Phoenix84

Same for me, I'm a developer and the anti-exploit triggered on a powershell script I wrote a while ago. It's part of a build process, the entire package, including my script are on Github here: https://github.com/Gwindalmir/SEWorkshopTool The powershell script in question checks to see if a game is installed from Steam, and if so, creates a junction in the build path pointing to where the game's binaries are. If the game isn't installed, it uses another tool to download the dedicated server binaries, which are free, and extracts them to the build location instead. These binaries are a build-time dependency. I use the same script in Github Actions to perform auto-builds. I can see why it might be flagged, since it's downloading and running stuff from the internet. I had to disable Ransomware protection shortly after it was added to MB because it's incompatible with Visual Studio (triggers during a build and blocks the compiler). I don't want to have to disable exploit protection too. psh_false_positive.txt LinkBinaries.ps1.txt

For those mentioning hard drive issues, I would wager good money it's due to the Windows page file (for those less knowledgeable, Windows will use the hard disk when you run out of RAM). This can cause disk usage to go up as process memory increases. By default this amount is managed by Windows. I override it and set a maximum, so my machine will crash instead (which I prefer over eating up my hard drive and making it run slower than molasses). If you have an SSD, this can kill it (depends on usage, of course).

While I appreciate the response, this isn't the first time you guys have pushed a bad update. The Ransomware protection added in 3.x still breaks application updates (ie. games/apps installed via Steam), as well as Visual Studio compilation. I've permanently disabled that feature, since it has not been resolved for months. MBAM doesn't even tell you it flagged something, the updates/builds just give errors (file locked), or the file returns if trying to delete it (even manually). This has been documented elsewhere on the forums. Overall, it seems quality has gone downhill since the early 2.x days.

I awoke to my computer dead (I left it on last night). Immediately on reboot I started up Process Explorer (I use it for task manager), and continued to monitor. It MBAMService.exe reached 20GB of usage in under 20 minutes before I restarted the service. However it's not just RAM, CPU usage on one core for MBAMservice is 100% (on 8-core machine, that's 12-13% total). Unfortunately turning off all protections (while leaving it running) isn't good enough, it still climbs. I'm going to have to completely shut the service down. FYI, you can do that by going into Services (start-> type 'Services'), then look for MalwareBytes Service. Right click, go to Properties. Where it says "Automatic," select "Disabled" from the drop down. Then click "Stop". It will not restart after that. (follow the above steps and select "Automatic" again to restore the original behavior) This is NOT a good solution though, but it's the only one that stops the system from eventually crashing from running out of RAM. I'm on Windows 7, for the record.

Thanks! Turns out I did have the update already when I went to check. I'll remove those exclusions.

What's the version? MBAM doesn't tell me the last time it updated, nor does it say an update is available.

The svchost port 68 is a particular problem, because that's the DHCP broadcast. If MBAM blocks it, you may lose internet connectivity (due to IP renew failure). It might be a good idea to add an exception for that process ASAP, in case the devs don't push out an update fast enough.

I got the same for dropbox, and svchost.exe port 68. I will add though, that the exclusion and notification management in MBAM is sub-par compared to even Windows Defender. It's basically all or nothing, which I don't like either. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/20/17 Protection Event Time: 11:26 AM Log File: c0f29f4a-ce28-11e7-8831-00ff80c6259a.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3304 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 255.255.255.255 Port: [68] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/20/17 Protection Event Time: 11:28 AM Log File: ed5852d2-ce28-11e7-ab95-00ff80c6259a.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3304 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 255.255.255.255 Port: [17500] Type: Outbound File: C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (end)

I'm still seeing this issue. I built an executable in VS, then copied it to a different location (both on the same, non C: drive), however when I went to delete it from that location, the delete failed (it deleted, but came right back). Once I disabled ransomware protection, the file immediately went away (no further action was necessary). I'm on MBAM: Version 3.2.2.2018 Component: 1.0.212 Update: 1.0.3114 https://www.dropbox.com/s/ghj3tiezkekn15p/mb-check-results-2017-10-27.zip?dl=1

Despite how annoying this bug is, if it were rushed out and there was another bad bug (such as randomly deleting files), you'd be thoroughly (and rightfully) enraged with the devs.

Heh, sorry. I just came in here to make a request regarding licensing. :-) Here's what happened: 1) My wife's computer (I guess) tried to auto-update sometime recently, but it failed and MB was removed. I noticed this when my wife was have issues with malware. 2) I reinstalled MBAM on her laptop, and the license information was preserved, telling me was a botched self-update. At this time I noticed I downloaded a newer version than I had on my own PC. 3) I downloaded the new version on my PC and attempted an install over the existing one. This failed. 4) I uninstalled MBAM, rebooted, and installed it again from the previously downloaded file 5) Had to reenter license information due to it not preserving it on my machine (while it did on my wife's). 6) Came here to ask for an option to preserve license information on uninstall

Thanks. Time isn't an issue, I'm in no rush as I resolved the installation issue myself. Mostly, the issue is it contains my name (and my wife's, since it's our usernames).

Is it ok if I PM this to you? I don't like how much information is in these logs, and would be publicly available.

Too late, I already reinstalled it manually, however I'll keep that in mind the next time. EDIT: Actually, it wasn't the auto-updater that failed, I actually tried to upgrade manually by downloading the installer. It failed, so I uninstalled and reinstalled.

I can't do that when I can't start MB because the upgrade failed (Cannot connect to service error). EDIT: Or, possibly, rollback the upgrade process if it fails, instead of continuing in an erred state.