Last week one of our users opened a DOC attached to a phishing email, then enabled editing (and macros), and the DOC executed malicious code that disabled AVG's update engine (and notifications, apparently), then downloaded a varation of the Dyware malware which steals banking credentials, etc, which went undetected for three days. I am wondering whether MalwareBytes for business would have stopped this? For one thing, the DOC attachment which is now seven days old is still only detected by 3/57 A/V programs according to VirusTotal. So I doubt MB would have detected it at the time but I am wondering how it might have handled the execution of the code? In hindsight I am thinking the most useful thing for me in this scenario to catch this sooner would be some sort of network traffic analyzer which would have detected all the strange traffic to Easter European IP addresses that were exchanged with this user's computer. But from what I understand the solutions that do that are five-figures and we are just a small business. Your insights appreciated. MB is not often mentioned in the small business arena when people talk about hardening their A/V but I have an open mind. Thanks.