Jump to content
Piriform Community Forums
Eagle Beak

CCupdate bolcked by Windows Defender

Recommended Posts

After having CCleaner update problems in the last two version updates, I suspected that the Windows Defender Controlled access setting was the culprit. After doing some forum searches I traced the problem back to Malware Bytes anti ransomware. Since reinstalling CCleaner pro, I have been getting " Controlled folder access has blocked CCUpdate from making changes to memory" popups regularly from Windows Defender. Is it safe and should I add an exclusion for this app to run? If I continue to let it be blocked, will it affect the normal running of CCleaner? I have checked the signatures and scanned for malware and it seems legit. If so why is Windows blocking it? 

Share this post


Link to post
Share on other sites

There is a current problem with the anti-ransomware component of Malwarebytes blocking updates with various applications.

Malwarebytes are working on it and their advice is to turn off the anti-ransomware, update, turn the A-R back on.

Quote

 

Malwarebytes 3.5.1 – Known issues with anti-ransomware

We have identified a few issues with the anti-ransomware module in the latest version of Malwarebytes, v. 3.5.1.

System slowdown/excessive memory use:  The next component package update for Malwarebytes (coming soon!) should address this problem.  Typically rebooting will resolve the issue temporarily.

Prevents programs from updating:  Programs such as Skype, Visual Studio 2017, KeePass and others may not update correctly with the anti-ransomware module enabled.  We have a fix for this coming in a later update, but the work-around in the meantime is to temporarily disable the anti-ransomware module while you upgrade.

 

 


The Windows Defender problem with Controled Folder Access sound like one I've come across before myself.

Again this is Windows Defender version of anti-ramsom protection.
It works on a "block everything by default" philosophy .

When it was first introduced I found that it was preventing some non-Microsoft applications from saving anything at all in the folders Documents, Pictures, Videos, etc. All the 'user' folders in fact. (A bit of an amateurish 'sledgehammer to crack a nut' solution to ransomware - if you prevent everything from being modified then ransomware can't modify it).
I couldn't even save documents from my, non-Microsoft, word processor.
https://www.bleepingcomputer.com/news/microsoft/windows-10s-controlled-folder-access-anti-ransomware-feature-is-now-live/

As I already have AR with MB3 I just turned off Controlled Folder Access in Defender and left it off.

Share this post


Link to post
Share on other sites

Thanks for the reply, nukecad. I'm aware of what controlled folder access does and it is a PIA when switched on. I even had it block an update from Malwarebytes before I worked out what was happening. I was just wondering what this CCUpdate app was up to. It was blocked four times in 24 hours from making changes to memory. I can't understand why an update app would need to do that. I also don't know why Piriform is installing Avast cookies on my laptop and why is piriform bundling avast AV with their installations. After the fiasco last year, I would think that they would be trying to reestablish their reputation, not inviting mistrust with this sort of behavior. If CCUpdate is legit I will create an exception for it. I just want some confirmation before I allow it. By the way, what will happen when I try to do the monthly update if I continue to let it be blocked?

Edited by Eagle Beak
Grammer error

Share this post


Link to post
Share on other sites
Quote

It was blocked four times in 24 hours from making changes to memory. I can't understand why an update app would need to do that.

Because the updated part of any application needs to write itself to your disc, to the registry, etc, which is changing the memory.

As noted in that quote from Malwarebytes above, it's not what CCleaner update is doing, it isn't doing anything different from normal. - It's the MB3 anti-ransomware component that is blocking many updaters not just the CCleaner one.

It's Malwarebytes that needs to fix MB3 - not CCleaner, or Skype, or Visual Studio, or KeePass, or any of the others that are currently being blocked by MB3.

And yes, updates from all those apps will continue to be blocked by MB3 anti-ransom until Malwarebytes fixes it.
As advised by Malwarebytes - turn off the AR during updates.

As for the rest about Avast, you are aware that Avast now own Piriform?
(But you're not on your own with those thoughts, many don't like the changes).

Share this post


Link to post
Share on other sites

Thanks again. I assumed that there must have been some sort of partnership with Avast. Just 5 minutes ago I received another update prompt from CCleaner. This is the third time in 3 weeks when normally they are only once a month. There must be some bug that they are working on. I understand that is Malwarebytes causing the update malfunction. Since they prematurely released their version 3, the program has had more bugs than an outhouse in the summer. I personally have had enough of their problematic new updates that seem to create more problems than they fix. The frustrating thing is, the bugs appear in other programs and it is those that get all the troubleshooting and then it always comes back to MB that has just updated and caused the problem all along. I will be terminating my membership when my license runs out in August, They have become an overpriced underperforming troublesome embarrassment. 

Share this post


Link to post
Share on other sites

OK, I just disabled both MB a CFA in Windows Defender. CCleaner updated without a hitch. I think I've got a handle on whats been happening now 

Share this post


Link to post
Share on other sites

Good to hear you got it sorted and are satisfied that you know what the cause was.

As for the updates to CC, there was a 'hotfix' to try and fix a chrome problem, then a full update to comply with the new EU data protection laws, then another 'hotfix' to correct a mistake in complying with the new laws. (and I think we may see yet another because of that new law).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×