Jump to content

Can mbamapi.exe be used to remove PUPs?

creeves
 Share

Recommended Posts

creeves

creeves

Posted
Posted

Hi! I'm new to the forums but have been using Malwarebytes for some time now.

 

I have a powershell script that I use to run automated scans of remote machines. It also has the ability to remove whatever it finds.

I'm using MBAMAPI.EXE at the core of the script. Now this may be a long shot, but are there any switches that I can use with MBAMAPI that will allow me to remove PUPs as well?

 

I know there has been a change (probably not so recent at this point) and Malwarebytes as a whole is taking a more agressive stance against PUPs, which I'm on board for. I just can't seem to find a way to remotely remove them, which means things just keep coming back. Asking my end users to do this themselves is pretty much out of the question (Unix to Windows users here, GUI is new and foreign).

 

If there isn't a way to have MBAMAPI.EXE do this, is there possibly another approach or has anyone else tackled this same issue?

 

 

Thanks in advance for any help/insight!

 

C.Reeves

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Running any type of remote scan (meaning you've mapped the drive) is not going to be an effective means of scanning the system and your antivirus would be much better at flat file scanning.

 

I've been doing Server and Systems support myself now for over 20 years and personally I see doing remote actions as a waste of time in this case as the program already fully supports scheduled silent automatic updates and scanning.  As a Systems Admin the less work and remote scripts needed the better so that I can focus my attention on larger issues and projects.

 

You can set the clients to all remove PUPs as well - this can be modified on the fly by changing a registry value.

 

There are no switches that I'm aware of to do what you're wanting to do, but again personally I would set it and forget it for the clients. 

Link to post
Share on other sites
creeves

creeves

Posted
  • Author
Posted

20 years, you young whipper snapper!  :) 

Well, each machine is running the Malwarebytes client. I'm definitely not using one install to scan 1000s of machines. So the powershell script actually opens up a cmd instance on the remote machine itself and calls the commands locally. Any yes, these machines have a scheduled task, but it still fails to remove PUPs (it logs them however which is why this script is written).

Where in the registry can I modify Malwarebytes to automatically remove PUP items found during a scan?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

What are the 'PUP' detections, are they threats, and should they be deleted?

 

Command line for Windows x86

 

Do not show in results list

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 0 /f

Show in results list and check for removal

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 1 /f

Show in results list and do not check for removal

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 2 /f

Command line for Windows x64

Do not show in results list

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 0 /f

Show in results list and check for removal

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 1 /f

Show in results list and do not check for removal

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware" /v "detectpup" /t REG_DWORD /d 2 /f
Link to post
Share on other sites
  • 7 months later...
jbbjshlws

jbbjshlws

Posted
Posted

Hello everyone!

Great stuff here so far, I was hoping I could get a hold of that powershell script, we are using the pro version of MBAM through Kaseya and we end up with many MANY PuP's that are not removed automatically. How did you manage to script the removal and preferably as the system user so the end user doesn't get any window pop. 

 

cheers,

Joshua

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.