CIS 5.0.162636 vs MBAM

Please see the discussion thread on the Malwarebytes’ Anti-Malware forum:

Mbamservice.exe - 30 to 80 CPU - Malwarebytes for Windows Support Forum - Malwarebytes Forums

The new CIS 5.0 may not be working well with MBAM in terms of CPU Usage.

Exiting CIS was the only way to reduce CPU Usage for mbamservice.exe after updating CIS from 4.1 to 5.0
on my XP systems.

How about not using MBAM?

Why do I suggest this? With the new default settings for automatically sandboxing I think CIS has reached a milestone in preventing getting infected without using a signature based solution. You would not need another application.

During developing the head developers told us mods that they ran 15,000 malware against the new settings and none of them managed to infect the system. Read: they would not survive reboot’. They could not make themselves autostart.

I see the same thing reported by users who throw the latest malwares at it and don’t get infected.

That being said. Can you post a screenshot of the D+ logs to see if blocking behaviour by CIS may be a factor in the MBAM problem?

Hello EricJH:

Although the temporary solution to suspend either CIS or MBAM might satisfy the immediate situation, my beliefs tell me these two security applications could be made to peacefully co-exist on all systems. Perhaps a careful examination by both parties will soon yield a perfect solution.

As requested, the D+ log from my XP Home SP3 32bit system, while also running MBAM, is attached.

Thank you kindly for your post.

[attachment deleted by admin]

@1PW

it’s your computer and your decision to run MBAM as online scanner.

I have free MBAM too and run periodical on-demand scans. I think with CIS 5.0 you don’t need any other online scanner.

I have MBAM as on demand with several others.

I saw in the D+ logs that MBAM is trying to access Comodo executables in memory. Try allowing memory access by MBAM and see if that tames MBAM.

To resolve the memory access problem:

Select Defense+ -->Advanced → Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit → Protection Settings.
Interprocess memory Access (Active Yes) select Modify → Add -->Now use Running Processes or Browse to point to mbam.exe .
Then just “Apply” to each window as you exit.

I have also MBAM blocked when trying to access memory. So i have the question. Does it influence the scan quality of MBAM? Should I allow it too? If it scans ok i have no problem to see in log that it was blocked

That’s what I am trying to establish by letting 1PW allow memory access. Using the free version of MBAM here but I think 1PW may be using the paid version which monitors.

Hello Adonis & EricJH:

Let me very carefully establish a few definitions. Yes - In the case of both of the XP SP3 (Home & Pro) systems I’m observing, the paid, activated, full version of Malwarebytes’ Anti-Malware (MBAM) is in use. In both cases MBAM version 1.46 is in use. The database version can increment sometimes up to six versions per day.

The executable within MBAM that shows high amounts of CPU usage, when both CIS and MBAM are active is C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe and not C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe

HTH

Thanks for clarifying.

What happens to the CPU usage of mbamservice.exe when you allow it to access Comodo files in memory as I described in the above?

Hello EricJH:

Through my own shortcomings, I may be misinterpreting your question:

" What happens to the CPU usage of mbamservice.exe when you allow it to access Comodo files in memory as I described in the above?"

I am entering no exclusions to either MBAM nor CIS. Therefor the CPU Usage for mbamservice.exe holds at 40+% on a P4-2.4GHz (Northwood) with 2Gb of RAM running XP SP3 Home.

A P3-650MHz (Coppermine) with 768Mb RAM running XP Pro SP3 while CIS 5.0 is present shows mbamservice.exe exceeding 80+% CPU Usage.

Please correct me if I have not answered your question as you wish. I appreciate your attention.

Thank you for your reply. Let me rephrase my question. We may be understanding things differently.

I am wondering if when mbamservice.exe is allowed to access Comodo files in memory if that would stop the CPU hogging.

To figure that out we need to allow memory access to Comodo files by mbamservice.exe. If the cpu settles down then it was because of a memory access problem. If the cpu usage doesn’t settle then we need to take another angle.

To resolve the memory access problem:

Select Defense+ -->Advanced → Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit → Protection Settings.
Interprocess memory Access (Active Yes) select Modify → Add -->Now use Running Processes or Browse to point to mbamservice.exe .
Then just “Apply” to each window as you exit.

Let us know how things go and if the above mini tutorial is clear for you.

Hello EricJH:

Almost immediately I encountered difficulty with the mini tutorial:

“Select Defense+ -->Advanced → Computer Security Policy.”
^^^^^^

I wonder if we are talking about two different CIS variants/versions as I detect no “Advanced” on the screen I’m offered. Please see the JPEG attachment below.

Are we talking about CIS version 5.0.162636.1135?

Below is a quote from one of the Malwarebytes’ Anti-Malware staffers:

“I have been able to replicate this and I’ve reported it to the developers.”

Again - a sincere thank you for your time and trouble.

[attachment deleted by admin]

You are right. I need to adapt that tutorial to v5… :smiley:

Hello EricJH:

I look forward to your amended tutorial.

I rereading my post above, I should have said that the Malwarebytes’ staffer was able to recreate the elevated CPU usage of mbamservice.exe when using CIS and MBAM together.

Mbamservice.exe - 30 to 80 CPU - Page 2 - Malwarebytes for Windows Support Forum - Malwarebytes Forums

Again - I appreciate your time and effort. Thank you kindly.

Done a quick screen shot guide of how to add the Malwarebytes folder to the exception list of CIS 5 to see if that solves the issue.

Should be hit APPLY/OK to close all windows.

Matt

[attachment deleted by admin]

Hello Matty_R:

I was able to follow your tutorial and it confirmed that I had already successfully added mbamservice.exe to the “Interprocess Memory Accesses” list.

To be thorough, I then rebooted my XP Home SP3 test system. After waiting for all the startup processes to settle down, I launched Sysinternal’s Process Explorer. Mbamservice.exe was still taking about 40+% of CPU usage as when all this started.

Attached are screenshots showing the current status.

It strikes me that perhaps none of you has a fully activated version of Malwarebytes’ Anti-Malware. Please let me offer to buy a Comodo staffer an MBAM activation ID and Key for the purposes of seeking a permanent solution.

As always, thank you kindly for your valuable time and efforts.

[attachment deleted by admin]

Hello to All:

I have some interesting progress to report. Please see my recent update in the MBAM forum:

Quote:

"On my system with the least resources, I uninstalled COMODO CIS 5.0 and reinstalled with this variation; during the install process, I denied the installation of either flavor of Defense+. This of course resulted in the installation of their free firewall only and mbamservice.exe is then quite normal!

How this differs from a default install followed by turning off Defense+, I don’t know. Had I left the install process to continue on the default path, I would have seen 80+% CPU usage for mbamservice.exe on this Pentium III E system."

HTH

Edit by EricJH: made url clickable

There are two ways of disabling D+. Using the slider in Defense + Settings to disable will not disable all D+ capabilities. Using “Deactivate Defense+ permanently (Requires a system restart)” will totally disable D+.

It seems D+ is the cause of the cpu usage of mbamservice.exe. For me this is worth a bug report.

Please file a bug report in Bug Reports - CIS following these guidelines: FORMAT & GUIDE - just COPY/PASTE it!. You can mention this topic and your topic ab the mbam forums under “6. Any other information you think may help us:”.

Hello EricJH:

Done.

See:

https://forums.comodo.com/bug-reports-cis/default-install-of-cis-501626361135-makes-mbamserviceexe-a-cpu-hog-t62437.0.html

Thank you kindly for the on-going help!

[sub]Edit by EricJH: made url clickable[/url]

Hi All

I have a similar set up. Malwarebytes along with Comodo firewall. I had default install of Comodo firewall because I like network+ functionality. Everything was fine till I upgrade to latest version (5.01636512.1142)

However I see malwarebytes being stuck between 40-50% all the time. No matter what trust or changes I make it still takes a lot of CPU.

Do you have an update on this? Is there a patch in the works that we can apply in the near future

I guess I will chime in on the bug fix ticket as 1Pw is not the only one with that issue.

Please checkout the picture attached showing the mbamservice.exe issue

Thanks

[attachment deleted by admin]