Jump to content

Update MBAM without providing credentials


Recommended Posts

Hi,

Is there a way to stop MBAM asking for administrative credentials when updating?

I'm running the protection module, which works fine. However, every 7 days it alerts me the dbase is outdated 7 days and asks me if I want to update.

When I click yes, it asks for my credentials (I'm running UAC / Windows 7).

I know no other scanner application that needs administrative permissions just to update it's database. It almost is counter intuitive, because when a user doesn't have the right permissions, he will end up with an out of date database.

Please share your idea's or thoughts.

Thanks.

Link to post
Share on other sites

  • Staff

Greetings :)

Malwarebytes Anti-Malware requires administrative privileges to update the database because of where the database is stored, which is a UAC protected location.

You can work around this by using the scheduler to set your updates so that they occur automatically instead of waiting until the database is 7 days out of date before updating (something that would be a very good idea since you're using the PRO version with the protection module as the protection module won't do you much good if your database is almost always out of date).

I would recommend scheduling your updates to occur at least once a day or even more frequently if you desire.

Link to post
Share on other sites

  • Staff

I have my scheduler to check every hour (Why not? I don't even know it's happening.). It would be nice, though, if Pro came with some updates and scans scheduled by default, say daily update and quick scan and a weekly full scan.

By default, it does schedule a daily update when you register the software with your ID and Key. That's what this option does:

post-2103-0-97105100-1332202241.png

Link to post
Share on other sites

Yes, I'm running a licensed pro version.

Setting the scheduler seems to have solved the problem. I know update every 6 hours, and a tray balloon informs me of success.However, if the database storage location is protected, how is the built-in scheduler able to access it? I don't need to fill in administrative credentials when I start my pc, so where does it receive it's correct permissions from?

Link to post
Share on other sites

  • Staff

Yes, I'm running a licensed pro version.

Setting the scheduler seems to have solved the problem. I know update every 6 hours, and a tray balloon informs me of success.However, if the database storage location is protected, how is the built-in scheduler able to access it? I don't need to fill in administrative credentials when I start my pc, so where does it receive it's correct permissions from?

It runs through mbamservice.exe, which runs as Firefox stated, from the SYSTEM account so it actually has higher than administrative privileges. By the way, that's also how most other security software are able to update without requiring credentials, the catch is that they must be running in the background all the time in order to facilitate this, something that the free version of our product does not do, that's why mbam.exe (the scanner) requires administrative privileges to download updates while updating through the scheduler works without any UAC prompts.
Link to post
Share on other sites

I hear you.

I still find it somewhat confusing to an end user, because I think updating should be possible at all times, regardless of your level of privilege.

However, as it seems to be working 'as designed', I just hope you might consider my post as being feedback instead of a complaint :).

Link to post
Share on other sites

  • Staff

Yes, I agree, it can be confusing and a hassle and it is something we've thought a lot about. Unfortunately the downside is that if we were to implement it in such a way that it never required credentials, the scanner would not function or be able to update (even for the free version) without us starting a service that runs in the background every time the computer starts. Many other vendors have done this, but one of the things we've always gotten positive feedback from our free users on is the fact that our free version does not run at startup.

Link to post
Share on other sites

I fully agree that adding more startup items isn't the solution. All these services, quick start items, supportive excecutables, etc. etc. slow down your computer. Even a modern computer (I7/SSD) might suffer from this over time, when more applications are installed.

Just a random thought: one is able to start a service without administrative privileges if I'm not mistaking. So why not install an MBAM service, set it to manual startup, and then use "net start" (or something similar) to start it when needed.

I don't know if this will solve the problem, but it's just something I was thinking about.

Link to post
Share on other sites

  • Staff

Interesting, I tried starting the same service and got a 32 error (though not error code 5). Could you check your task manager and find out what user the BranchCache service is now running under using Task Manager? If it is running under your own user account, then it wouldn't have admin privileges itself, thus any service started in this manner would not be able to allow Malwarebytes Anti-Malware to update anyway (because the service itself would lack the privilege level necessary to do so).

I'm pretty sure you can't start a service that runs under SYSTEM without admin credentials, as that would be a way to bypass UAC (User Account Control), which would be something that would greatly reduce the effectiveness of UAC to prevent privilege escalation (which is what it's designed to do).

Link to post
Share on other sites

I'm not sure what you mean. Using task manager, I can't see which user is running a service. When looking at the properties of the service, it's set to Network Service. (screenshot).

Branchcache is just a random service I used to try if it was possible, so it might have a specific configuration (which isn't admin related).

would greatly reduce the effectiveness of UAC to prevent privilege escalation which is what it's designed to do

Technically, I believe UAC was designed to improve the way privilege escalation is executed. Because in the past many systems settings either couldn't be changed at all (and you would need to log off and log on), or wouldn't function properly (when using the "run as" feature), where preventing escalation is a nice side feature. I know for sure I've read something about this. However, this kinda is off topic, and I might even be wrong.

Link to post
Share on other sites

  • Staff

You can find the process that the service is running under in Task Manager (most likely one of the instances of svchost.exe, but to be sure you can check the Branch Cache service in Services.msc to find out what executable it points to). Then you'd need to right-click on each svchost process one by one and select 'Go to service(s)' until you find the one that shows the Branch Cache service as one of the services highlighted, which means it's running under its process.

As for UAC, yes, it is designed to better handle privilege escalation, but it is primarily a security feature designed to prevent privilege escalation without providing proper credentials, that's why there are UAC prompts to begin with, otherwise it would simply escalate to admin level without any prompts like Windows XP does.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.