Jump to content

Malwarebytes and Comodo Defense+ problem


Recommended Posts

Hi, I got a problem starting/opening Malwarebytes. I used it before installing comodo and it worked fine, and still does only if I disable defense+. All the updates and scans of malwarebytes work fine. Only when its opened with Defense+ enabled in any mode except installation and disabled.

I have made the Malwarebytes under custom rules and policies to be allowed and trusted by comodo defence+, but it still get stuck. In the task manager it shows mbam stuck with 72kb process.

The comodo events show that Malwarebytes as terminate process by explorer.exe (no idea how) :rolleyes: .

So once its stuck, when I disable defense+ and ended the task of Mbam.exe (at exactly 72kb), the UAC pops up and all works fine.

Any suggestions how to fix this please? cuz its irritating to keep disabling the defense+ (plus having to surf the web with defense+ disabled) :lol: .

(I have tried uninstalling malwarebytes completely with the mbam-cleaner but the result is the same atthe end)

Link to post
Share on other sites

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

Please post back and let us know how it went.

Link to post
Share on other sites

tks firefox, but it doesn't work.

I tried all what you said (excluded the files from Image Execution File settings), I even made all the files as trusted in comodo. Anti-virus is Avast and doesn't really bother malwarebytes but I entered the updates website to its web-shield anyway.

Yet with all the changes no effect,

What defense+ is saying is that it has blocked a suspicious attempt from malwarebytes on the explorer.exe. (So the the mbam.exe is stuck before UAC)

Have I missed a step by any chance?

Link to post
Share on other sites

Just now I discovered that, if I run the application as Administrator (by right-clicking) it works fine (Defense+ is kept on safe mode)

but if I go to properties and change under the compatibility to select the Run as Administrator, mbam get stuck as earlier.

Link to post
Share on other sites

Personally I wouldn't trust malwarebytes', as I've had similar alerts by Comodo on mbam attempting to randomly execute personal files. But if you really want to use it, try adding them to your own safe files. Open comodo and click defense and own safe files. Then click add and browse for files.

Link to post
Share on other sites

Please show proof of anything like that. There is no way we are executing other programs on your system.

Unfortunately, I do not have proof as I failed to create a screen shot. However, I posted here. No explanation was given on the matter. I was repeatedly told it was FP. But it was not. MBAM was attempting to access a file during it's startup and I blocked with Comodo Defense. I also contacted customer support, but was again told it was a FP. Unfortunately, I deleted the email as well. All I wanted was an explanation. I am very amazed on how I was treated as a customer. This is a very fowl and dirty practice by a very well known and respected company. You are a security vendor, not a malware distributor/supporter. People who deliver malware are after your personal files for financial reasons. Certainly you aren't one of them? So why are you doing this in the first place? This is one thing I may never understand. Good people fall to the almighty dollar and will be forever trapped....................

Link to post
Share on other sites

  • Root Admin

Well I'm sorry but I don't have time to personally review and reply to every single post.

False Positive or not MBAM was doing it's job that you did pay for.

You created a NEW executable file that is either in the path, or registry, or memory that is unknown to MBAM. So the program was flagged. We were not executing it, we were scanning it for malicious code as does every scanner that is used for AV, AM protection.

The fact that it is benign and should not have been detected is when you should have submitted it as a False Positive

Then we would have examined the report and let you know what we found or that we've removed it from detection.

Comodo simply was alerting you that our program was accessing the file (not that we were executing it) and it is normal and to be expected. If we didn't scan it for detection and it was Malware that you didn't know about then you'd be here complaining that we didn't detect it. If you take that same file and copy it to some new folder that is not in the path and then reboot the computer and do a Quick Scan we won't detect it because it's not in memory, it's not in the path for Windows, and it's not in a known load point in the registry.

Thanks and if you have a similar situation in the future please do follow the False Positive guidelines to report it and we'll take a look at it for you.

Nothing sinister going on, just none of the other Honorary Members perhaps knew enough about how Anti-Virus and Anti-Malware programs operate is all.

Link to post
Share on other sites

You created a NEW executable file that is either in the path, or registry, or memory that is unknown to MBAM. So the program was flagged. We were not executing it, we were scanning it for malicious code as does every scanner that is used for AV, AM protection.

I'm not sure how you consider the "Documents" folder unknown to mbam. The file was nether in a path unknown, registry or memory. The program was not flagged(no warning from mbam whatsoever). Nice try, but no. No legitimate scanner reads files before the scanner has fully started. Malwarebytes' was starting up, but during that time it started reading/executing files. Files that it does not require to run. That is why comodo alerted. It was attempting to read/execute files in a malicious manner. I have never seen superantispyware or any other product reading/executing unrelated files to their normal startup routine after a reboot.

Link to post
Share on other sites

I apologize to everyone. I think I really jumped the gun here. I've never seen an alert to what comodo gave, which I jumped to conclusions. It seems that most security software check files in similar manner such as during the security software's startup. This helps ensure the files state has not changed, or is running. Malwarebytes' probably didn't recognize it during a previous scan. When comodo gave the alert on mbam executing a file before the tray icon was running, I panicked/jumped the gun and thought it was doing something malicious.

Now I understand from AdvancedSetup's explanation. However, what I don't understand is why these programs check in such as manner. This can be used maliciously if in the wrong hands. Such as sending off personal data at reboot. But security software can only verify certain threats at this time. Personally I would try to find an alternative to this, but then again security is a very complicate subject and is not that easily done.

Again I'm sorry for the trouble I caused to everyone including the mbam staff. I really jumped the gun on a matter I was confused on. ;) Didn't mean to start hitting on you guys.

Link to post
Share on other sites

  • Root Admin

No problem. I'll go ahead and close this post soon since it has been taken care of.

Understanding all the intricacies and complexity of how programs operate and how and when they talk to each other is mostly hidden from users on purpose as it typically does just confuse them as there is a wealth of information constantly being moved in, out, and around the system. Using special tools that monitor all of these events can easily log millions of entries in minutes on a clean system, way too much data for the general computer user to think about much so luckily the designers and developers have hidden the majority of that from users.

Believe me there are many very knowledgeable people out there that take our program apart all the time and if they thought we were stealing your data or doing something underhand they would not be recommending our program as they often do and would be posting about it.

Take care and try to relax some - no one's out to get you or your data from our end and if you can't or don't want to trust the program it's very easily removed, in fact easier than most AV programs.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.