35 replies to this topic

[whatmeworry?]

I have had Anti-Malware Pro for many months, but because of conflicts with McAfee Enterprise AV 8.7, I've been using MBAM only for on-demand scans. Recently, I noticed a sticky about how to deal with McAfee Enterprise problems. Today I followed the instructions and then told MBAM to start at startup and I enabled the Protection Module. A box popped up telling me that the Protection Module was now enabled. I then rebooted, since my problems in the past had surfaced when I rebooted. There was no problem--but there was no MBAM at startup, either! I started MBAM and found that, again, the Protection Module was not enabled. This happened several times. I have no idea why MBAM isn't starting at startup.

The only other thing I've noticed today--probably not relevant--is that a Quick Scan took substantially longer than it has in the past. Normally, Quick Scans on this computer take five or six minutes. Today, it took more than nine minutes, even though it scanned no more files than usual.

I'm puzzled about all this. What should I do to get MBAM's Protection Module to stay enabled and the program to start at startup?

Thanks in advance for your help.

[whatmeworry?]

I forgot to add that I'm running MBAM 1.40 with DB 2640 on WinXP Pro, SP2.

[whatmeworry?]

I'm still unable to get the Protection Module to continue when I reboot. And the only way I've been able to get Malwarebytes Anti-Malware Pro to start at startup is to put mbam.exe in WinPatrol's startup list. But even that just starts the program WITHOUT the Protection Module.

I'm mystified. I updated MBAM to database version 2648 this morning and ran a Quick Scan. It turned up nothing.

I'd really like to get the Protection Module to start at startup, and I'd also like to be able to get the MBAM program to start at startup without having to manually put it into WinPatrol's startup list. But simply checking the Start with Windows button on the MBAM interface isn't working at all.

I'd be most grateful for some help with this.

[YoKenny1]

I would be more worried about Windows not being updated to SP 3 that has been available for over a year that contains performance enhancements and several Critical Security updates.

In Internet Explorer go to Tools then Windows Update then install all recommended updates.

I would then go to Control panel then Automatic Updates and select at least Notify me but do not automatically download nor install them.

[whatmeworry?]

YoKenny1, on Aug 18 2009, 12:06 PM, said:

I would be more worried about Windows not being updated to SP 3 that has been available for over a year that contains performance enhancements and several Critical Security updates.

I expect to replace my computer within a few months--as soon as Windows 7 is released and available as OEM on whatever computer I choose. Until then, I prefer to stay with SP2. I know of too many people who have been burned when trying to install SP3. I might add that Microsoft apparently recognizes that many people are staying with SP2. The company continues to release security updates for SP2, even very recently. I know, because I have my computer set to be notified of all critical security updates. I've installed all updates except for SP3 and IE8 (I use IE only when I have no choice, and I almost always have a choice).

I'm frankly quite surprised that I've received no response dealing with the problem I'm having with Anti-Malware Pro. Its Protection Module continues to stay on only until I turn off the computer (which I do every night). When I reboot, the Protection Module is no longer enabled. In fact, I can't even get MBAM to start at startup (in spite of checking the relevant box) except by putting mbam.exe in WinPatrol's Startup section. This is clearly not the way Anti-Malware has worked in the past nor is supposed to work. I'd really appreciate some help with figuring out what's going wrong. MBAM is far and away my favorite anti-malware program. I'd like to get it working as it should.

Thanks in advance.

[Swandog46]

Can you please post the contents of the protection logs located here?
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

[whatmeworry?]

I've attached the protection logs from yesterday and today. I changed my username to "username," but other than that, the files are unchanged.

Attached Files

•  protection_log_2009_08_18.txt   1.04K   23 downloads
•  protection_log_2009_08_17.txt   968bytes   21 downloads

[Swandog46]

Those logs don't contain much that is helpful (obviously that isn't your fault). Let's try this. Reboot your computer and try to duplicate the problem. Make a note of the time the computer reboots, and then leave it alone. Wait to see if MBAM starts up after a while, and then look at the protection log to see how long it took and when the messages were written to the log.

Am I correct in understanding that if you start protection manually, it works fine?

[whatmeworry?]

Swandog46, on Aug 18 2009, 01:53 PM, said:

Those logs don't contain much that is helpful (obviously that isn't your fault). Let's try this. Reboot your computer and try to duplicate the problem. Make a note of the time the computer reboots, and then leave it alone. Wait to see if MBAM starts up after a while, and then look at the protection log to see how long it took and when the messages were written to the log.

Am I correct in understanding that if you start protection manually, it works fine?

Thanks, Doug, for your response. I've now been trying various combinations, but the bottom line is that although I have MBAM set to start with Windows, it does NOT. And although when I click on the Start Protection button on the MBAM Interface, it starts and tells me that it's now protecting me, as soon as I log off, it stops and does NOT start again when I restart the computer. The only thing the protection log shows are the two entries that are added each time I manually start Protection Mode.

I brought up Task Manager to see what I could find from MBAM. Even when there's no sign that MBAM has started, a process called mbamservice.exe is listed, but that's all. If I then start MBAM manually, a second process appears on the Task Manager, mbam.exe. And when I manually press Start Protection, a third process appears, mbamgui.exe. But neither of these latter two are there unless I manually start MBAM.

I'm beginning to suspect my firewall may be causing these problems, but I'm not sure. I recently switched from long-in-the-tooth Sygate to Outpost Agnitum Free Firewall. I don't yet understand its features, but I'm beginning to wonder whether it's blocking MBAM. Then again, if it were, wouldn't it say something when I manually start MBAM and MBAM Protection Module? There's a section/feature of Outpost called Self-Protection, which supposedly "ensures that the Outpost Firewall cannot be disabled by malware." There's an "Exclusions" setting where one can list applications that are allowed to access Outpost Firewall components and registry keys. There were two already listed: mcshield.exe and SpybotSD.exe. I decided to add mbam.exe, but that didn't help. Should I have added something else?

I'm beginning to wonder whether I should have just stayed with Sygate . Then again, perhaps the MBAM problem has nothing to do with the Outpost Firewall. I just don't know. I've thought about 1) uninstalling and reinstalling MBAM and/or putting Outpost back into learning mode. I'd welcome your advice.

[Swandog46]

So the service starts correctly but the GUI (tray control) does not. I suspect your antivirus or some other piece of security software is blocking it from running on boot (it runs from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run). I am going to ask one of the support team to help you debug this because they do more of this on a day-to-day basis than I do, and probably know exactly what to try. Thank you for your patience.

[whatmeworry?]

Swandog46, on Aug 18 2009, 04:35 PM, said:

So the service starts correctly but the GUI (tray control) does not. I suspect your antivirus or some other piece of security software is blocking it from running on boot (it runs from the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run). I am going to ask one of the support team to help you debug this because they do more of this on a day-to-day basis than I do, and probably know exactly what to try. Thank you for your patience.

Thanks VERY much, Doug. I'd welcome that. Nothing I've tried seems to make a difference except putting mbam.exe in WinPatrol's Startup section, but that doesn't explain why it isn't there automatically, nor why the Protection Module doesn't work unless I manually start it each time. I suppose I could put mbamgui.exe in the WinPatrol Startup section as well, but I'd rather try to get to the root of the problem. So I'd be most grateful for help from one of the support team.

[Swandog46]

Sorry, do you mean to add mbamgui.exe to WinPatrol's allowed list? Because that is definitely something you would have to do. It is a separate process that has to run separately from mbamservice.exe and mbam.exe at startup.

[whatmeworry?]

Swandog46, on Aug 18 2009, 05:20 PM, said:

Sorry, do you mean to add mbamgui.exe to WinPatrol's allowed list? Because that is definitely something you would have to do. It is a separate process that has to run separately from mbamservice.exe and mbam.exe at startup.

No, I don't think that's what I mean. Normally, when a program wants to start at Windows startup, it inserts itself into Windows Startup menu, and WinPatrol adds it to its Startup monitoring section. The first time a program tries to add itself to the Windows Startup menu, WinPatrol will ask me whether I want this to happen. If I don't, WinPatrol will either block the program from gaining access to the Startup Menu or, if worst comes to worst, will enable me to disable or remove the program from WinPatrol's Startup section, thereby preventing it from starting at startup. But the problem is that for some reason, MBAM apparently isn't inserting itself into Windows Startup menu, so it's also not in WinPatrol's Startup section. If I want, I can manually ADD programs to WinPatrol's Startup section, but I'd rather try to find out what's preventing MBAM from doing this itself, and what's preventing the Protection Module from remaining in force upon reboot.

[GT500]

You may have to add the following files to the exclusions list for your anti-virus's real-time protection:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[whatmeworry?]

GT500, on Aug 18 2009, 06:44 PM, said:

You may have to add the following files to the exclusions list for your anti-virus's real-time protection:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Arthur, thanks for your response. Unfortunately, I don't think McAfee Enterprise Edition has a straightforward exclusions list. I had already followed the instructions provided in the pinned message from June 24 in this section of the Forum. After reading your message I decided to add all three program names to the exclusions sections specified in the June 24 instructions. However, that made no difference at all. When I rebooted, Anti-Malware Pro still did not start at startup and the Protection Module was no longer on.

[AdvancedSetup]

It seems that McAfee has recently changed something once again that is now blocking MBAM on startup. If you delay the startup by about a couple minutes it will probably be okay.

I'm working on trying to see if we can find a method around this new update, in the meantime you should be able to use the WinPatrol's Startup Delay to get around this for now.

[whatmeworry?]

AdvancedSetup, on Aug 18 2009, 10:17 PM, said:

It seems that McAfee has recently changed something once again that is now blocking MBAM on startup. If you delay the startup by about a couple minutes it will probably be okay.

I'm working on trying to see if we can find a method around this new update, in the meantime you should be able to use the WinPatrol's Startup Delay to get around this for now.

Thanks very much, Ron, for this explanation. And yes, I can easily put MBAM into WinPatrol's delayed startup section.

Again, many thanks!

[whatmeworry?]

Ron, I've now tried your Win Patrol suggestion. I hope Malwarebytes will be able to figure out a better way to deal with McAfee's latest craziness, because using WinPatrol's Delayed Start function isn't really satisfactory. For one thing, in spite of my selecting the option in WinPatrol to have the program start minimized, MBAM starts with the normal Malwarebytes screen, which can be very disconcerting and annoying when it suddenly appears while I'm in the midst of doing something. And I could find no way to get the Protection Module to be on at startup, not even a delayed startup. I think I'm probably better off taking MBAM out of WinPatrol's Delayed Startup and just starting it manually, and then clicking on the Protection Module.

Although it didn't do what I'd hoped, I really do appreciate your attempt to help.

[AdvancedSetup]

Okay thanks for the feedback. I'm installing McAfee Corporate Version 8.7i now so that I can review it again. Hopefully tomorrow I'll be able to post back something on it.

[AdvancedSetup]

This appears to work for now until I have more time to track down the actual files and processes that are being blocked now by McAfee.

Add the following FOLDERS to the Exclusions for the On-Access Scanner (make sure to add the trailing \ on the end to indicate a folder) and also choose the option for Sub-Folders

C:\Documents and Settings\All Users\Application Data\Malwarebytes\
C:\Program Files\Malwarebytes' Anti-Malware\

Then add the following files as well by exact path and name
C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys

If you have the Access Protectin Rules enabled then you'll also need to add some if not all of the MBAM related files until I can spend more time and find all the exact files again now that McAfee has made some change that are targeting them.

NOTE: If you're running Vista then you'll need to modify the paths accordingly.