Malwarebytes and Microsoft Security Essentials conflicts

[Soopa]

5 minutes ago, Shyste said:

Nevermind, I'm an idiot.

Why, what did you do?

[Shyste]

I was looking for some magical disable all clients when I just needed to update the policy.

[itlifesaver]

Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""
"mbam.exe"=dword:00000000
"mbamgui.exe"=dword:00000000
"mbamservice.exe"=dword:00000000
"mbamscheduler.exe"=dword:00000000
"mbamapi.exe"=dword:00000000
"mbamdor.exe"=dword:00000000
"mbae.exe"=dword:00000000
"mbae-svc.exe"=dword:00000000
"mbae-cli.exe"=dword:00000000
"SCComm.exe"=dword:00000000

[MPoirier]

3 minutes ago, itlifesaver said:

Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""
"mbam.exe"=dword:00000000
"mbamgui.exe"=dword:00000000
"mbamservice.exe"=dword:00000000
"mbamscheduler.exe"=dword:00000000
"mbamapi.exe"=dword:00000000
"mbamdor.exe"=dword:00000000
"mbae.exe"=dword:00000000
"mbae-svc.exe"=dword:00000000
"mbae-cli.exe"=dword:00000000
"SCComm.exe"=dword:00000000

I tried doing that, but could not get a test PC to load the exclusions that way. YMMV

[itlifesaver]

In our testing, we've found the keys only writable by the SYSTEM account, and workarounds to add or modify them pragmatically so far unsuccessful. If anyone comes up with an automated solution to add these settings we'd love to know about it!

[goatmale]

Hello folks. Just wanted to provide a status update of my personal experience in dealing with this issue.

We initially tried to disable SCEP's real time scanning. After doing this, we continued to experience issues.

We then disabled Anti-Exploit across the board, still issues for a handful of users

After hours of pouring over event logs, appcrash logs and reviewing end-users pcs. I noticed that there was a product called "Microsoft Antimalware" installed. I have no idea how it got there, but it was using similar file / service names (msmpsvc) to SCEP / Microsoft Security Essentials.

What a complete waste of time I made for myself by overlooking it.

This morning I created a simple SCCM package for uninstalling this product.

msiexec.exe -parameters "/x '{0c243024-b7af-478b-b6f1-574a4ab0e07c}' REBOOT=ReallySuppress /q"

I am crossing my fingers that this finally puts this issue to rest, and that I never have to think about this or anything ever again.

 

Side note, does anyone know if this affects both the 1.80.1.1011 and 1.80.2.1012 versions of Malware Bytes Enterprise?

[dcollins]

2 hours ago, itlifesaver said:

Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000
"C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""
"mbam.exe"=dword:00000000
"mbamgui.exe"=dword:00000000
"mbamservice.exe"=dword:00000000
"mbamscheduler.exe"=dword:00000000
"mbamapi.exe"=dword:00000000
"mbamdor.exe"=dword:00000000
"mbae.exe"=dword:00000000
"mbae-svc.exe"=dword:00000000
"mbae-cli.exe"=dword:00000000
"SCComm.exe"=dword:00000000

Using a .reg file should work in safe mode, but you need to make sure that you take ownership of those registry keys and give yourself write access before doing so. Be sure to reset ownership and permissions back to defaults when you're done to reduce security concerns.

[BryanWright]

Is anyone else still having issues with this?  We entered the exclusions in system center, both processes and files, and have the most recent definitions from Microsoft.  We thought we had solved everything yesterday afternoon, however today some computers are back to freezing again, and disabling Malwarebytes solves the issue.

[Stave]

6 hours ago, oreonutz said:

Did you add the exclusions in Mse not only to "Files and Folders" exclusions but ALSO TO "Procceses" exclusions as well? 

Also did you restart after doing these exclusions, because I noticed not every computer responded to the exclusions right away, about half of them did, but the other half didn't, so I just always restarted regardless after adding exclusions. Also it may be helpful to exclude the MSE processes in MB as well. 

 

Yes, I had added all MBAM and MBAE .exe files to both "Files and Folders" and "Processes" exclusions in MSE and rebooted when another hang occurred. However, in MBAM I only added the MSC directory and MsMpEng.exe to Malware Exlusions in MBAM. I had not added the MSE Processes to Web Exclusions in MBAM. I will do so now.

At first, the exclusions seemed to work for most of the day until later when I had another hang. A notable difference was that the latest (post-exclusions) hang occurred some minutes after booting. I thought everything was okay and started browsing, then minutes later I had the exact same slowdown as before the exclusions. The difference was that before I added exclusions, the hang would occur immediately after booting which didn't even allow me to open any application.

I am still waiting to see some official updates that specifically address this conflict between MSE and the Malwarebytes products, before I re-enable Real-Time Protection in MSE. After you story about a killed SSD, I'm not eager to do more testing on my own system until there is an official fix rather than this temporary exclusions workaround.

I see MSE definitions updated to 1.233.356.0 today.

@BryanWright: Yes, as I mentioned in my earlier post I had another hang after putting in all the exclusions yesterday.

[Stave]

I also wanted to mention that since disabling Real-Time Protection in MSE I have been able to run an MSE Quick Scan and MBAM Threat Scan successfully without any hits.

[Cleatus]

partial update for me---the majority of our computers are fine now

I added the exclusions to a brand new imaged laptop (not on our domain) and it hangs at startup.  Going to try some more testing (remove exclusions) to see what I get.

 

 

[Cleatus]

update again...

I ran the latest (todays) MS definition update, and seems to be much happier.

note that I did have yesterdays definitions, and it did not seem happy.

[BryanWright]

We have at least one PC still having problems, on version 1.233.412 of the MS Security definitions.

[djacobson]

Hi everyone, I noticed some people using shortname exclusions in Microsoft's product because of our apostrophe. Keep in mind there's a possibility these exclusions as is may not be referring to the right area, depending on how you installed the Malwarebytes software. It could be a different integer listed in the short name, these short names assume you have installed the program(s) in a certain order, resulting in one path being a malwar~1 or malwar~2. If this is wrong, the exclusions you entered will not work!

 

It is best to copy/paste the exclusions when adding them. We have seen issues when using the short filename convention and/or environment variables (%programfiles% mapping to “C:\Program Files\” instead of “C:\Program Files (x86)\” or vice versa).

Solution Steps:

·         If your computer is responsive, complete steps 1-8

·         If your computer is unresponsive, wait 10-15 minutes for it to become responsive and then complete steps 1-8

·                 If after waiting 10-15 minutes and your computer is still unresponsive, boot to Safe Mode and complete steps 1, 3-6 and then 8

 

Alternatively, you can immediately boot into Safe Mode and complete steps 1, 3-6 and then 8.

1.       Open MSE/SCEP

2.       Disable Real-Time Protection: Settings -> Real-Time Protection

3.       Exclude files: Settings -> Excluded files and locations and add all the files below

a.       Note: make sure to use the full path to the file

4.       Click Save Changes

5.       Exclude processes: Settings -> Excluded processes and add all the files below

a.       Note: make sure to use the full path to the file

6.       Click Save Changes

7.       Re-Enable Real-Time Protection: Settings -> Real-Time Protection

8.       Reboot computer into Normal Mode

If you’re copying all exclusions at once, be sure to include the required semicolon after each entry.

 

Managed client:

·         C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe

·         C:\Program Files\Malwarebytes' Managed Client\SCComm.exe

 

For x64 installations:

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe

·         C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe

 

Standalone Malwarebytes Anti-Malware client:                  

·         C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe

·         C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe

 

For x64 installations:

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe

·         C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe

 

Standalone Malwarebytes Anti-Exploit client:

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe

·         C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe

 

For x64 installations:

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

·         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe

Edited November 23, 2016 by djacobson
info detail

[dwe]

This workaround is not working for us.  Our computers are still freezing at noon when our MBAM is scheduled to update and do a quick scan.  We use SCEP (virus definition version: 1.233.412.0) and mostly standalone MBAM (v. 1.80.2.1012, Database version: v2016.11.23.11).

I added the following into both "Excluded files and locations" and "Excluded processes": (correct integer for us is 1). 

Standalone Malwarebytes Anti-Malware x86:
%ProgramFiles%\malwar~1\mbam.exe
%ProgramFiles%\malwar~1\mbamgui.exe
%ProgramFiles%\malwar~1\mbamservice.exe
%ProgramFiles%\malwar~1\mbamscheduler.exe
%ProgramFiles%\malwar~1\mbamapi.exe
%ProgramFiles%\malwar~1\mbamdor.exe

I did not add the following exclusion to MBAM:  C:\"c:\program files\microsoft security client".  Should I?

Also, I did not add this exclusion to SCEP:  "C:\Windows\System32\drivers\mbam.sys".  Is this also necessary?

Thanks.

[djacobson]

Yes, it would be good to add C:\Program Files\Microsoft Security Client\MsMpEng.exe specifically to your Malwarebytes. Adding C:\Windows\System32\drivers\mbam.sys to your other security software is a recommendation in our best practice guides.

Use copy and paste for the exclusions instead of the shortnames, they could be inaccurate.

Edited November 23, 2016 by djacobson

[oreonutz]

3 hours ago, dwe said:

This workaround is not working for us.  Our computers are still freezing at noon when our MBAM is scheduled to update and do a quick scan.  We use SCEP (virus definition version: 1.233.412.0) and mostly standalone MBAM (v. 1.80.2.1012, Database version: v2016.11.23.11).

I added the following into both "Excluded files and locations" and "Excluded processes": (correct integer for us is 1). 

Standalone Malwarebytes Anti-Malware x86:
%ProgramFiles%\malwar~1\mbam.exe
%ProgramFiles%\malwar~1\mbamgui.exe
%ProgramFiles%\malwar~1\mbamservice.exe
%ProgramFiles%\malwar~1\mbamscheduler.exe
%ProgramFiles%\malwar~1\mbamapi.exe
%ProgramFiles%\malwar~1\mbamdor.exe

I did not add the following exclusion to MBAM:  C:\"c:\program files\microsoft security client".  Should I?

Also, I did not add this exclusion to SCEP:  "C:\Windows\System32\drivers\mbam.sys".  Is this also necessary?

Thanks.

Yes, I helped a friend today on their system and that is exactly what he was doing wrong, his short name was exactly one character off, and that makes the whole thing wrong. This is what I would do instead. Copy and Paste THIS ENTIRE LIST INTO THE FILES AND FOLDERS Exclusions, and then hit add. Then hit Save. Then go into Processes Exclusions and copy the entire list again. Even if you are not using some of these processes, it does not matter, it will not hurt anything, it will only apply to the ones that are their, trust me if you just copy and paste the following code into MSE or SCEP and test it, it WILL work. Just MAKE SURE to REBOOT After saving it! 

Also due to the formatting of this site, when you copy this and then paste it, it might not paste it all into one line, I would copy and paste this code into just regular old notepad first, and make sure word wrapping is off, and make sure its just one long line, it actually will end up wrapping into 2 lines because it is so long, but that way you know nothing was added in the formatting that would mess it up. It needs to be just the path of the program followed directly with a semicolon, a space, and then the next path. This works, Trust Me!

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files\Malwarebytes' Managed Client\SCComm.exe;

 

 

[oreonutz]

By the way, what I just posted will work for you, whether you are 64bit or 32bit, and whether you have MB Mangaged or Standalone, and whether you have Anti Exploit or you don't. It adds the an exclusion for the default path of everything, whether its 64 bit or 32 bit. And it doesn't matter if you don't have Anti Exploit for instance, that path will just be ignored. This is the easiest way to make sure everything is covered, no matter what the system is that you are adding it to. Use the process that was posted by djacobson above and copy and paste the code I just posted above into the exclusions window, and it WILL WORK for you after rebooting. It worked for me on all 240+ computers that I did since Sunday Night.

[oreonutz]

And Don't worry about pasting the code into a text editor first to check the formatting, I just pasted it myself, and it doesn't change the formatting at all, so you can copy and paste the code directly into the exclusions window in MSE or SCEP, then hit add and save, on both "Files and Folder" and "Processes" Exclusions. Then save and Reboot. Here is the Code Again. Just in case you missed it the first time:

18 minutes ago, oreonutz said:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files\Malwarebytes' Managed Client\SCComm.exe;

[dwe]

Will turning off Real-time protection suffice to add the exclusions? Or is it necessary to add these in Safe Mode? 

Thanks to both oreonutz and djacobson.

[oreonutz]

3 minutes ago, dwe said:

Will turning off Real-time protection suffice to add the exclusions? Or is it necessary to add these in Safe Mode? 

Thanks to both oreonutz and djacobson.

Yes, as long as the computer is responsive enough to quickly turn off Reat Time Protection, then hurry up and do it. This will prevent another computer "Hang" long enough for you to add exclusions. Then for me what worked was, instead of adding the exclusions and then turning real time protection back on right away, I would restart first, then turn back on real time protection, then restart again. Then I was done. I did this process every time using the exact code I posted above, just copy and pasted that directly into the exclusion window for both "Files and Folders" and "Processes" for MSE or SCEP, and it worked EVERY SINGLE TIME.

If the computer becomes unresponsive then if you can just wait it out, it will usually become responsive within 10 to 15 minutes, and then as soon as it becomes responsive quickly turn off real time protection so that you have time to paste in the exclusions. If you cant wait the 10 or 15 minutes for what ever reason then it is best to force a shut down, then come up under safe mode to add the exclusions. Hope this helps.

[BryanWright]

Our problem is we have 400+ machines. managed through system center, which won't allow us to paste in the whole list at once and doesn't allow 's in the process name. 

I've updated the short names with the correct ~numbers, hoping this works so I don't have to manually update 400 computers.

[oreonutz]

Also, once you add the exclsuions and reboot, the fastest way to test to see if what you did worked is to just run a quick scan with SCEP. If the fix did not work, the computer would lock up on your almost instantly. If you get into the quick scan for more then 2 minutes without a lockup it is fixed. But I promise you, just copying and pasting my code above directly into your exclusions list will work no matter what version you have or what architecture you use.

[oreonutz]

Well That is a bitch. Is there a way for you to test this list on just one computer make sure it works, and then make a policy based on that one computer, so you can push that policy to the other?

[oreonutz]

Also, will it let you paste most of the list? If so I can break it up into groups for you. Here is one broken up into 2 lists. The first is for 64 bit, the second is for 32 bit. See if it will let you paste those list at once for you.

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe;

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamdor.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae-uninstaller.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe; C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe; C:\Program Files\Malwarebytes Anti-Exploit\unins000.exe; C:\Program Files\Malwarebytes' Managed Client\SCComm.exe;