Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to activate System File Protection in purchased MalwareBytes


  • Please log in to reply
31 replies to this topic

#1 Bryan Mohr

Bryan Mohr

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 October 2013 - 11:34 AM

I bought MalwareBytes because I had been using the free version for so long and swore by it. But now I can't enable System File Protection. I've been going back and forth with their Tech Support department and so far there is no resolution. They had me run various software (like mbam-check-2.0.0.1000.exe and ComboFix), as well as do virus scans outside of Windows, but still the 2 checkboxes just will not be enabled. Does anyone have any idea about why this might be happening?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 12 October 2013 - 02:51 PM

Are you receiving assistance in the Malwarebytes forum or via email from the Help Desk?

Malwarebytes Tech Support is run by several of the best experts in the security business. They know the inner workings of the program and have direct access to the developer and research engineers. Your best option is to be patient and wait for them to figure out want is going on.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 October 2013 - 07:59 PM

The last thing they said was to reinstall Windows. I really can't do that right now and because (at the time) it was only MalwareBytes that was failing, and just in that one particular section, I just pushed it aside. But now that I have a new issue with the nVidia graphics card not being able to reinstall the driver, I figured I'd revisit the MalwareBytes issue as well.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 12 October 2013 - 10:03 PM

Sounds like there are more serious issues going on that need to be addressed...and they could also be the source responsible for the problem you are having with Malwarebytes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 October 2013 - 11:24 PM

Well, I kinda' figured that. But what to do about them? Everything works great when I boot up under Ubuntu.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:56 PM

Posted 12 October 2013 - 11:38 PM

Just a quick question ..

What Antivirus program do you have installed ?

 

Thanks -



#7 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 13 October 2013 - 01:54 AM

MS Security Essentials



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:56 PM

Posted 13 October 2013 - 05:25 AM

https://forums.malwarebytes.org/index.php?showtopic=10138#entry181018

I assume that you started with Post #9 linked above in the FAQ by GT500 ??



#9 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 13 October 2013 - 05:59 AM

Well, I hadn't. But I just did and it didn't change anything. Thanks for the suggestion though.



#10 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 13 October 2013 - 06:30 AM

I may have more info. I installed API Monitor and started watching all calls from mbam.exe. As soon as I try to click one of those 2 checkboxes (system file protection and malicious website blocking), mbamservice is opened, then immediately closed. So I'm trying to figure out now what is killing that process.



#11 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 13 October 2013 - 06:40 AM

hmmm ... question ... does MalwareBytes check if files are system owned? And if they are marked as system owned, does it then just skip scanning them? Because mbam.dll is calling a "IsSystemUser+0x4b7be" function, then immediately exiting (I would assume because I'm not "System" but rather a lowly user with nothing but Admin privs).



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 14 October 2013 - 06:58 AM

Malwarebytes checks for and detects malware through the following means:

- Checks most common places malware is known to hide:
Hotspots: everywhere current malware is known to load from
Autostarts: all known malware load points
Memory: loaded exes and dlls

- MD5 Hash (Message-Digest algorithm 5).
- Unique strings, semi polymorphic strings.
- Unique GUID Download Linked dlls and other executable components (these are bi-directional).
- Unique load point to file (these are bi-directional) to include hotspots and autostarts.
- Unique heuristics (IPH) that bypasses polymorphic blackhat packers & encryption, and is immune to randomized file names.
- Unique file names combined with FP killing routines.
- Other means not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 14 October 2013 - 07:39 AM

Ok, but that doesn't really answer the question. If the ownership of a file is marked as "System", is that file excluded automatically from scanning? Because that is exactly what is happening on my system. I can change ownership of a file ... any file .... to System and malwarebytes will pass it no matter what.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 AM

Posted 14 October 2013 - 08:04 AM

I don't know. I do not work for Malwarebytes and therefore not privy to all the specific inner workings either. As I said some of that specific information is carefully guarded.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Bryan Mohr

Bryan Mohr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 14 October 2013 - 08:11 AM

No problem. I also just noticed that mbam.exe has an expired certificate attached to it so I have a feeling it may not be the real thing. Even though it came from technet by way of malwarebytes.org.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users