Feature Request: Check for security services not running

[MikeRepairsComputers]

MBAM does not fully test if security services are not running.

Example:

A Windows 7 64 bit machine has no anti-viris, a couple viruses and a root kit.

I removed the root kit with TDSS Killer. Reboot. Run TDSS Killer again, verify rootkit is gone.

Installed, updated and ran MBAM 1.60.1.1000 full scan, it removed some Trojan.Agent and Trojan.FakeMS files. Reboot

Run MBAM again, nothing found.

More security audits lead to the following windows services not running:

Base Filtering Engine

Windows Firewall

Security Center

The virus deleted the registry keys for all three of these services.

The services no longer show up in the Services control panel.

The services are not running, therefore the system security is compromised.

Suggested feature:

I suggest MBAM check for the missing registry keys and check that the services are missing/not running.

MBAM should alert of this condition, it did not. Can this be added to a future version?

More info on the viruses I removed:

Win32:DNSChanger-VJ[trj]

Win32:Sirefef-HO[rtk]

Win32:Kryptic-GXM[trj]

Win64:ZAccess-A[trj]

Win32:Alureon-ANW[rtk]

Win32:Rootkit-gen[rtk]

Win32:MalOb-GR[Cryp]

MBR:Alureon-B[rtk]

MBR:Pihar-C[rtk]

More info on restoring the registry keys the second post by Farstrider (that starts “you can also try this:” ) worked

[AdvancedSetup]

Hello Mike and thank you for the suggestion but repairing registry damage done by an infection is not quite the same scope as protecting and removing the infection.

I'm not aware of any product on the market that is currently capable of doing what you're requesting though we are working on some technology along those lines already but when and to what extent I can't say at this time.

Thank you again

[MikeRepairsComputers]

I understand MBAM might not be able to repair windows. I just think it could be a great new feature to at least alert the user their system is still compromised and needs repair.

Currently it completes a scan and says 0 threats found, but the Firewall, Security Center, and Base Filtering Engine services are disabled leaving a big open door to further infection. The average user will never know that is computer is now very unprotected and more vulnerable to re-infection than when it was new.

Yes, no other commercial products on the market do this, but your product could be better if it at least had the capability to notify the system is still compromized. I am suggesting a new feature to make MBAM better than the rest. Please consider this at your next feature discussion meeting.

There is a technicians tool to perform these checks, so the technology is available now.

Farbar Service Scanner

[MikeRepairsComputers]

Yes I fixed the firewall and other services with the info in the links in my 1st post. Thanks for the help.

[Spilly]

I understand MBAM might not be able to repair windows. I just think it could be a great new feature to at least alert the user their system is still compromised and needs repair.

Currently it completes a scan and says 0 threats found, but the Firewall, Security Center, and Base Filtering Engine services are disabled leaving a big open door to further infection. The average user will never know that is computer is now very unprotected and more vulnerable to re-infection than when it was new.

Yes, no other commercial products on the market do this, but your product could be better if it at least had the capability to notify the system is still compromized. I am suggesting a new feature to make MBAM better than the rest. Please consider this at your next feature discussion meeting.

There is a technicians tool to perform these checks, so the technology is available now.

Farbar Service Scanner

Sounds good, It will be a very useful function.