MBAM 2 - Problems with exclusion list

[Samoreen]

Hi,

Just noticed the following issues :

1. For an unknown reason, it's impossible to exclude some folders or files. A few examples : C:\Windows\Fonts ("The folder name is not valid" ???) or C:\Windows\System32\GroupPolicy\Machine\Registry.pol or C:\Windows\System32\GroupPolicy\User\Registry.pol ("Path does not exist" ???).

2. There's an obvious design problem using wildcards when excluding files. For example, if I want to exclude all .TMP files in a given folder, I'll try to enter "C:\folder1\folder2\*.tmp" . But this will merely open the relevant folder and allow me to select existing .TMP files. Wrong behavior. When using wildcards, the user wants to specify existing files or files that are not existing yet. This is actually the purpose of wildcards. I just want to skip all TMP files that may ever appear in that folder. Current files may be temporary and may no longer exist in the future. So what should be stored in the settings is actually "C:\folder1\folder2\*.tmp" and not the names of specific files, which doesn't make sense in that case.

Regards.

[Samoreen]

Please note that this problem has not been already reported. This is not the same as the "duplicate entries" problem.

[Samoreen]

Bump!

 

Not fixed in version 2.0.1.1004 .

[daledoc1]

Hi:

Bump!

 

Not fixed in version 2.0.1.1004 .

 

Correct -- it is not on the changelog for this build.

There will be another new build in a few weeks.

I'll need to defer to staff, but I assume that this bug is on the list for that version.

The team is working hard to address all the known issues.

 

Thanks for your patience,

 

daledoc1

[Firefox]

I can confirm that this is still not fixed as I too show multiple repeated exclusions....

 

I know they are working hard at another updated version perhaps in a couple of weeks... hopefully this bug will be fixed in that version.

[Samoreen]

Still not fixed in current beta.

 

I have also noticed that it's impossible to select multiple files in a given folder. If I want to exclude say, twenty files in a folder, I have to click twenty times on the Add file button. Awkward. The Windows API function calling the selection dialog has an option to allow multiple selection and the resulting filelist is then easy to retrieve.

[AdvancedSetup]

I can agree with you on that but also find that most security products don't seem to allow it.  I'll add my vote to have this feature added as well.

 

Thanks

[Samoreen]

Hi,

 

Both problems still there in version 2.04.1028. Very annoying and starting to be very irritating.

 

Also, it's still impossible to select multiple files when adding files to Malware Exclusions. In order to implement this, the developer just has to change a single property of the Open File dialog box. Easy and quick. You don't need months to implement this.

 

Thanks in advance for fixing all 3 issues asap.

[exile360]

1. For an unknown reason, it's impossible to exclude some folders or files. A few examples : C:\Windows\Fonts ("The folder name is not valid" ???) or C:\Windows\System32\GroupPolicy\Machine\Registry.pol or C:\Windows\System32\GroupPolicy\User\Registry.pol ("Path does not exist" ???).

There are likely a couple of different issues here. First, I believe the Fonts folder is not a standard folder; at least according to Windows and that either a permissions issue prevents it from being added or it is not actually a standard folder, similar to certain other locations in Windows' system folders (for example, as I recall, at least on XP, the 'Downloaded Program Files' folder was not actually a real/standard folder). To test, I did just attempt to add a file from the Fonts folder to my Malware Exclusions and I got a permissions error when trying to open it, so I suspect that access to this location is restricted somehow by Windows which is preventing the folder from being added to exclusions for some reason. I also tried browsing to the folder to add it via the 'Add Folder' function but it was not visible; so again, I suspect it is an issue with some special restrictions and/or permissions on that particular folder.

Second, with regards to the GroupPolicy folder, I believe I know the cause of the problem assuming you are using a 64 bit operating system. The file browser used by Malwarebytes Anti-Malware's Add Exclusions dialog is 32 bit only so it will be redirected by Windows automatically to the SysWOW64 folder rather than System32, and the the 'User' folder doesn't exist under the SysWOW64 location. If it is a 32 bit operating system then I am not certain what the cause could be, although it too might be related to Windows' default permissions for that folder.

2. There's an obvious design problem using wildcards when excluding files. For example, if I want to exclude all .TMP files in a given folder, I'll try to enter "C:\folder1\folder2\*.tmp" . But this will merely open the relevant folder and allow me to select existing .TMP files. Wrong behavior. When using wildcards, the user wants to specify existing files or files that are not existing yet. This is actually the purpose of wildcards. I just want to skip all TMP files that may ever appear in that folder. Current files may be temporary and may no longer exist in the future. So what should be stored in the settings is actually "C:\folder1\folder2\*.tmp" and not the names of specific files, which doesn't make sense in that case.

Actually, wildcards are not allowed for excluding files in Malwarebytes Anti-Malware. You may exclude individual files or entire folders, but excluding all files of a certain type is currently not possible. For one we've simply not implemented such a feature, and for two it carries significant risks (though of course, so does excluding entire folders, obviously). For example, if you were to exclude all .JPG files or .TMP files, that would prevent Malwarebytes Anti-Malware from scanning those (obviously), and this also means that malware which masquerades as these file types would also be excluded and therefore would not be detected.

Now specifically with regards to the Fonts folder; there is a very good reason we scan all of the files in that location. We have found malware in the wild which will install to this location, and while I am not certain about this (we'd have to find out from Research); I suspect that there may be malware which poses as a font in order to attempt to avoid detection by normal malware and virus scanners. Again, I am not certain about that last part, but I have seen malware pose as image files of various types (jpg, bmp etc.) as well as audio and video files and other typically non-executable or supposedly safe filetypes.

That is not to say that we would never implement such a capability, however we would have to discuss it with our Research team to determine the risks as we would not want to provide a feature that would be prone to doing our users and customers more harm than good.