MBAM Website Protection issues

I seem to have dodged that MBAM bullet as far as my Win 7/sp1 x64 system goes. All the checks and logs you referenced indicate MBAM is working just fine, including Malware and Malicious Website protection.

My trusty old XP/sp3 was not so lucky. It was working well a month or so ago, and I haven't used it on the internet for many months. Nor have I downloaded anything in months.  When I just now tried it out, it was unusable. Terminal screen freeze. And I'm getting some MBAM service error. I had to shut the system down from the power button. A normal restart did not help.

I could however restart XP in safe mode with networking. MBAM Premium there showed no Real-Time Protection in the main GUI. This despite it being checked in the settings. So  I disabled everything I could in MBAM Premium, and took it out of my automatic startup list.

After I restarted XP normally, this time all worked well, with no real-time MBAM protection. So I opened MBAM and ran a manual scan. As usual, it detected nothing, using the latest database update. (Neither did my Panda Free AV nor my Emsisoft Anti-Malware manual scans). Re-booted XP again, and all still works well. I can only conclude that MBAM Premium running in real-time borked my XP. The free version 2.1.8.1057 does not.

But it gets more interesting. When I checked the GUI for my MBAM Premium license details for XP, I see no entries. No Identifier, no Key, and Status and Duration both listed as "Unknown". Now this was a lifetime license, and I have all this info copied down. I just have no way to re-enter the info anywhere in the GUI.

I guess I'm going to have to visit the MBAM forum to sort this out. Meanwhile, I won't risk re-activating the real-time protection.

I was waiting to see if anyone was gonna respond here.

The XP issue for MBAM is really bad... several posts in the MBAM forum, including yours.   There can be no doubt that something in MBAM's real-time protection has gone haywire under XP.

I was used to my XP system "lagging" some... it's 9 years old, with only 1 meg RAM.   But as noted, the other night, it became unusable.

At first, I guessed avast might be the culprit... after all, it's become more and more bloated with each new version/build.   So I decided to remove it from my XP (and replace it with Panda).   But I couldn't even keep the system "alive" long enough to access/run the avast uninstaller.

So I booted into safe mode, and was able to uninstall avast that way.   On the next regular boot --- now with NO anti-virus installed --- the system may have booted a tad better... but very quickly became unusable again.   It was only then that I realized MBAM might be the culprit.   And sure enough, disabling MBAM rejuvenated my XP!    Noting that MBAM was still running some services on bootup even if I didn't have it set to "start" with Windows, I took the additional step of downgrading my PRO version to FREE... which eliminated the background services running on startup.

Finally, with a working system, I downloaded/installed Panda Free anti-virus.   Panda's recommended scan found no issues... but ironically, MBAM's [now "Free" version] on-demand scan found a few minor PUPs which apparently "snuck-in" while I was in the midst of changing anti-viruses.

Had I realized MBAM was the culprit from the start, I might have just taken action to "downgrade" it, while leaving avast intact.   But since I already removed avast and replaced it with Panda, I didn't see undoing all that (even though I had backed-up my customized avast settings).

================================

I'm glad you didn't experience any issues with MBAM on your Win7.   But the point is, there was nothing overt/obvious to see... it was a "hidden" malfunction.   So if I can ask you to double-check on one point:   My belief is that the problem started on 7/24, with databases numbered 2015.7.24.7 and later.   According to some posts in the MBAM forum, the issue may have been automatically/internally fixed with database 2015.07.26.05 and later.  If so, and if you ran your tests on the (27th or) 28th, you wouldn't have seen any issues showing up via the methods I noted above.   So, if you could look into your MBAM Protection logs again, specifically on 7/25 [and on the 24th AFTER 2015.7.24.7, and on the 26th BEFORE 2015.07.26.05] , to see if its Malicious Website Protection was starting on that date.   For me, it stopped after the bad database update on the 24th, and remained off until I re-installed MBAM on the 26th.   It has been working just fine for me since then.

 I examined all Scan and Protection Logs (Under History tab>Application Logs>) over the dates in question for Win7.

Indeed there appears to be a short period (<12 hrs) after the Database Version 2015.7.24.7 was downloaded that Malicious Website Protection was not starting. This lasted from the mid-afternoon of July 24 to about 02:19 on the morning of July 25, following the download of Remediation Database version 2015.7.20.1, immediately followed by 2015.7.25.1. Thereafter Malicious Website Protection loaded normally in all Protection Logs

So it appears MBAM internally corrected the bad version quickly. Frankly, I'm amazed you picked up on it! Out of curiosity, what prompted you to run the MBAM-check?

While not actually perceivable to me, the Event Log for my Win7 PC has been reporting that my system is taking an excessively long time to complete the boot-up process.   [Since I can nonetheless get some things done while the system is still "booting", it's hard to understand precisely what the Event Log is measuring as the cutoff here.]

Anyway, in an attempt to see if I could "pacify" the Event Log, I decided to try-out some measures to curtail the bootup's duration:   I decided to test MBAM's Advanced Setting to "Delay Protection at Startup for 15 seconds" (for example, so as to allow Avast to fully load first, without having to "compete" with MBAM).

I had stumbled upon MBAM-check previously... probably from perusing their forum... and recalled that one of the things it reported was the bootup-delay setting.   [It's coming back to me now:   there was a time when MBAM's UI persisted in showing the delay setting as being checked, even after someone unchecked it.  And the MBAM-check utility was suggested as a way to confirm what MBAM was actually doing.]

So I ran MBAM-check specifically for that purpose.   But as soon as the report opened, I noticed toward the top that the Malicious Website Protection service was not starting, which surprised me.   Fortunately, I had saved a report months ago, which DID show the Protection starting then.   So confronted with these conflicting reports --- the UI alleging the Protection was enabled, but the CHECK utility denying it --- I decided to find out definitively, by trying to access the IP test site... and sure enough, was able to see the non-protected version.   So I concluded that MBAM-check was reporting correctly, with the UI information being erroneous.   I subsequently discovered the additional confirmation offered in the Protection Log files.

I might have dismissed it as an anomaly of the one system... until I checked and realized the same thing also happened on my Win 8.1 tablet.

Not happy with being unprotected, I tried researching at the MBAM forums, and saw two suggestions:  to exit the MBAM GUI, and then restart it --- which didn't work; or to reinstall MBAM, which did the trick :emotion-1: .

I then reported my findings here, and at the MBAM forum.

I'm now seeing it confirmed that you and others (who have responded elsewhere) were likewise impacted and left unprotected... if even for just hours.

What's most troublesome about this is that there was no indication from MBAM itself that something was awry... the UI (and tray icon) happily reported that everything was running and protected as it should have been.   So it was only by a fluke of timing that I happened to run MBAM-check, as I've now explained... otherwise, I would never have known either.   The potential for danger was certainly there.

So it was serendipity!

Good show. It illustrates how even the most trusted security program can fail one silently, and emphasizes the need for multiple layers of security. As you know, I don't run many scans anymore, and trust that my daily automatic MBAM scans that run at about 2:30 AM  will pick up anything significant. As it happens, this failure occurred between these 2 scans on the days involved - thus both scan logs indicated that Malicious Website Protection was enabled during both scans.

As far as XP goes, I was able to uninstall/reinstall MBAM using instructions from the MBAM forum. XP/MBAM Premium are now up and running as before. (Based on a PM from a trusted expert, I should probably have just uninstalled from Control Panel, downloaded a fresh copy, and entered ID and key codes).

Serendipity ---  very good word there.

But it looks like the saga is continuing:   On my 8.1 tablet, today's Protection Log is completely empty, the IP protection test is failing again, and MBAM-Check is showing that the Website Protection service is not running :-(    It's too late for me to "play"/investigate further, but I'm gonna check out the logs on my Win7 system first thing tomorrow morning.   If this is gonna continue on-and-off, it's NOT good!

I can always try re-installing MBAM again, but that shouldn't be necessary repeatedly.

It also begs the issue of whether or not the Website Protection glitch on 7/8.1 is interconnected with the "lockup" issue on XP --- or was the timing here just an unfortunate coincidence?

Just tried running an MBAM scan on that 8.1 tablet, and it aborted:  SDKDatabaseLoadDefaults failed with code 20012

Yikes!

No aborted scans on my XP or Win7 systems at this time. Logs show no anomalies.

(No 8.x here. I guess ya gotta dance with the one ya brung) ...

I tried running that scan again shortly after posting about the failure here, and it worked the second time.   And after that, IP Protection was back on.   Don't know what to make of all of this :emotion-7: .

Found a reference that asserts:   "These SDK errors can occur when two database updates are running at the same time." http://techdows.com/2015/07/fix-malwarebytes-sdkdatabaseloaddefaults-failed-with-code-error.html

When I tried things out (on 8.1) Thursday morning, IP protection was still working... but there was no log file showing up for today :emotion-6: .   I'll wait a while, and if this continues, try reinstalling MBAM (yet again).

Checking my Win7 system, all seems okay there.

I see where Maurice Naggar just commented in your post at the MBAM forum:

"The instances of severe freezing was unfortunately due to a database update this past weekend. Needless to say, very unfortunate.  Though not all systems ran into that issue."