Protection

[alan1998]

Hey, So recently I tried the Trial Version of MBAM. Not bad! Love the Zero-day threat, fantastic, but on the prevention side of things, it did horrible. I disabled my AV which I use for prevention so nothing got in MBAM's way. Sadly Chrome did so I switched to iexplore. I must say I was expecting more, out of the 15 sites I tried 1 was blocked succesfully, all different types of comprimises, infections etc. There was 1 in particular which was a Black Hole Exploit Kit 2.0, downloaded a file (Automated, presumably using Java?). I left it there to see if MBAM reacted in anyway (Scanning). Nothing. I scanned it after it had been successfully installed, nothing. I got worried and deleted the files and downloads and all traces of it. But the Protection part needs a lot of improvement. Zero-day or Zero-Hour (Can't remember) Is fantastic!

[Firefox]

You seem to have conducted your test as if MBAM was an antivirus program. You mentioned you disabled your AV before doing your test to see how MBAM would perform.

First off Malwarebytes is not an antivirus program, its an antimalware program. Your first line of defense is your Antivirus Program, then Malwarebytes as your second layer of defense. Malwarebytes will only react when the file is executed. Scanning of the files while they are downloaded is the job of your AV.

[exile360]

First off Malwarebytes is not an antivirus program, its an antimalware program. Your first line of defense is your Antivirus Program, then Malwarebytes as your second layer of defense. Malwarebytes will only react when the file is executed. Scanning of the files while they are downloaded is the job of your AV.

That's quite correct. Additionally, and specifically regarding exploits, we have special heuristics technology in our protection module which is not included in our scanner that is designed to target them, but it only reacts if the exploit actually tries to execute. We do not scan on-access/on-download the way antivirus software does. Our protection module only checks a process when it makes an attempt to enter memory. This is how we're able to avoid conflicts with a user's antivirus software since by the time we see it trying to execute, the antivirus has already scanned the file when it was downloaded prior to that.