Jump to content

Why malwarebytes Premium can't detect Eicar test


romyalfarezy

Recommended Posts

MBAM does not target script files. That means MBAM will not target; JS, PY, .HTML, VBS, VBE, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.

Non Windows files that are infecting Android platforms or are malicious and targeting Android are posted in; Mobile Malware (Android)

 

This is the EICAR test file contents.

post-14644-0-66920400-1425642297_thumb.j
 

 

This is what the contents of an executable (PE) binary looks like and you can see that it starts with the first two characters being; MZ

post-14644-0-11984900-1425642420_thumb.j

Link to post
Share on other sites

  • 2 years later...
14 minutes ago, GraceA said:

Hello,

Does it still hold true what David has written on what MBAM can and cannot do?

Yes, But MB has added more layers of protection than back in 2015 when this post was made.

 

Edited by Porthos
Added info
Link to post
Share on other sites

14 minutes ago, GraceA said:

Hello,

Does it still hold true what David has written on what MBAM can and cannot do?

Yes.  File detection and targeting via signatures has not changed.  What has changed is the application of modules that don't work off signatures but act upon actions taken. 

For example while MBAM may not target and recognize a Java based Remote Access Trojan ( JRAT )  the exploit module is presumed to prevent the actions taken to make the JRAT actually work against the victim thus protecting the MBAM user.

Link to post
Share on other sites

Thank you David, Porthos!

 We are using Malwarebytes Breach Remediation that does not reside on every machine in our org, we only deploy it to a machine if we suspect an infection. Now these files usually are the kind David mentioned are not handled by MB*.

But we were under the impression that MBBR would be able to recognise these malware (just sitting on the system and not executing) and remove them. So now, can this be confirmed that MBBR will do nothing if it comes across such files?

*Script Files : JS, PY, .HTML, VBS, VBE, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc. Documents: PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc. Media files:  MP3, WMV, JPG, GIF, etc.

Link to post
Share on other sites

I am not familiar with Breach Remediation but if my presumptions are correct, you are looking at the product from the wrong angle.

I suggest bringing up your questions and concerns in; Malwarebytes Incident Response (includes Breach Remediation)

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

  • 3 months later...

Malwarebytes is arguably the most popular secondary malware scanner. I have been using it for a year now. 
It was made to address the protection worries of clients of Windows 10 who don't wish to have data about their PC utilization sent to Microsoft. Spybot Anti-Beacon 1.6 now accessible. since Spybot Anti-Beacon will likewise be coordinated into Spybot 3, Anti-Beacon 1.6 will include two new immunizers and a couple of new blocked hosts.
Further, I would suggest you  Premium TEAM directly via phone or email to sort the issue. People can give suggestion but the company which is a real owner or processor can help you with a better answer. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.