Malware Defender Issue

Discussion in 'other anti-malware software' started by Peter2150, Apr 16, 2009.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've run into one problem, not unique to a particular version of MD. I just ran a windows Update, and now MD tells me I need to download the kernel symbols. But when I try to do so, the download fails.

    Any ideas.

    Pete
     
    Peter2150, Apr 16, 2009
    #1
  2. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Hi Peter,
    are you using Windows XP? I also received several windows updates yesterday and MD downloaded the kernel symbols with no problems.
    Have you tried deleting the contents of: C:\Program Files\Malware Defender\symbols?
     
    tony62, Apr 16, 2009
    #2
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Tony

    Yes XP . I will try deleting those contents and see what happens.

    Thanks,
     
    Peter2150, Apr 16, 2009
    #3
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Figured it out. There was no symbols folder, so I tried manually creating one, and couldn't. Protection issues. So I disabled MD, and shutdown OA, and bingo kernel symbols downloaded fine.

    Pete
     
    Peter2150, Apr 16, 2009
    #4
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Hmmm... the defender got screwed by the protector? Ah well, such is life. Some folks get the elevator -- others get the shaft.:cautious:
     
    bellgamin, Apr 16, 2009
    #5
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It's weird, the symbols directory seems to have gotten deleted during the system update. Then the folder was protected so the new symbol folder couldn't be opened.
     
    Peter2150, Apr 16, 2009
    #6
  7. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Thanks for the information. I will look into it.

    MD will delete the old symbols before downloading new symbols.
     
    xiaolin, Apr 16, 2009
    #7
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks xiaolin. Should new symbols be necessary with a Windows update?

    Pete
     
    Peter2150, Apr 16, 2009
    #8
  9. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    I had the same problem, but when I checked with a packet sniffer, I saw that MD was getting a http 404 error when it tried to download the symbols.
     
    Espresso, Apr 17, 2009
    #9
  10. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    If the Windows kernel file is updated, MD will download new symbols for the new file.
     
    xiaolin, Apr 17, 2009
    #10
  11. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Could you try to download the symbols again after restart?
     
    xiaolin, Apr 17, 2009
    #11
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Makes sense. I run Online Armor, along with MD, and it's clear one of them was protecting the program area. Shutting down OA, and disabling all protections in MD solved my problem.

    Pete
     
    Peter2150, Apr 17, 2009
    #12
  13. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    It's not unexpected, but I do get "Failed to get kernel symbols." when prompted to download new symbols after upgrading my Vista machines to SP2 RTM (TechNet release)...

    HTTP:Request, GET /download/symbols/index2.txt

    HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/index2.txt

    18 0.312001 {HTTP:7, TCP:6, IPv4:3} 192.168.1.116 msdl.microsoft.akadns.net HTTP HTTP:Request, GET /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb

    HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb
     
    nick s, Apr 30, 2009
    #13
  14. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    The kernel symbols for Vista SP2 may be not provided by MS now.

    The HIPS functions will work fine without kernel symbols.

    Thanks,
    Xiaolin
     
    xiaolin, May 1, 2009
    #14
  15. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    same problem like peter in here , its somehow faild to download

    also i found another thing , correct me if i wrong , when i del a rule i made to any software and try to lunch it , it lunch without MD alerts

    using XP sp3 + MD 2.1.1

    cheers
     
    Last edited: May 1, 2009
    demoneye, May 1, 2009
    #15
  16. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Launching software is controld by child application rule. You need to delete the app from the child application rules of explorer.exe.

    thanks
     
    xiaolin, May 1, 2009
    #16
  17. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes i know , i did it but no help , i used "find rules" ,enter software name , and Del all related rules(so no missed rules) , software still lunch without any MD warning, btw it goes for all software i checked

    any explanation to that?is it a bug ppl somehow missed ?
     
    Last edited: May 2, 2009
    demoneye, May 2, 2009
    #17
  18. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    The only possible reason is that you are select one of the first two options in Options dialog -> Rules.
     
    xiaolin, May 2, 2009
    #18
  19. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Kernel symbols for Vista SP2 are now available :).
     
    nick s, May 15, 2009
    #19
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...