lmacri

Hi Porthos: Thanks, I've read David H. Lipman's excellent post in the bleepingcomputer forum thread Is malwarebytes enough? (I believe he's posted similar comments here in the Malwarebytes forum) so I know that MB v3 is not a "traditional" antivirus. Malwarebytes does, however, describe MB v3 <here> as an "antivirus replacement", and the screenshot in my original post shows that MB v3 is registered with my Windows Security Center as an "antivirus program." I would still appreciate if someone from Malwarebytes could answer my question about the advantages and disadvantages of registering Malwarebytes with the Windows Security Center when a third-party (non-Microsoft) antivirus like Norton, Kaspersky, etc. is installed. I've run Norton and MBAM Premium 1.x or 2.x together in real-time protection mode without any significant problems since 2009, but the upgrade to MB v3 has caused a very noticeable degradation in system performance. I don't want to go into details about the steps I've already taken to try and solve the problem (e.g., creation of mutual scan exclusions in both products, disabling of the Exploit Prevention module in Norton, etc.) since that's a separate topic, but it would be helpful if someone could explain why I would want to register MB v3 with the Windows Security Center when Norton (or any other antivirus) is installed. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MBAM Premium v3.1.2

Further to my previous posts, I can't see any obvious change in system performance or resource usage by Malwarebytes v3.1.2 and Norton v22.9.4 when MB v3 is registered with the Windows Security Center [Settings | Application | Windows Security Center | Let Malwarebytes apply the best Windows Security Center settings based on your system (recommended)]: versus if I set MB v3 to never register [Never register Malwarebytes in the Windows Security Center] and re-boot: My understanding is that users should never run two antivirus programs at the same time in real-time protection mode. Given Malwarebytes' claim <here> that the new MB v3 can replace "traditional" antivirus programs like Symantec, McAfee, etc., why is MB v3 registered by default when a third-party (non-Microsoft) antivirus like Norton Security is installed but never registered when a Microsoft antivirus like MSE or Windows Defender is installed? ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MBAM Premium v3.1.2

Hi nikhils, Thanks for taking care of this so quickly. Greatly appreciated.

Hi daman1: That explains the "how" but not the "why". I wanted to know the advantages and disadvantages of registering Malwarebytes with the Windows Security Center when a third-party (non-Microsoft) antivirus like Norton, Kaspersky, etc. is installed. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MBAM Premium v3.1.2

That's something I'd like someone from Malwarebytes to clarify. What difference does it make if I change my Settings | Application | Windows Security Center to Never register Malwarebytes in the Windows Security Center if I have Norton or some other non-Microsoft antivirus installed? Does it actually change the behaviour of Malwarebytes or reduce potential conflicts with my Norton antivirus? The Malwarebytes 3 - Frequently Asked Questions seems to contradict itself on this point. On one hand it says "We built Malwarebytes 3.0 to be compatible with all major anti-virus software, even Windows Defender and Microsoft Security Essentials. In fact by default Malwarebytes 3.0 installs in compatible mode alongside Defender, MSE or third-party antivirus products." In the next paragraph it says "...If there is only a Microsoft antivirus registered and active, we will not register in Windows Security Center in order to preserve the benefit of layered security. If desired, users will be able to go into Malwarebytes 3.0 Premium Settings and change this behavior to force Malwarebytes 3.0 Premium to either “always register” or “never register”. " Does that mean I have to "never register" Malwarebytes in Windows Security Center to "preserve the benefit of layered security" of Norton? I'm not even sure what the phrases "compatibility mode" and "preserve the benefit of layered security" really mean in practical terms. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MBAM Premium v3.1.2

I recently upgraded from MBAM Premium v2.2.1 to MB Premium v3.1.2 on a 32-bit Vista SP2 computer. I have Norton Security v22.9.4.8 installed and my Windows Security Center now shows both NS and MB as installed virus protection programs. Would it be prudent for me to change Settings | Application | Windows Security Center to Never register Malwarebytes in the Windows Security Center and leave NS as my only registered antivirus? The status indicator for Windows Security Center in my system tray doesn't display a red shield with an "X" through it (at least when I test with my automatic Windows Updates enabled) but the online Malwarebytes Help documentation for this setting seems to imply that Malwarebytes should not be registered if another antivirus program is installed. I'm not sure about the best way to proceed since that documentation only refers to Win 7 or higher machines using Microsoft antivirus products like MSE and Windows Defender. (Note: The built-in Windows Defender on my Vista SP2 machine is an anti-malware scanner that only scans for a small subset of malware programs. My Windows Defender is automatically disabled at boot-up by my Norton antivirus.) ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MBAM Premium v3.1.2 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi nikhils: Thanks for posting the exclusions. I agree with Buddel that it would be nice to have this list added to the Malwarebytes 3 - Frequently Asked Questions thread pinned at the top of this board - that's the first place I looked for this info. I just upgraded from MBAM v2.2.1 to MB v3.1.2 on a 32-bit Vista SP2 computer and can't locate C:\Windows\System32\drivers\farflt.sys. Is it possible this driver is installed in another location,or is it missing because my OS doesn't support the anti-ransomware module? I also assume that users with 32-bit systems should be excluding C:\Windows\System32\drivers\mbae.sys (i.e., not C:\Windows\System32\drivers\mbae64.sys). ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MB Premium v3.1.2.1733-1.0.139

I have to agree with bru, DougCuk and whatmeworry? I've been monitoring this thread for a few days and reluctantly decided to upgrade from MBAM v2.2.1 to MB v3.1.2 today. Immediately after installation my dashboard reported Updates: Current but after running a manual update my Update Package Version (Settings | About) was updated from 1.0.2060 to 1.0.2078. This new database numbering system is meaningless unless "Current" actually means that you have the latest available database. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.1.2 * NS Premium v22.9.4.8 * MB Premium v3.1.2.1733-1.0.139

From the hidden contents at Malwarebytes mb-clean tool: To avoid any confusion, it would be helpful if Malwarebytes revised the instructions for the new mb-clean.exe tool at Malwarebytes mb-clean tool to either: Warn MBAM v2.x and earlier users that they must Deactivate their product and disable the Self-Protection module before running mb-clean.exe, or Re-direct MBAM v2.x and earlier users to the MBAM Clean Removal Process 2.x that already instruct users to Deactivate their product and disable the Self-Protection module before running the legacy tool mbam-clean.exe. The download link in those instructions for the "latest version of Malwarebytes Anti-Malware" in those instructions actually points to the latest MB v3 installer (currently mb3-setup-consumer-3.0.6.1469-10103.exe), not the legacy MBAM v2 installer. ------------ 32-bit Vista Home Premium SP2 * Firefox ESR v52.1 * NIS v22.9.1.12 * MBAM Premium v2.2.1

I'm a bit confused about requirements for "deactivating" myself. I currently have MBAM Premium v2.2.1 installed. If I use the new Malwarebytes Cleanup Utility mb-clean.exe without opening MBAM and clicking My Account | Deactivate first, is this going to corrupt my license? The hidden contents at Malwarebytes mb-clean tool only mention " Backing up of Malwarebytes 3.x license key". A few years ago I made the mistake of uninstalling MBAM v2.x without deactivating first and then ran the legacy mbam-clean.exe tool. When I tried to reinstall I got the following Error Code 403 and it took Malwarebytes Support almost a week to reactivate my license. ------------ 32-bit Vista Home Premium SP2 * Firefox ESR v52.1 * NIS v22.9.1.12 * MBAM Premium v2.2.1

Have users tested for a possible conflict with the anti-exploit protection in MB 3.0.6 CU4 (component package 1.0.96) and other software like Norton Security, HitmanPro Alert and Microsoft's Enhanced Mitigation Experience Toolkit (EMET)? A few users in this forum like Phone Man and Firerizer have reported that MB's anti-exploit protection works correctly with both Chrome and Firefox if exploit prevention in Norton Security is disabled (Settings | Firewall | Intrusion and Browser Protection | Exploit Prevention | OFF). See posts # 6 and #7 in Firerizer's thread 3.0.6.1469-1096 Kills Chrome/Extensions. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.0.2 * NIS v22.9.1.12 * MBAM Premium v2.2.1

A new Malwarebytes Cleanup Utility (mbam-clean.exe) that will remove Malwarebytes 3.x and earlier versions was released 28-Feb-2017 per respinoza's announcement Malwarebytes mb-clean tool. Kudos to Krusty13 for bringing respinoza's post to my attention in the Norton Tech Outpost board <here>. ------------- 32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.9.0.71 * MBAM Premium v2.2.1.1043

Does Malwarebytes currently have a removal tool that will wipe any orphaned files and/or registry entries left behind if Malwarebytes 3.0.6.1469 is uninstalled from the Control Panel? Aura posted on 27-Jan-2017 in the thread 3.0.6.1469 will NOT upgrade over 3.0.6.1458 that "mbam-clean.exe is for Malwarebytes 2.x installs and hasn't been updated for Malwarebytes 3.0 yet". If that statement is correct, I hope Malwarebytes will at least ensure that a removal tool for Malwarebytes 3.x is available before upgrades start rolling out to existing MBAM v2.2.1 users who have Settings | Update Settings | Check for program updates when checking for database updates enabled. ------------- 32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.8.1.14 * MBAM Premium v2.2.1.1043

Hi PCAmy: I also found a support article for SEP/SBE titled Client will not install with Malwarebytes Anti-Malware installed (dated 27-Oct-2016) that states "Malwarebytes will need to be removed to successfully install SEP SBE Cloud". ------------- 32-bit Vista Home Premium SP2 * Firefox v50.0 * NIS v.22.8.1.14 * MBAM Premium 2.2.1.1043

Sorry, I can't seem to edit my previous post. I meant to say that the current version of NIS for home users is v22.8.1.14, per the 10-Nov-2016 product update announcement Norton 22.8.1 Product Update available now. ------------- 32-bit Vista Home Premium SP2 * Firefox v50.0 * NIS v.22.8.1.14 * MBAM Premium 2.2.1.1043

Hi PCAmy: Just a heads up that the cloud-managed version of Symantec Endpoint Protection Small Business Edition (SEP/SBE) started using NIS v22.x as the base product on the client computers in January 2016. See the post Symantec Endpoint Protection Small Business Edition Adds Consumer Features That Don’t Serve the Needs of Small Businesses in the Symantec Connect forum. The current version of NIS for home users is v21.8.1.14 (released 10-Nov-2016) but I'm not sure if that update has been rolled out to SEP/SBE users yet or if SEP/SBE users are just receiving the v22.8.0.50 update now. There was a known issue where Norton home users trying to install Norton v22.8.0.50 (or running Norton's AutoFix after v22.8.0.50 was installed) would see a so-called "soft-block" warning users to uninstall MBAM and/or Hitman Pro if either product was installed on the user's system - see Krusty13's image in the thread Norton Security 22.8.0.50 SDS definition error in the Norton forum. A hotfix to remove this soft-block was delivered to Norton v22.8.0.50 home users via LiveUpdate on 03-Oct-2016 - see Symantec employee Gayathri_R's post in that same thread <here>. The product update announcement for the latest NIS v22.8.1.14 (released 17-Nov-2016) at Norton 22.8.1 Product Update available now also notes that the latest NIS v22.8.1.14 for home users now includes a fix that "Removed Soft-block on Malwarebytes & Hitman Pro". Home users were able to simply ignore the MBAM soft-block by closing the pop-up warning and continuing with the installation of NIS v22.8.0.50, but it's possible that Symantec has decided to enforce the removal of MBAM for their small business clients and is refusing to release the 03-Oct-2016 hotfix to SEP/SBE customers. ------------- 32-bit Vista Home Premium SP2 * Firefox v50.0 * NIS v.22.8.1.14 * MBAM Premium 2.2.1.1043

Hi georgi: I believe the answer provided by DaveH in your thread malwarebytes download virus ? from official web site ??? in the Norton forum is correct. Your downloaded installer ends with the extension .partial, which means that the installer was likely corrupted because the download was aborted before the complete installer was saved to your hard drive. If Norton's Download Insight feature checks the SHA-256 hash (digital signature) of the .partial (incomplete) installer and finds that it doesn't match the expected SHA-256 hash of the "normal" installer, it will flag the file as suspicious and remove it. Do as DaveH suggested and try to download another copy of the installer from http://downloads.malwarebytes.org/file/mbam/ . If that installer runs successfully you can change your language to Italian at Settings | General Settings as shown in the support article How do I change the language in Malwarebytes Anti-Malware?. ------------- 32-bit Vista Home Premium SP2 * Firefox v50.0 * NIS v22.8.1.14 * MBAM Premium v2.2.1.1043

Hi miekiemoes: I did as you suggested and ran a Custom full system scan today (malware database v2016.10.14.04) after restoring the registry entry, and you were correct - the scan was clean with no detections. Problem solved, and thank you for your assistance. MBAM Scan Log No Detections 14 Oct 2016.txt

A MBAM v2.2.1 Threat Scan of 25-Sep-2016 (malware database: v2016.09.25.06) quarantined the following registry entry as Trojan.StartPage.E on my 32-bit Vista computer (see attached scan log): Registry Keys: 1 Trojan.StartPage.E, HKU\S-1-5-21-3086198521-800258848-3831315664-1001_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}, Quarantined, [9dbd96e06832d75fc6809466986c1fe1], I noticed that didero's 27-Sep-2016 thread Trojan.Startpage.E in this board reported a similar detection for a registry entry for ....\WOW6432NODE\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} on their Win 10 computer that was confirmed as a false positive. A Google search indicates this CLSID might be associated with the Internet Explorer browser, so I'm not sure if my Trojan.StartPage.E detection is also false positive or a real detection for a browser hijacker. Mozilla Firefox v49.0.1 is my default browser. ------------- 32-bit Vista Home Premium SP2 * Firefox v49.0.1 * IE9 * NIS v22.8.0.50 * MBAM Premium v2.2.1.1043 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS MBAM Scan Log Trojan_StartPage_E 25 Sep 2016.txt

Hi dougbthom: From Symantec employee Gayathri_R's 03-Oct-2016 post in FattiesGoneWild's thread Norton Security 22.8.0.50 SDS definition error: "...Our engineering team has reviewed the need to alert customers about Malwarebytes and HitmanPro.Alert upon install, and after inspecting the latest versions, we have removed these blocking alerts in the latest patch." I tried Norton's AutoFix (Help | Get Support) after Norton's LiveUpdate ran this morning and confirmed that the warning to uninstall MBAM has been removed. ----------- 32-bit Vista Home Premium SP2 * Firefox v49.0.1 * NIS v22.8.0.50 * MBAM Premium v2.2.1

Hi dougbthom: For future reference, if you want to test for a conflict between Norton and MBAM you can go to Settings | Advanced Settings in MBAM Premium and disable Start Malwarebytes Anti-Malware with Windows and re-boot. This will prevent MBAM Premium's real-time protection from starting at boot-up and essentially turns MBAM Premium into an on-demand scanner like the free version of MBAM that you can still launch anytime you wish to run manual scans. If you find that Norton runs better with MBAM's real-time protection completely disabled you can selectively disable Malware Protection or Malicious Website Protection as shown below to see which real-time module is causing problems with Norton. ------------ 32-bit Vista Home Premium SP2 * Firefox v49.0.1 * NIS v22.8.0.50 * MBAM Premium v2.2.1

Hi dougbthom: Other Norton users have noticed the same issue since Symantec started rolling out the v22.8.0.50 product update on 26-Sep-2016. Norton v22.8 users are even being prompted to uninstall the free version of MBAM - see FattiesGoneWild's thread Norton Security 22.8.0.50 SDS definition error in the Norton forum. Here's what I see when I run Norton's AutoFix (Help | Get Support), and Krusty13 reported in that thread that he is also being prompted to uninstall HitmanPro.Alert 3: Note that Norton users saw similar warnings in 2013 - see the old thread thread Warning NIS 20.3.0.36 NOT compatible with Malwarebytes. That time it took over 9 pages (and 480 posts) of user comments before Symantec finally relented and removed this warning per Symantec employee Tony Weiss' 10-Jun-2013 post <here>. I'm currently monitoring FattiesGoneWild's thread and hope it doesn't take Symantec four months to respond to user complaints this time. ------------ 32-bit Vista Home Premium SP2 * Firefox v49.0.1 * NIS v22.8.0.50 * MBAM Premium v2.2.1

Since this thread hasn't been locked yet, I'll just post another status update for Vista users. I was recently required to upgrade from NIS v21.7.0.11 to the latest NIS v22.7.0.76 to patch the vulnerabilities listed in Symantec's security advisory SYM16-010, and the Norton upgrade didn't solve my conflict with MBAM Premium's Malicious Web Protection (MWP). MBAM's MWP still prevents my NIS v22.7.0.76 background Automatic LiveUpdates from running to completion during system idles on my 32-bit Vista machine. This was a clean install of NIS v22.7.0.76. I uninstalled v21.7.0.11 from the Control Panel (selecting "Please remove all user data"), ran the Norton Removal Tool, installed v22.7.0.76 using the latest NIS offline installer from www.norton.com/latestnis, and ran multiple LiveUpdates to ensure v22.7.0.76 was fully patched. Adding mutual scan exclusions for NIS and MBAM executables as instructed <here> made no difference, so I've had to permanently disable MWP again. It's fine if forum mods want to lock this thread. The MBAM Help Desk already looked at my diagnostic logs and trace routes and concluded that a bug fix would be a low priority since this type of problem only occurs for a small number of users. ------------- 32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v.22.7.0.76 * MBAM Premium 2.2.1.1043 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Further to my previous post, I've decided to re-enable the Allow pages to choose their own fonts, instead of my selection above in my Firefox settings because Firefox's default Times New Roman font looks terrible on many other websites I visit that use a Serif font. The text at https://blog.malwarebytes.com/ is back to the washed-out font shown in Corrine's post # 15 but that's better than having several other websites defaulting to the wrong font.

Hi Corrine: Thanks for raising this issue. I also use Firefox as my default browser and could barely read the text at https://blog.malwarebytes.com/. I disabled the setting at Tools | Options | Content | Fonts & Colors | Advanced | Allow pages to choose their own fonts, instead of my selection above and the text is much easier to read now.