Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

Need help with Malwarebytes and Deep Freeze ?

Hav0c
 Share

Recommended Posts

Hav0c

Hav0c

Posted
Posted

So after being instructed to post this in the Business section here gos .

 

So I was wondering how to configure Deep Freeze Enterprise to work with Malwarebytes.

I came across the configuration method for Deep Freeze and ESET which is my Anti Virus. The website provided script to set up the registry keys and some folders.

 

I have configured the script to work with Malwarebytes (ONLY tested it with version 2.xxx)  and attached it to this post.

Do note, I see that Virus Total does get hits.

But it's due to the commands that's run to redeirect the files

 

Hope this helps as I got no help from Faronics.

 

Original configuration post

 

 

1. Uninstall Malwarebytes Anti-Malware client, and remove any folders left behind after the uninstallation. There may be residual folders and files under "ProgramData" (or Documents and Settings\All Users\Application data) or under "Program Files"; the script will fail to create the folder redirection if these folders have lock on them.

2. Install the Deep Freeze client on the workstation if you are using a thawspace. Note, that the thawspace must be 1GB minimum to allow the antivirus updates, and it is strongly recommended to create a separate thawspace just for the antivirus files. The drive letter being used is not important as the script used to perform the mapping will detect the ThawSpace installed on the client machine.

3. Thaw the machine.

4. Open a command prompt, and run as administrator in Windows Vista/7.

5. Please extract the .vbs file within redirection.7z.  Run the script "redirection.vbs" with elevated privileges. This will create the registry keys, folders, and the folder redirection for which administrator rights are required. Verify the folder has been created:

'ProgramData\Malwarebytes'

(hint: this will have a special folder icon with a small blue arrow in the bottom left corner in Windows Vista/7 indicating they are a junction point to another location)

6. Download and install Faronics Data Igloo: www.faronics.com/download.php?p=IGS

7. Run Data Igloo

8. Under the 'Registry Key Redirection' tab, click to enable 'Redirect registry key changes to', and select the destination. When the script runs, it will create a folder in the thawspace or specified location called '%thawdrive%\Antivirus\Registry'. This should be selected as the default save location.

9. Redirect the following keys:

HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\Software\wow6432node\Malwarebytes' Anti-Malware (only if you are using a Windows Vista/7 64 bit OS)

10. Install the Malwarebytes' Anti-Malware client.  Ensure that you define your update credentials, and specify '%thawdrive%\Antivirus\Program Files' as the install location.  Hint:  This folder was created in step 5, based on where the thawspace was automatically detected, or where you've specified the script to create the redirection folders.

11. Freeze the machine.

12. Run updates for Malwarebytes.

 

 

 

NOTE:

The code has be modified to work with ANY version of MBAM now.
any question PM me

redirection.7z

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hello Hav0c. My name is Ron and I will be assisting you today.

 

What are you trying to do with the script you sent or trying to do with making them work together. As far as I know with my history with deep freeze, you would only need to install, activate, update the program, then freeze that PC and that will have the protection working, but will need to be updated. 

 

I am just mainly confused with the script portion and what you are trying to do with it.

 

Thank you,

 

Ron S

Link to post
Share on other sites
Hav0c

Hav0c

Posted
  • Author
Posted

Hello Ron,

Deep Freeze "freeze" the PC in its current state.

If you update your MBAM before you freeze your PC, MBAM will be updated all fine and dandy but after you freeze your PC and update your MBAM and reboot or witch off the PC, MBAM would not have been updated as it will revert back to the instance you froze your PC. So doing making the update process redundant as it will not apply the update/settings.

The script and settings as stated above will allow a user to freeze there PC and update there MBAM as normal and the user does not need to thaw their PC every time just to update their MBAM and then re-freeze it afterwords.

Link to post
Share on other sites
Hav0c

Hav0c

Posted
  • Author
Posted

Hello Ron,

One thing that I did notice that could cause a problem is if the user does not Redirect (step 9) the correct registry keys for Malwarebytes.

 

I have updated my MBAM that is on a frozen PC and all seems in a working order.

It's actually really easy with the script but I will assist anyone if need be.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.