAM like many viruses attack anti-virus software. Just an idea given the overnight news about that MBAM's database was found to be part of a competitor's program.

Thanks for any help.

[AdvancedSetup]

Please do update the database and do a quick scan and post back the log.

[Dave316]

Here's the log but nothing was found as I do run MBAM every day alongside my AV (NOD 32 v4):

Malwarebytes' Anti-Malware 1.41

Database version: 3284

Windows 5.1.2600 Service Pack 3

03/12/2009 11:29:29

mbam-log-2009-12-03 (11-29-25).txt

Scan type: Quick Scan

Objects scanned: 110747

Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[AdvancedSetup]

have you tried restarting the system?

[Swandog46]

It is greyed out, or simply doesn't turn on when you try to tick it? What do the protection logs show?

[MiguelSanchez]

It is greyed out, or simply doesn't turn on when you try to tick it? What do the protection logs show?

I'm having this same problem...

here is the log...

------

08:25:06 Mike MESSAGE Database updated successfully

08:25:57 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

08:26:04 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

08:30:22 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

08:30:27 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

------

The IP Protection option in not greyed out in the tray menu...it simply won't toggle on and emits the above errors to the log.

I am a paid customer and would like to have this resolved.

Thanks

[GTK48]

Mine is not grayed out but I can't toggle it.

[Swandog46]

That error means DEVICE_NOT_READY. Is your internet connection usually available immediately on boot? GTK48, is your error code the same?

Please try the following: update to the new version 1.42, reboot, and see if the problem is resolved. If not, we can work on it.

[Swandog46]

Also, which operating system version are you using? Please be specific. (i.e. Windows XP x64, Windows Vista x86).

[GTK48]

That error means DEVICE_NOT_READY. Is your internet connection usually available immediately on boot? GTK48, is your error code the same?

Please try the following: update to the new version 1.42, reboot, and see if the problem is resolved. If not, we can work on it.

Yes it is and I am using Windows 7 64 Bit which I posted in another thread that no one has responded to yet. I cannot RC on the Icon in the tray. I have removed this program until the problem is fixed.

[GTK48]

Yes it is and I am using Windows 7 64 Bit which I posted in another thread that no one has responded to yet. I cannot RC on the Icon in the tray. I have removed this program until the problem is fixed.

Sorry but I can't seem to edit a post. No I am not getting an error. The program is just not working as it should. I may add that I had this same issue with 1.41.

[Swandog46]

GTK48, open the protection logs (now available through the mbam.exe interface in 1.42) and tell me what the error code posted is. There should be a log for today (or yesterday) with errors in it, like MiguelSanchez posted above.

[GTK48]

GTK48, open the protection logs (now available through the mbam.exe interface in 1.42) and tell me what the error code posted is. There should be a log for today (or yesterday) with errors in it, like MiguelSanchez posted above.

11:02:33 Gary IP-BLOCK 66.235.126.61

11:02:33 Gary IP-BLOCK 66.235.126.122

11:02:33 Gary IP-BLOCK 66.235.126.61

11:02:33 Gary IP-BLOCK 66.235.126.122

11:02:43 Gary IP-BLOCK 66.235.126.61

11:02:43 Gary IP-BLOCK 66.235.126.122

Like I said I do not get an error. I have some questions though?

1. Why can't I RC on the Icon in the tray?

2. It says on the protection page to start with Windows and Not to delay Start. Why is it set to delayed start by default?

3. Will this be fixed so I can start using this program again?

[MiguelSanchez]

That error means DEVICE_NOT_READY. Is your internet connection usually available immediately on boot? GTK48, is your error code the same?

Please try the following: update to the new version 1.42, reboot, and see if the problem is resolved. If not, we can work on it.

Updated to 142

Rebooted

still no joy...

log:

----

10:05:27 (null) ERROR IP protection failed: PfMakeLog failed with error code 21

10:05:53 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

----

I am using Windows XP Home SP3 (x86)

My internet connection is available at boot.

Please help.

Thanks

[MiguelSanchez]

Updated to 142

Rebooted

still no joy...

log:

----

10:05:27 (null) ERROR IP protection failed: PfMakeLog failed with error code 21

10:05:53 Mike ERROR IP protection failed: PfMakeLog failed with error code 21

----

I am using Windows XP Home SP3 (x86)

My internet connection is available at boot.

Please help.

Thanks

Sorry attached wrong screenshot...here is the correct:

[Swandog46]

GTK48, those logs suggest yours is working: indeed, it blocked 4 IPs in the span of one second.

You can't right-click on the tray menu at all? What happens when you do?

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value startipdisabled and set it to a value of 1. Reboot and see if you can now right-click on the tray menu. If so we'll try to track it down further.

The service is set to delayed start because we found it avoided conflicts with certain antivirus products.

@MiguelSanchez

I removed your second screenshot because it contained your license information, which we do not want stolen!

Your problem is entirely different from GTK48's above.

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value delayguistart and set it to a value of 30. Reboot. The protection module will be loaded after a 30 second delay on reboot. Please see if this resolves the problem.

[GTK48]

GTK48, those logs suggest yours is working: indeed, it blocked 4 IPs in the span of one second.

You can't right-click on the tray menu at all? What happens when you do?

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value startipdisabled and set it to a value of 1. Reboot and see if you can now right-click on the tray menu. If so we'll try to track it down further.

The service is set to delayed start because we found it avoided conflicts with certain antivirus products.

@MiguelSanchez

I removed your second screenshot because it contained your license information, which we do not want stolen!

Your problem is entirely different from GTK48's above.

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value delayguistart and set it to a value of 30. Reboot. The protection module will be loaded after a 30 second delay on reboot. Please see if this resolves the problem.

I have found that MBAM was stopping KIS 2010 from updating so I removed MBAM. I need to have KIS updating. When I RC on the Icon in the tray nothing happens. I will reinstall it again to test.

[MiguelSanchez]

GTK48, those logs suggest yours is working: indeed, it blocked 4 IPs in the span of one second.

You can't right-click on the tray menu at all? What happens when you do?

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value startipdisabled and set it to a value of 1. Reboot and see if you can now right-click on the tray menu. If so we'll try to track it down further.

The service is set to delayed start because we found it avoided conflicts with certain antivirus products.

@MiguelSanchez

I removed your second screenshot because it contained your license information, which we do not want stolen!

Your problem is entirely different from GTK48's above.

Let's try this: please open Start -> Run -> regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

Right-click in the right-hand panel and choose New -> DWORD value. Name the value delayguistart and set it to a value of 30. Reboot. The protection module will be loaded after a 30 second delay on reboot. Please see if this resolves the problem.

Created the reg entry.

Rebooted...no joy.

Thanks

[GTK48]

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

1. the above key does not exist.

2. I placed it in Hkey_Current_User\software\malwarebytes instead as that key did exist.

3. It still does not work.

4. I can RC on it all day long untill I open up Firefox. Once I do that I can no longer RC on it.

[GTK48]

Well when your programmers figure this out, I may try it again. For now KIS 2010 seems to be doing it's job as MBAM never finds anything on a scan anyway. I only started using MBAN's protection mode today as I had this same issue with release 1.41. Ever since that IP protection started to be used. Maybe that is a place to start looking.

[Swandog46]

GTK48, my mistake. Please follow the above instructions using the key:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Malwarebytes' Anti-Malware

MiguelSanchez, please do the following:

1. Uninstall MBAM completely. Reboot.

2. Install MBAM 1.42. Do not reboot. Then open MBAM and Start Protection immediately.

Does this work? If not, please check the protection logs to see if the error code is the same.

[GTK48]

GTK48, my mistake. Please follow the above instructions using the key:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Malwarebytes' Anti-Malware

MiguelSanchez, please do the following:

1. Uninstall MBAM completely. Reboot.

2. Install MBAM 1.42. Do not reboot. Then open MBAM and Start Protection immediately.

Does this work? If not, please check the protection logs to see if the error code is the same.

OK I did what you posted and it sort of works. I can RC on the Icon in the tray as long as I do not start IP Protection. Once I do that and then go online I am back where I started from, NO RC on the Icon in the tray. Now, FWIW, I may as well be using release 1.39 or whatever ir was before the IP protection started. You may as well give me a hack that will remove totally. There are no errors in the log either. IMHO, MBAM's Devs need to take this back to the drawing boards and start over. The program obviously is flawed as far as Windows 7 x 64 goes. I posted earlier that I had this same problem with 1.41 and I reported it then and it appears that nothing is being done. From what I have been reading most of the IP problems are false positives anyway. Either fix the IP issue or do away with it.

Thanks for your help.

[GTK48]

OK again. I started doing some troubleshooting and it seems that the site My way.com is causing this issue. It was my home page. I then switched to Yahoo and had the same problem because I had a bookmark on My Yahoo to Myway. I removed the bookmark and the program is doing fine now. MBAM just has to whitelist http://my.myway.com/ i guess so that I can use that site again. One of the IP's below is Myway's or both of them maybe. I removed that reg hack and it is still working fine as long as I don't go to myway.com.

10:48:50 Gary IP-BLOCK 66.235.126.61

10:48:50 Gary IP-BLOCK 66.235.126.122

10:48:50 Gary IP-BLOCK 66.235.126.61

10:48:50 Gary IP-BLOCK 66.235.126.122

10:49:00 Gary IP-BLOCK 66.235.126.61

10:49:00 Gary IP-BLOCK 66.235.126.122

[Swandog46]

GTK48, I suspected your problem was that the flux of blocked IP traffic was more than the program could handle, and that made the program look unresponsive. MyWay is adware and is unlikely to be delisted any time soon. I suggest you change your homepage. If you would really like to whitelist that IP (not recommended), you can visit the site (or ping it at the command line if that poses fewer problems), right-click on the tray icon and choose Add to Ignore List.

[GTK48]

GTK48, I suspected your problem was that the flux of blocked IP traffic was more than the program could handle, and that made the program look unresponsive. MyWay is adware and is unlikely to be delisted any time soon. I suggest you change your homepage. If you would really like to whitelist that IP (not recommended), you can visit the site (or ping it at the command line if that poses fewer problems), right-click on the tray icon and choose Add to Ignore List.

Thanks but I will just keep using Yahoo. If Myway is adware why does MBAM not pick it up on a scan? Also thanks for all of the help.