Jump to content

Can both MBAM and MBAE run together?


Recommended Posts

Hello jamesmith134:
 
Not only are the free/premium versions of MBAM and MBAE compatible, both premium versions are strongly encouraged as full-time components in a system's defensive arsenal along with a highly regarded, full-time, installed Anti-Virus solution.

Thank you.

Link to post
Share on other sites

Just to add to 1PW's reply:

Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit are separate modules, installed and purchased separately

One doesn't replace the other. They are made to work along side of each other.

http://www.malwarebytes.org/products/

**Malwarebytes Anti-Exploit Premium**

Blocks dangerous exploit-based malware and prevents the damage it can do

Protects you from zero-day exploits targeting browser and application vulnerabilities. Its proprietary technology guards you in that critical period between the release of a new exploit and its security patch. And, unlike antivirus products, Malwarebytes Anti-Exploit Premium proactively prevents the exploit from installing its payload. Before it can do damage.

How it works for you

Three layers of exploit protection (protection against Operating System security bypasses, memory caller protection, application behavior protection)

Proactive technology

Protection for older Windows operating systems, including Windows XP

Ability to add and manage custom shields

No signature database

Small footprint

Anti-malware and antivirus compatible

Blocks unknown and known exploit kits

What it does for you

Protects browsers, including Internet Explorer, Firefox, Chrome, and Opera

Protects browser components, including Java and Flash

Defends against drive-by download attacks

Shields vulnerable applications, including Microsoft Office, PDF readers, and media players

**Malwarebytes Anti-Malware**

What it does for you

Detects and protects against malware in real-time

Blocks hacking and phishing attempts

Schedules automatic scanning

Offers three flexible scanning modes

How it works for you

Anti-Malware/Anti-Spyware

Malicious website blocking

Real-time protection

Heuristic detection

Integrated Malwarebytes Anti-Rootkit

Hyper Scan mode

Scan/Database update scheduler

Integrated Malwarebytes Chameleon

Advanced malware removal

Antivirus compatibility

Link to post
Share on other sites

(I still don't understand how come MBAM can't detect Viruses, is it really that different code to look after than a malware's code?)

Occasionally the following really needs to be repeated:

 

1. First, MBAM is incapable of removing malicious code from within an infected, legitimate, file.

File infecting viruses (real viruses, not what people "think" is a virus) prepend, append or cavity inject malicious code into legitimate files. As a virus, the infected file can, in turn, infect other files, and/or systems. Some trojans may also prepend, append or cavity inject malicious code into legitimate files. However, in this case, the infected files don't infect other files or systems. These are known as being "trojanized" or "patched". In both cases, MBAM can not remove the malicious code from infected files.

2. MBAM does not target documents, graphics/media or scripted files. That means scripted files such as; HTML, VBS, JS, PY, CLASS, SWFJavaScipt, PHP, BAT, CMD, SQL, etc are not targeted. Documents such as; DOC, DOCx, XLS, XLSx, PPT, PPTx, PDF, ODF, RTF, etc are not targeted. Media files such as graphics are not targeted such as; GIF, PNG, JPG, BMP etc. Movie files such as; MOV, AVI, MPG, WMV, etc are also not targeted.

This means that MBAM will not target a MS Word document that has a Macro Virus or a movie file that is a Wimad trojan.

3. MBAM does not target exploit code. That means malicious Java, PDF, Word files or other files that have been specially prepared to exploit a vulnerability will not be targeted.

4. MBAM will target Windows executable files. They can be EXE, CPL, SCR, DLL, SYS and OCX. Windows Executable files have the first two characters being 'MZ'. Any executable file that has been renamed will still be targeted just as long as they are Windows executables where the first two characters are 'MZ'. That means an EXE that has been renamed to have the JPG extension will still be targeted.

5. MBAM is not a historical anti-malware solution. That means MBAM will not target malware that was seen in the wild in 2008 but is no longer seen in the wild. MBAM targets new, fresh, malware seen in the wild Today. Malwarebytes' personnel periodically cull the signatures for malware that is no longer seen in the wild and thus no longer relevant.

MBAM will target a limited subset of viruses called worms.

So when you take all that into account, MBAM Premium complements a highly regarded, fully installed, on-access anti-virus solution. The fully installed anti-virus solution is relegated to the detection of such things as a malicious JavaScript, a PDF that is using exploit code or if the site is hosting a malicious Java Jar.

What MBAM excels over anti-virus solutions is re-mediating the modifications that malware makes to an Operating system. Today's non-viral malware will greatly modify the computer they infect to change the way they work. This could be changing file structures, NT Services or Registry modifications. Traditional anti-virus applications do poorly in reverting those changes to normal. MBAM excels in reverting those changes to normal.

Reproduced with the kind permission of the author, Mr. David H. Lipman and later edited and modified.

Link to post
Share on other sites

  • Staff

So when I right click on a PDF file for example, and MBAM says scan is completed, it didn't really scan it? (because it doesn't target it according to the above message)

Malwarebytes Anti-Malware (MBAM) scans by file content rather than by extension. The programme reads the file signature or "magic number" to determine the file format. As the quotation above states, MBAM does not target certain file formats; Portable Document File (PDF) being one. When you scan your PDF with MBAM, the programme opens the file, reads the first few bytes which will be %PDF in your case, recognises the file format as PDF, and as such, finishes the scan. The file cannot be determined as malicious by MBAM, but likewise, it also cannot be determined as benign. It's nature (malicious or benign) is not determined by MBAM.

 

On the other hand, we could have a Windows portable executable (PE) file with a .pdf extension. However, this does not make the file a PDF; it's extension has simply been given that of a PDF. This file still has a file signature of MZ, indicating it is an executable file. When scanned by MBAM, it will be checked for maliciousness by MBAM's engine (signatures, heuristics, etc) because of the MZ file signature.

 

Therefore, your PDF file is scanned by MBAM, but this scan goes no further than the file signature. When one talks of "targeting", this is in reference to checking the nature of the file against known malware signatures, heuristics and other modules in the programme. All files are scanned (opened), but only certain file formats are targeted. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.