terrypin

Why is mbamservice.exe running?

17 posts in this topic

I'm using Malwarebytes' Anti-Malware Pro 1.50.1.1100. At present it supplements my resident anti-virus app, Avira AntiVir (Free), although I may change that soon. So right now I just use it occasionally for extra scans, and therefore I have 'Enable protection module' unchecked.

Yet I still see mbamservice.exe running in XP Pro Task Manager. And its 'I/O Reads' is by far the highest of all processes. (By a factor of nearly 20!)

Can someone explain this please?

I've manually terminated this process as it was slowing my PC, but I don'tr see why I should have to do that.

--

Terry, East Grinstead, UK

Share this post


Link to post
Share on other sites

Please start by doing the following and make sure you setup file and folder exclusions within your Anti-Virus. If this does not correct the issue please let us know.

Please do the following to see if it resolves the issue:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites
Please start by doing the following and make sure you setup file and folder exclusions within your Anti-Virus. If this does not correct the issue please let us know.

Please do the following to see if it resolves the issue:

etc, etc

Thanks, but that looks like a copper-plate answer rather than reflecting any consideration of my particular problem!

Did you also see my reply in the thread 'mbamservice.exe excessive disk load, Slows PC'?

MBAM was updated only recently. I strongly suspect that this latest version is buggy. Did you investigate that possibility?

--

Terry, East Grinstead, UK

Share this post


Link to post
Share on other sites

Hello, terrypin:

Please follow AdvancedSetup's recommendations as it is the first step in basic program troubleshooting, and it resolves many issues.

In addition to what he suggested, also please add the Avira program folder to the "ignore list" in MBAM (see attached screen grab).

If these steps don't resolve your issue, then the experts will be happy to assist you with additional steps to get it working properly.

Thank you,

daledoc1

Share this post


Link to post
Share on other sites
Hello, terrypin:

Please follow AdvancedSetup's recommendations as it is the first step in basic program troubleshooting, and it resolves many issues.

In addition to what he suggested, also please add the Avira program folder to the "ignore list" in MBAM (see attached screen grab).

If these steps don't resolve your issue, then the experts will be happy to assist you with additional steps to get it working properly.

Thank you,

daledoc1

OK, I did all that. Took me a long time with 3 reboots. As I expected, it's made no difference.

Now will you consider the points I made before please? To repeat:

1. Why is mabamservice.exe still running when I've disabled protection as I described?

2. And generating such an enormous number of Read I/O entries which slow the system down? Neither of which happened before.

3. Doesn't it strike you as more than a coincidence that two users are reporting an almost identical problem with the same version within a day or two of each other?

--

Terry Pinnell, East Grinstead, UK

Share this post


Link to post
Share on other sites

Even with the protection module disabled, the service will remain active. That's because it operates in kernel mode, and killing any process that runs in kernel mode has a high probability of causing system instability. If you don't use the protection module at all then your best option would be to do the following:

  • Open Malwarebytes' Anti-Malware and click on the Protection tab
  • Uncheck the box next to Start protection module with Windows.
  • Reboot your computer

From now on, the protection module will not be running. You will still see mbamservice.exe is running, but it will be using much less memory and will not be displaying any CPU spikes, that's because protection isn't loading any more and it's only running for the sake of executing scheduled updates and scans.

Share this post


Link to post
Share on other sites
Even with the protection module disabled, the service will remain active. That's because it operates in kernel mode, and killing any process that runs in kernel mode has a high probability of causing system instability. If you don't use the protection module at all then your best option would be to do the following:

  • Open Malwarebytes' Anti-Malware and click on the Protection tab
  • Uncheck the box next to Start protection module with Windows.
  • Reboot your computer

From now on, the protection module will not be running. You will still see mbamservice.exe is running, but it will be using much less memory and will not be displaying any CPU spikes, that's because protection isn't loading any more and it's only running for the sake of executing scheduled updates and scans.

OK, thanks. (It would have been good to know about that after my original post, before these unnecessary steps.)

But anyway that's exactly what I did previously, unchecked Start protection module with Windows, yet the extremely heavy usage continued after reboot. Has anyone in Support actually tested this to see if they can reproduce the issue?

I've now fresly unchecked that option,and I'll now reboot yet again (I think that's #5) to make absoutely sure, and report back.

Meanwhile, no one has yet addressed my question about the apparent coincidence of two similar problems.

BTW, is resident protection the only feature in Pro that's not in my previous free version?

--

Terry, East Grinstead, UK

Share this post


Link to post
Share on other sites
OK, thanks. (It would have been good to know about that after my original post, before these unnecessary steps.)

But anyway that's exactly what I did previously, unchecked Start protection module with Windows, yet the extremely heavy usage continued after reboot. Has anyone in Support actually tested this to see if they can reproduce the issue?

I've reproduced it with the protection module active, I've not done so with it disabled from boot.
Meanwhile, no one has yet addressed my question about the apparent coincidence of two similar problems.
I've been watching support as well as the forums and since release of this version, you're the only two users I've heard of who have reported this. I know the high I/O Read Bytes issue exists, but I've never seen any performance problems because of it (and I run it on all supported Windows versions on a 5400RPM HDD, so if the slowdown was always noticable, I'd notice it as my I/O throughput on a hard drive of that speed isn't that good to begin with).
BTW, is resident protection the only feature in Pro that's not in my previous free version?
No, you also get scheduled updates and scans as well as the malicious website blocking mechanism (which is another part of the protection module). If you don't use the scheduler then you may also do the following, as it will eliminate this problem completely:

  • Click on START and select Run
  • In the Run box type services.msc and press Enter or click on OK
  • Scroll down the list of services until you find MBAMService and double-click on it
  • Click the drop down menu next to Startup type: and select Disabled
  • Click on Apply and then click OK

Disable a starup entry with Autoruns:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
  • Double-click Autoruns.exe to run it.
  • Once it says Ready at the bottom of the program window, click on the Logon tab and click the checkbox on the left side of Malwarebytes' Anti-Malware so that it is unchecked
  • Once that is complete, restart your computer.

Share this post


Link to post
Share on other sites

I just did some testing:

  • I installed the PRO version of Malwarebytes' Anti-Malware on Windows XP and enabled the protection module
  • I unchecked Start protection module with Windows.
  • I rebooted the system
  • I opened Process Explorer (this tool can be found here)
  • I added the the following columns:
    • I/O Reads
    • I/O Read Bytes This is the one that I found to be very high with the protection module active
    • I/O Writes
    • I/O Write Bytes

    [*]I executed several processes, browsed a few webpages and opened several folders

    [*]The I/O Read Bytes for mbamservice.exe remained at 416,504 The same as it has been at since booting the system

    [*]The I/O Reads remained at 106

    [*]The I/O Writes remained at 2

    [*]The I/O Write Bytes remained at 12

Share this post


Link to post
Share on other sites
I've reproduced it with the protection module active, I've not done so with it disabled from boot.

Thanks for sticking with me on this.

OK, progress! This time, directly after the latest reboot, mbamservice.exe was behaving quietly, as you predicted.

However, my XP Pro PC became almost unusable at that stage. I'll describe it in case it offers any clues. Every operation I attempted (r-clicking a tray icon, opening the Run box, minimising a window, bringing up the Start menu. - everything) was glacially slow. Remarkably consistent too. I reckon about 22 seconds from initiating any operations to its completion.

As I don't presently use Scheduling, and as I'm now very wary about it, I disabled mbamservices.exe in Services. (So I suppose I'll have to write off my

Share this post


Link to post
Share on other sites

The behaviors you describe makes it sound like there's something else going on. Perhaps something else is at the heart of this, such as a driver conflict or some other process you're running from boot (Anvir comes to mind offhand since it hooks every process running).

Are you using XP? Pro? SP2? I'm just looking for a pattern.
No, I'm using SP3.
I have now unchecked the Logon entry. But left the other three. Is that OK?
Yes, 2 of them are for the context menu entry (Scan with Malwarebytes' Anti-Malware when you right-click on a file or folder) and the other is the driver used by the protection module, but when the PM is inactive it isn't doing anything, though you might try unchecking it to see if that resolves the issues with your system's stability, though I've never seen the symptoms you're describing in testing, and we do test on XP SP2 (Home, Pro and Pro x64).

Just for info, my XP is still up and running and the I/O columns for mbamservice.exe still haven't budged at all.

Share this post


Link to post
Share on other sites
The behaviors you describe makes it sound like there's something else going on. Perhaps something else is at the heart of this, such as a driver conflict or some other process you're running from boot (Anvir comes to mind offhand since it hooks every process running).

No, I'm using SP3.

Yes, 2 of them are for the context menu entry (Scan with Malwarebytes' Anti-Malware when you right-click on a file or folder) and the other is the driver used by the protection module, but when the PM is inactive it isn't doing anything, though you might try unchecking it to see if that resolves the issues with your system's stability, though I've never seen the symptoms you're describing in testing, and we do test on XP SP2 (Home, Pro and Pro x64).

Just for info, my XP is still up and running and the I/O columns for mbamservice.exe still haven't budged at all.

Thanks. I'll get back onto this in the morning and keep you informed of any developments.

--

Terry, UK

Share this post


Link to post
Share on other sites

Hello again Terry :blink:

I just wanted to let you know that I brought this case and my own findings to the attention of one of the developers and he discovered that there is an issue with efficiency in the protection module causing this.

The efficiency of the protection module should be dramatically improved in version 1.51 when it is released :blink:.

Share this post


Link to post
Share on other sites
Hello again Terry :blink:

I just wanted to let you know that I brought this case and my own findings to the attention of one of the developers and he discovered that there is an issue with efficiency in the protection module causing this.

The efficiency of the protection module should be dramatically improved in version 1.51 when it is released :blink:.

Excellent, thanks Samuel, much appreciate your thoughtful help. :huh:

I look forward to that new release.

--

Terry, East Grinstead, UK

Share this post


Link to post
Share on other sites
I just did some testing:

  • I installed the PRO version of Malwarebytes' Anti-Malware on Windows XP and enabled the protection module
  • I unchecked Start protection module with Windows.
  • I rebooted the system
  • I opened Process Explorer (this tool can be found here)
  • I added the the following columns:
    • I/O Reads
    • I/O Read Bytes This is the one that I found to be very high with the protection module active
    • I/O Writes
    • I/O Write Bytes

    [*]I executed several processes, browsed a few webpages and opened several folders

    [*]The I/O Read Bytes for mbamservice.exe remained at 416,504 The same as it has been at since booting the system

    [*]The I/O Reads remained at 106

    [*]The I/O Writes remained at 2

    [*]The I/O Write Bytes remained at 12

Hi, I too have a problem with mbamservice.exe keeping my hard disk running all the time and slowing down my 18-month old laptop running XP sp3. The problem started just in the last week. I am running mbam pro (1.50.1.1100). I too did the same testing described by Samuel and here are my results:

I/O Read Bytes 87.9 GB!

I/O Reads 236.x

I/O Write Bytes 1.5 MB

I/O Writes 432

These numbers are radically different from those described by Samuel on Jan 6th. So what's going on? Now, that makes at least three users with a problem! I had been very happy with mbam till now but now I am reevaluating whether I should uninstall it and wait for version 1.51 to be released. BTW, my main antivirus program is Norton Security Suite Version: 4.3.0.5.

Thanks for any advice.

Pani

Share this post


Link to post
Share on other sites

To Pani and anyone else with this issue, please re-read what Samuel said above:

Please pay particular attention to what I've bolded below:

Hello again Terry :D

I just wanted to let you know that I brought this case and my own findings to the attention of one of the developers and he discovered that there is an issue with efficiency in the protection module causing this.

The efficiency of the protection module should be dramatically improved in version 1.51 when it is released :D.

We appreciate your patience as we correct this issue and hope that you will wait until version 1.51 is released to ensure that the issue was fixed. :D

Share this post


Link to post
Share on other sites

To Pani and anyone else with this issue, please re-read what Samuel said above:

Please pay particular attention to what I've bolded below:

We appreciate your patience as we correct this issue and hope that you will wait until version 1.51 is released to ensure that the issue was fixed. :D

OK now, it is almost three months later. So, when is mbam pro 1.51 going to come? I left my mbam running an it is really eating up the resources and making my laptop slow as molasses. The numbers are staggering:

I/O read bytes: 359,000,000 and counting

I/O write bytes: 6664

Disk reads: 16,000 and counting

Disk read bytes: 964,000,000 and counting

Should I uninstall the current version and simply wait for the version update?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.