lock

Hi AdvancedSetup, I may agree with you that I, as an average user , do not know how to test MBAM. But to claim that everybody out there ( AV Comparatives, AV Test, PC Mag) is testing MBAM in wrong way, is a little bit too much. Some of them were in business for so many years and are the "standards" in testing security solutions. And over 20 security solutions are comfortable with the methodology used....

Trend Micro is a very complex antivirus so no mater what kind of exclusions you add, sooner or later you will run into trouble, not necessarily visible like BSOD , but slow system, non detection, etc. MBAM works very well with a basic antivirus , like MSE .

Trend Micro by itself has 100% detection rate in AV Comparatives, in the last year. I would say Trend Micro is enough.

Additional information: Here is how Neil J. Rubenking performs his testing for PC Mag, regarding "The Best Ransomware Protection of 2017" https://www.pcmag.com/roundup/353231/the-best-ransomware-protection Testing Anti-Ransomware Tools "The most obvious way to test ransomware protection is to release actual ransomware in a controlled setting and observe how well the product defends against it. However, this is only possible if the product lets you turn off its normal real-time antivirus while leaving ransomware detection active. Of course, testing is simpler when the product in question is solely devoted to ransomware protection, without a general-purpose antivirus component." "If Trend Micro Antivirus+ Security detects a suspicious process attempting file encryption, it suspends the process, backs up the file, and keeps watching. When it detects multiple encryption attempts in rapid succession, it quarantines the file, notifies the user, and restores the backed-up files. I couldn't specifically test this feature when I reviewed Trend Micro, because it's not possible to turn off other layers of protection and leave only the behavior-based system, but my contacts at the company assure me this is how it works." So, is a clear cut procedure: turn off all other layers of protection and leave only the specific shield you want to test. Thanks!

Hi Ron, Thank you for your answer! MBAM has 4 distinct individual shields (Web, Exploits,Malware, Ransomware) which can be selected individually. These shields have been developed and sold as "stand alone" protections until recently , when they have been incorporated in the same "unit", MBAM 3.0 In fact , Exploit is still delivered as Perpetual Beta, and is expected to perform as such, without other shields. I see the test perfectly valid, I tested the Ransomware shield against a Ransomware , nothing else. Hiding the inefficiency of Ransomware Protection behind the other shields, and hoping that somehow they will catch the ransomware by "definitions" , doesn't serve anyone. In fact, in the second part of the test , the Ransomware protection worked quite well , using a behavior mechanism, and detected Wanacry as "generic" , which is perfect, tells me that indeed, is the behavior mechanism which detected it and not some short of definition. The only problem: a few files were encrypted ( 4 .docx files) before the Ransomvare shield reacted. Is this how "Ransomware protection" should work????

Hi, I tested MBAM against Wanacry. With all shields enabled, MBAM will quarantine Wanacry upon execution ; nothing spectacular so far, each and any antivirus would do that. With all shields disabled , except "Ransomware protection", MBAM would automatically quarantine Wanacry as "Malware.Ransom.Agent.Generic" , AFTER SEVERAL FILES WERE ENCRIPTED ALREADY. Is this how "Ransomware protection" should work???? Thanks!

So, if you turn off notifications regarding website blocking, how would you know that a website is blocked ??? You will not be able to open the webpage without knowing why...

Read here how....

Thanks! Finally, the MBAM developers listened......

Yes, I did that, + uninstall, clean, install , but is the same ; once again, in my situation it is a DESIRED behavior. I have it installed on 2 PC , see picture:

Setting is OFF, but this is for notification (like pop up message) not for X RED MARK on the icon. On previous versions I had the same setting OFF, but un X RED mark was present on the icon, OK, how is on your PC???

...if this is the intended behavior? I disabled "web protection" and MBAM icon doesn't have a RED X mark on it (as usual) While I like this behavior, I am wondering if this is by design or is just a flaw in the present version (3.3.1.2183) Thanks!

Here where is stuck:

I can confirm that. The same "MBAM gets stuck on a certain file " , in my situation is a .dll file.

Yeh, probably you did....while skipping first 7 years from home.

If you go with the mouse cursor right on the edge of the window, to cursor will change in a double arrow, and you can increase the size of the window.

I added to MSE "Excluded Processes": C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe to MSE "Excluded Files and Locations": C:\Windows\system32\Drivers\farflt.sys C:\Windows\System32\drivers\mbae64.sys C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\MBAMChameleon.sys C:\Windows\System32\drivers\MBAMSwissArmy.sys C:\Windows\System32\drivers\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware C:\ProgramData\Malwarebytes\MBAMService and to MBAM " Folders": C:\Program Files\Microsoft Security Client C:\Program Files (x86)\Microsoft Security Client

If you toggled off the setting 'Show Notifications when Real Time Protection" you will not get notifications, however, the icon in the task bar still had ( a month ago) the exclamation mark. With the new version , I toggled off " Show Notifications when Real Time Protection" and I do not get notifications and also the red mark on MBAM icon is not present. I did all exclusions between MBAM and MSE ( including .sys drivers for MBAM); the re is zero slowdown , while Web protection is disabled, but noticeable when is enabled.

No, if I turn off Web protection , the icon stays the same .

Just installed again ( over 50 times so far) the latest MBAM ( 3.3.1.2183) and finally I can turn off various shields without the red "x" mark on MBAM icon. Guess which shield I turned off first? Web protection!!! Now MBAM and MSE work perfectly with ZERO slowdown. Well done MBAM!!!! There is one more step to get there: buy/ lease an antivirus engine (Avira, Bitdefender) and create another shield (Antivirus protection) Now you will have in the same product an antivirus and an antimalware and you can participate in AV Comparatives / Virus Total, avoid conflicts with any other antivirus (no need to install another antivirus), sell a full product.

"Behavior Shield comes standard in all versions of Avast 2017, protecting you from zero-second threats, ransomware and other malicious programs" https://blog.avast.com/behavior-shield-our-newest-behavioral-analysis-technology

A "Life time license" is a life time one, regardless of Marcin's approval

It is Malwarebytes' decision , not Marcin's promise.....