pbust

Malwarebytes 3 - Frequently Asked Questions

7 posts in this topic

ID: 1   Posted (edited)

Please see below for the main questions and answers about the new Malwarebytes 3.

If you have any questions that are not covered please post them in this sub-forum and we'll incorporate them in the FAQ for future reference.

If you have questions about Malwarebytes Anti-Malware version 2.x, please view our FAQ here: https://forums.malwarebytes.com/topic/187842-malwarebytes-anti-malware-v2x-faq/

 

 

Edited by celee
Added exclusions list topic

Share this post


Link to post
Share on other sites

ID: 2   Posted (edited)

New in Malwarebytes 3.0

What new features are in Malwarebytes 3.0?
Malwarebytes 3.0 combines all of our malware-fighting technology—anti-malware, anti-ransomware, anti-exploit, and malicious website protection—into one program that scans 4x faster than previous versions of Malwarebytes Anti-Malware. It’s the strongest, most comprehensive Malwarebytes protection ever. This is the successor to replace and improve upon our flagship product, Malwarebytes Anti-Malware.

 

What are the official names of the Malwarebytes 3.0 products?
“Malwarebytes 3.0” is the official name of the product, replacing the “Malwarebytes Anti-Malware” and “Malwarebytes Anti-Exploit” products. Malwarebytes 3.0 comes in Premium, Trial and Free mode.  “Premium” indicates that the user has a paid subscription. “Trial” mode indicates that that a Premium Trial is in progress, and “Free” mode indicates that only the unpaid features are enabled.

 

Is there still a FREE Malwarebytes? What will it include?
Yes! We still firmly believe that everyone has a fundamental right to a malware-free existence, and that’s not changing. Malwarebytes 3.0 Free will have the same capabilities as Malwarebytes Anti-Malware Free, but with a 3x to 4x scan speed improvement.

 

Which Operating Systems does Malwarebytes 3.0 support?
We continue to support all versions from Windows XP to the latest Windows 10. Our Anti-Ransomware technology is only enabled on Windows 7 or higher.

Edited by pbust

Share this post


Link to post
Share on other sites

ID: 3   Posted (edited)

Upgrading to Malwarebytes 3.0

I already have a subscription to Malwarebytes Anti-Malware Premium. How much do I have to pay for Malwarebytes 3.0?
Existing subscribers won’t have to pay anything extra. Even though Malwarebytes 3.0 will sell for $39.99, all of our existing customers will keep their original price. So if your subscription is currently $24.95, it will remain at that price while your subscription remains active, and you can get Malwarebytes 3.0 Premium without having to pay anything extra. Your existing license key will work automatically with Malwarebytes 3.0 Premium.

 

How can I install Malwarebytes 3.0 if I already have Anti-Malware, Anti-Exploit or Anti-Ransomware installed?
You can simply download and run the installer. Malwarebytes 3.0 will automatically remove the old stand-alone Anti-Malware, Anti-Exploit and Anti-Ransomware and upgrade them all to Malwarebytes 3.0, migrating the license key accordingly.

 

I have a Malwarebytes Anti-Malware lifetime license. Will it work for Malwarebytes 3.0 Premium?
Yes! Malwarebytes 3.0 can simply be installed on top of Malwarebytes Anti-Malware, and a lifetime license will automatically apply to Malwarebytes 3.0 Premium.

 

Can Malwarebytes 3.0 run alongside Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit or Anti-ransomware Beta?
No--there is no need for users to install the Malwarebytes stand-alone applications, and Malwarebytes 3.0 will automatically uninstall MBAM, MBAE and the Anti-ransomware Beta before upgrade.

 

What if I decide not to upgrade to Malwarebytes 3.0?
Per our new Lifecycle Policy that will go into effect on the Malwarebytes 3.0 GA date, Consumer versions of Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit will reach End of Sale and End of Maintenance as of the Malwarebytes 3.0 GA date.  This means we will no longer sell or renew these versions, and we are not planning to release any more software updates. Technical support will be limited to supporting existing functionality as of that date. End of Life for these versions will be exactly 6 months from the Malwarebytes 3.0 GA date. Users may choose not to upgrade and continue to use older versions after the End of Life date if they wish, but they do so at their own risk, since we can’t guarantee that ongoing protection updates will be available. Please see malwarebytes.com/support/lifecycle for more details.

 

If I stay on MBAM 2.2.1 how long will I continue to receive protection updates?
As stated right above and per our Home Products Lifecycle Policy after a product has reached End of Life ongoing protection updates are not guaranteed. Though MBAM 2.x and 1.x for Home Users have reached End of Life there is no firm date when we will shut off protection updates (aka definition files) and we plan to continue providing them to these legacy versions as usual for the near term. However, it is important to note that the Malwarebytes 3 engine supports newer, more efficient and more advanced detection techniques and rule syntax not available in the MBAM 2.x and 1.x engines. This means that going forward there will be certain types of rules provided for 3.x that will have no equivalent in the legacy versions. The overall protective capability of 3.x will continue to grow as we add even more 3.x-specific rules over time, causing the gap between what 3.x and 2.x/1.x detects and protects against to widen. As such, we strongly recommended that you consider upgrading to Malwarebytes 3.

 

I have tried Malwarebytes 3.0 but want to go back to MBAM 2.2.1
If for whatever reason you want to downgrade to MBAM 2.2.1 and wait for a new version of 3.0, you can do so easily. Simply uninstall Malwarebytes 3.0, reboot and then download and install MBAM 2.2.1 from here.

 

 

Edited by bdubrow
Added new item on protection updates to legacy versions

Share this post


Link to post
Share on other sites

ID: 4   Posted (edited)

Pricing

What will be the price for a Malwarebytes 3.0 Premium license, and how many PCs will it cover?
The price for new purchases of Malwarebytes 3.0 Premium is $39.99/year for 1 PC. 

 

What is the Malwarebytes 3.0 Premium price for existing Malwarebytes Anti-Malware or Malwarebytes Anti-Exploit customers?
Existing Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit customers will be automatically entitled to a free upgrade to Malwarebytes 3.0 and will keep their existing subscription price (typically $24.95) for as long as they keep their subscription active.

Edited by pbust

Share this post


Link to post
Share on other sites

ID: 5   Posted (edited)

Antivirus Replacement

What is an antivirus replacement, and how can Malwarebytes 3.0 replace my antivirus?
Antivirus replacements utilize signature-less and behavior-based detection technologies to catch the latest and most relevant threats, as opposed to anti-virus programs that rely on large databases of signatures that can quickly become outdated and are typically ineffective against many modern threats. In combination, all of our technologies can replace antivirus if a customer wishes to do so. Over 50% of our home user customers have already replaced their Symantec, McAfee, etc. with Malwarebytes Anti-Malware Premium. We believe in layered defense and built Malwarebytes 3.0 Premium to provide the right mix of proactive and signature-less technologies to combat modern threats and zero-day malware. The combination of our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies provides better coverage against modern and zero-day threats than the traditional antivirus companies that charge more for less effective protection.

Traditional antivirus vendors have struggled to keep pace with rapidly-changing malware, especially ransomware and data breaches where 0-hour protection has become the only meaningfully-relevant protection. In today’s modern threat world, where professional malware writers make their living engineering new ways to bypass protection, it is more important than ever to utilize signature-less technology and layered security to provide the greatest possible chance of defense. It is just as important to provide comprehensive remediation capabilities to clean up active malware when all else fails.

Prior to Malwarebytes 3.0, our software was intended to be layered together with a traditional antivirus. Malwarebytes 1.x and 2.x contained only two primary layers of defense (Malware Protection and Website Protection) plus remediation, none of which is fully signature-less. But in Malwarebytes 3.0, with the addition of the three signature-less anti-exploit layers and the signature-less anti-ransomware layer, Malwarebytes defense against real-world threats has finally surpassed that of the traditional AVs.

We didn’t originally expect to draw this conclusion. But after we developed the anti-exploit, anti-ransomware, and other Application Behavioral Protection technology in Malwarebytes 3.0, our researchers tested our performance against the full landscape of real-world threats and found we offered our users more comprehensive protection at a better price with Malwarebytes 3.0 than by recommending you buy a separate traditional AV. So we did it.

For our users who do prefer to continue using a traditional antivirus alongside Malwarebytes, by all means please continue to do so. Malwarebytes will always maintain compatibility with all major security software on the market, both free and paid. In particular, Microsoft’s traditional antivirus Windows Defender is included by default and for free with Windows 8 and 10, and is a useful additional layer alongside Malwarebytes 3.0.

So in summary, our recommendations are:

  • If you would prefer to use only one security product, choose Malwarebytes 3.0 Premium. Based on our testing, Malwarebytes 3.0 alone provides excellent protection against today’s threat landscape.
  • If you would prefer to pay for only one security product, choose Malwarebytes 3.0 Premium and add a free traditional antivirus like Windows Defender (pre-installed for free in Windows 8 and 10). Malwarebytes installs alongside Windows Defender by default, so this is the default configuration in Windows 8 and 10.
  • If you would prefer to pay for two security products, by all means feel free to do so. Malwarebytes is compatible with all major security products on the market.

 

Can Malwarebytes 3.0 run alongside Symantec or McAfee?
Certainly! We built Malwarebytes 3.0 to be compatible with all major anti-virus software, even Windows Defender and Microsoft Security Essentials. In fact by default Malwarebytes 3.0 installs in compatible mode alongside Defender, MSE or third-party antivirus products.

 

Since Malwarebytes 3.0 Premium can be considered an anti-virus replacement, will it register itself in Windows Security Center in order for Windows to recognize it as security software?
We have designed an innovative approach that allows us to run both as a recognized and certified/compliant primary line of defense as well as a layered or complement to other third-party security applications. Malwarebytes 3.0 Premium will only register in Windows Security Center if there is a third-party anti-virus program registered (i.e. a non-Microsoft anti-virus program). If there is only a Microsoft antivirus registered and active, we will not register in Windows Security Center in order to preserve the benefit of layered security. If desired, users will be able to go into Malwarebytes 3.0 Premium Settings and change this behavior to force Malwarebytes 3.0 Premium to either “always register” or “never register”.

 

Since Malwarebytes 3.0 Premium can be considered an anti-virus replacement, does it include a Firewall?
Ever since Windows Vista the built-in Windows Firewall is strong enough from a security perspective. In fact, after Windows 7 SP1 many leading AV vendors dropped their proprietary firewall in favor of the built-in firewall with a UI front-end. At Malwarebytes we don't provide a UI front-end to the Windows Firewall, but we have been relying on the Windows Filtering Protocol (WFP) for our IP and domain blocking protection layer for years. Therefore for modern Operating Systems (i.e. Windows 7 and beyond) we don't recommend or require the use of a third-party firewall.

 

How to test Malwarebytes 3.0
It is important to measure how security products perform against real-world malware under real-world conditions. Traditionally, industry test organizations gather malware that is often 3+ months old, drop it in a folder on the desktop, and right-click it and scan. A modern test organization might actually try to execute some malware to see if it is blocked behaviorally, or download some malware from a static website to see if the download is blocked.  But unfortunately, most testers today do not take live malware less than 24 hours old, replicate the infection vector in its original context (exploit-driven or spam), and evaluate how well vendors do then. Admittedly, such a test can be time-consuming to conduct, but it is also far more real-world relevant, a better representation of the dangers that real-world users face.

For exploit and drive-by download testing in particular, the challenge is compounded because exploit kit writers actively try to detect test machines.  If detected, they often will decline to infect. Exploit kit writers err on the side of paranoia, so setting up an effective exploit testing rig can be challenging, and a mistake can lead to a tester’s IP being blacklisted.

Some of the ways exploit kit writers detect test machines are by looking for signs of known virtualization (VirtualBox or VMware Tools installed, or timing attacks), an absence of everyday applications installed, or the presence of known testing tools (Fiddler, Wireshark).  Exploit kits also tend to trigger only if the HTTP referrer looks like it comes from a real-world source (Google, Bing), and only once for each public IP address. These restrictions have made it much more difficult to test effectively.

Malwarebytes is currently developing a hosted testing environment to make it as easy as possible to perform a real-world valid evaluation of Malwarebytes and other security software products. In the meanwhile, detailed instructions for how to set up a valid test are available at https://malwarebytes.box.com/s/ct1xck9f7hphaeuj9nbhq9xxt4ayd6tk

Exploit attacks should be replayed using packet captures from Wireshark (.pcap) or Fiddler (.saz).  Exploit captures for testing can be obtained from Malwarebytes (https://blog.malwarebytes.com/malwarebytes-anti-exploit-itw), or from a third-party source like VirusTotal (https://virustotal.com/intelligence) using search terms like type:”pcap”, tag:”cap”, or tag:”exploit-kit”.  Other third-party capture sources are listed in the instructions document above.

Spam, social engineering, or spear-phishing attacks or payloads should be executed or triggered directly from an email client or webmail interface, as a real user would do.

 

Why doesn’t Malwarebytes detect EICAR?

According to the European Expert Group for IT-Security (EICAR) organization, the EICAR test file is a plain string of ASCII characters which can be opened with a regular text editor. EICAR asserts that antivirus products should detect any file that starts with the EICAR strings, which are the following 68 characters:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Detecting the EICAR strings doesn’t mean anything in terms of proving a products’ real-world effectiveness against threats. This experiment merely proves that the antivirus product can use a pattern-matching signature and trigger against a DOS file (not a Windows PE file) whose content starts with the above EICAR string.

At Malwarebytes we employ over 7 different technological layers of prevention and remediation. Each layer has a specific purpose in terms of disrupting threats at different stages of the attack chain (exploit mitigation, ransomware behavior monitoring, application control, application hardening, web protection, payload analysis, machine learning, etc.). Each layer specializes in protecting against specific attack vectors and consists of a collection of approaches and techniques. The layers are designed to protect against the real-world threats our researchers observe ensuring, Malwarebytes is relevant day in and day out.

Our Malwarebytes Anti-Malware (MBAM) engine, scans files on disk. We focus on PE files (executable files, modules, etc.). Our Linking Remediation engine remediates all artifacts, regardless of whether they are PE files or not. Our anti-exploit and application control engines, focus on disrupting JIT heap-spray attacks, file-less memory attacks, script-based attacks, macros, java exploits, etc.

The EICAR string, is just a non-executable file which is just a small number of characters. The detection or lack thereof is not representative of how our different vector blocking and payload prevention techniques work, both in pre-execution and post-execution phases of the attack. The MBAM engine does not care about scripts because our anti-exploit, web blocking and application control engines are much more effective at disrupting script-based malware and exploits without relying on signatures. Most modern script-based downloaders and attacks are obfuscated anyways, so using signatures on scripts (like those signature detections for .JS ransomware downloaders regularly found in VT) is largely useless and easily bypassed as compared to other protection approaches like those found in MB3.

An EICAR detection proves that a product is able to use pattern-matching signatures and detect a type of threat that may have been prevalent and relevant over 2 decades ago. This level of sophistication would be similar to creating a batch file that reads in another file and displays an “alert” message if it finds the EICAR string while parsing the other Clearly, this does not make your batch file an anti-virus.

So in summary, MB3 already incorporates world-class, next-generation anti-malware technologies. Our approach is far more effective than using AV signatures. Malwarebytes is able to detect and prevent 0-minute relevant and prevalent threats. We won’t detect EICAR because EICAR is not representative of any modern approaches in today’s threat environment.

 

 

 

Edited by pbust

Share this post


Link to post
Share on other sites

ID: 6   Posted (edited)

Existing Subscriptions

I have a Malwarebytes Anti-Malware Premium or Malwarebytes Anti-Exploit Premium subscription. Will I get Malwarebytes 3.0 Premium subscription automatically?
Yes. If you have an existing Malwarebytes Anti-Malware or Malwarebytes Anti- Exploit subscription, your subscription will be migrated to Malwarebytes 3.0 Premium automatically at no extra charge.

 

What will happen if I have both Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium subscriptions?
If you have both Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit, you will now have 2 Malwarebytes 3.0 subscriptions. If you don’t want the extra subscription, you can give it away to friends or family, or choose not to renew when you subscription term is up.

 

I'm a business customer and I want Malwarebytes 3.0! When can I get it?
Business customers using un-managed Malwarebytes Anti-Malware standalone can upgrade to Malwarebytes 3.0. The managed Malwarebytes 3.0 will be shipping for business customers by early next year. We’re very excited about some really cool endpoint protection management technologies we have in the pipeline for our business customers.

 

What will happen to Malwarebytes Anti-Exploit Free?
We will continue offering Anti-Exploit as a stand-alone perpetual Beta. This Beta of Anti-Exploit will include all Premium features of Anti-Exploit. New techniques will be added first to the Anti-Exploit Beta before for testing before they are integrated into Malwarebytes 3.0 Premium. Users who wish to continue using Malwarebytes Anti-Exploit only instead of Malwarebytes 3.0 will be able to do so through the use of this perpetual Beta.

 

What will happen to Malwarebytes Anti-Ransomware Beta (Free)?
We will continue offering Anti-Ransomware as a stand-alone perpetual Beta. This Beta of Anti-Ransomware will include all ransomware blocking capabilities. New techniques will be added first to the Anti-Ransomware Beta before for testing before they are integrated into Malwarebytes 3.0 Premium. Users who wish to continue using Anti-Ransomware Beta only instead of Malwarebytes 3.0 will be able to do so through the use of this perpetual Beta.

Edited by pbust

Share this post


Link to post
Share on other sites

ID: 7   Posted (edited)

Malwarebytes 3.0 files to be added to A/V Exclusions List

Some antivirus applications require exclusions to be defined for Malwarebytes Anti-Malware, so that they do not interfere with Malwarebytes operation and vice versa. These are typically referred to as exclusions or ignore list entries. The following is a list of Malwarebytes programs which should be placed on an Exclusion list if required. 

This list is specific to Malwarebytes Anti-Malware 3.x.

Exclude the following folders: (The complete folder)

  • C:\Program Files\Malwarebytes\Anti-Malware
  • C:\ProgramData\Malwarebytes\MBAMService

Exclude the following files:

  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys
  • C:\Windows\system32\Drivers\farflt.sys

For specific steps on how to add these files to your antivirus' exclusion list, you will need to contact your antivirus provider directly for best results.

If you have additional questions or need assistance with this particular scenario, please head to our Malwarebytes 3 Support section and create a new topic or simply click here (note: you need to be signed in to create a new topic)

Edited by celee

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.