Jump to content

MBAM with Rootkits checked and MBAR?


Recommended Posts

Hello all,

 

I have just read with interest this article  https://blog.malwarebytes.org/security-threat/2014/11/no-more-poweliks/   on the "Malwarebytes Unpacked" page.  In the article it talks about "Poweliks" but the part that got my attention was this quote:

 

"To double your protection, we recommend running Malwarebytes Anti-Malware along Malwarebytes Anti-Rootkit and Malwarebytes Anti-Exploit."

 

So my questions are:

 

1.      Why is it recommended to run a scan with MBAR as well as MBAM.  If I run a scan with MBAM with the rootkit option checked is that not the same as running both MBAM without rootkit checked and MBAR? I seem to recall a forum post from quite a while ago that mentioned that new rootkit definition were pushed out more quickly to MBAR than MBAM.

 

2.      Are the rootkit definitions more upto-date in MBAR than in MBAM.

 

3.      Is the best and safest plan to run a scan with MBAM without rookits checked and with MBAR, or should I run a scan with MBAM with rookits check as well as MBAR?

 

I'm sorry for all the question but any help or assistance would be greatly appreciated.

 

Kind regards.

Link to post
Share on other sites

I've found that the latest version(s) of MBAR require me to (temporarily) EXIT MBAM in order to run [When the scan is done, I can restart MBAM].

 

My understanding is that mbaR --- which is still in BETA --- is continually trying to improve itself.   Presumably, mbaM contains an earlier version of mbaR's engine, that's considered stable (or stable-enough) to be included there.

Link to post
Share on other sites

Hello ky331,

 

Thank you for your help. I pretty much thought the same as you (MBAR is a newer version of the rootkit scan than the one in MBAM) thanks for confirming.

 

It was a surprise to me though that you have to deactivate MBAM to run MBAR,  have you tried setting exceptions in MBAM for MBAE?

 

I'm going to download MBAR now and I'll set the exceptions in MBAM for it.  I'll report back when I've completed a scan.

Link to post
Share on other sites

Hi:

 


It was a surprise to me though that you have to deactivate MBAM to run MBAR,

 

See here for explanation:

https://forums.malwarebytes.org/index.php?/topic/160606-anti-rootkit-scan-failed-error/#entry906661

https://forums.malwarebytes.org/index.php?/topic/160606-anti-rootkit-scan-failed-error/#entry907274

 

Short version: MBAR-beta is version 1.08, while the integrated ARK module in MBAM is version 1.05.

Problem will be resolved when the integrated ARK module in MBAM gets updated.

 

FWIW, routine running of MBAR-beta on a system not thought to be infected is probably overkill?

 

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.