Jump to content

Malwarebytes 3 - Frequently Asked Questions

Recommended Posts

  • Staff

Please see below for the main questions and answers about the new Malwarebytes 3.

If you have any questions that are not covered please post them in this sub-forum and we'll incorporate them in the FAQ for future reference.

If you have questions about Malwarebytes Anti-Malware version 2.x, please view our FAQ here: https://forums.malwarebytes.com/topic/187842-malwarebytes-anti-malware-v2x-faq/



Edited by Erix
Added legacy OS support topic
Link to post
Share on other sites

  • Staff

New in Malwarebytes 3.0

What new features are in Malwarebytes 3.0?
Malwarebytes 3.0 combines all of our malware-fighting technology—anti-malware, anti-ransomware, anti-exploit, and malicious website protection—into one program that scans 4x faster than previous versions of Malwarebytes Anti-Malware. It’s the strongest, most comprehensive Malwarebytes protection ever. This is the successor to replace and improve upon our flagship product, Malwarebytes Anti-Malware.


What are the official names of the Malwarebytes 3.0 products?
“Malwarebytes 3.0” is the official name of the product, replacing the “Malwarebytes Anti-Malware” and “Malwarebytes Anti-Exploit” products. Malwarebytes 3.0 comes in Premium, Trial and Free mode.  “Premium” indicates that the user has a paid subscription. “Trial” mode indicates that that a Premium Trial is in progress, and “Free” mode indicates that only the unpaid features are enabled.


Is there still a FREE Malwarebytes? What will it include?
Yes! We still firmly believe that everyone has a fundamental right to a malware-free existence, and that’s not changing. Malwarebytes 3.0 Free will have the same capabilities as Malwarebytes Anti-Malware Free, but with a 3x to 4x scan speed improvement.


Which Operating Systems does Malwarebytes 3.0 support?
We continue to support all versions from Windows XP to the latest Windows 10. Our Anti-Ransomware technology is only enabled on Windows 7 or higher.

Edited by pbust
Link to post
Share on other sites

  • Staff

Upgrading to Malwarebytes 3.0

I already have a subscription to Malwarebytes Anti-Malware Premium. How much do I have to pay for Malwarebytes 3.0?
Existing subscribers won’t have to pay anything extra. Even though Malwarebytes 3.0 will sell for $39.99, all of our existing customers will keep their original price. So if your subscription is currently $24.95, it will remain at that price while your subscription remains active, and you can get Malwarebytes 3.0 Premium without having to pay anything extra. Your existing license key will work automatically with Malwarebytes 3.0 Premium.


How can I install Malwarebytes 3.0 if I already have Anti-Malware, Anti-Exploit or Anti-Ransomware installed?
You can simply download and run the installer. Malwarebytes 3.0 will automatically remove the old stand-alone Anti-Malware, Anti-Exploit and Anti-Ransomware and upgrade them all to Malwarebytes 3.0, migrating the license key accordingly.


I have a Malwarebytes Anti-Malware lifetime license. Will it work for Malwarebytes 3.0 Premium?
Yes! Malwarebytes 3.0 can simply be installed on top of Malwarebytes Anti-Malware, and a lifetime license will automatically apply to Malwarebytes 3.0 Premium.


Can Malwarebytes 3.0 run alongside Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit or Anti-ransomware Beta?
No--there is no need for users to install the Malwarebytes stand-alone applications, and Malwarebytes 3.0 will automatically uninstall MBAM, MBAE and the Anti-Ransomware Beta before upgrade.

NOTE: It is actually not possible to run the free version of Malwarebytes 3 and the standalone Anti-Ransomware Beta side-by-side, as they have components in common and are not designed to run in this way.  If you wish to have both Malwarebytes on-demand scanning and Anti-Ransomware then a Premium license is the best option.


What if I decide not to upgrade to Malwarebytes 3.0?
Per our new Lifecycle Policy that will go into effect on the Malwarebytes 3.0 GA date, Consumer versions of Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit will reach End of Sale and End of Maintenance as of the Malwarebytes 3.0 GA date.  This means we will no longer sell or renew these versions, and we are not planning to release any more software updates. Technical support will be limited to supporting existing functionality as of that date. End of Life for these versions will be exactly 6 months from the Malwarebytes 3.0 GA date. Users may choose not to upgrade and continue to use older versions after the End of Life date if they wish, but they do so at their own risk, since we can’t guarantee that ongoing protection updates will be available. Please see malwarebytes.com/support/lifecycle for more details.


If I stay on MBAM 2.2.1 how long will I continue to receive protection updates?
As stated right above and per our Home Products Lifecycle Policy after a product has reached End of Life ongoing protection updates are not guaranteed. Though MBAM 2.x and 1.x for Home Users have reached End of Life there is no firm date when we will shut off protection updates (aka definition files) and we plan to continue providing them to these legacy versions as usual for the near term. However, it is important to note that the Malwarebytes 3 engine supports newer, more efficient and more advanced detection techniques and rule syntax not available in the MBAM 2.x and 1.x engines. This means that going forward there will be certain types of rules provided for 3.x that will have no equivalent in the legacy versions. The overall protective capability of 3.x will continue to grow as we add even more 3.x-specific rules over time, causing the gap between what 3.x and 2.x/1.x detects and protects against to widen. As such, we strongly recommended that you consider upgrading to Malwarebytes 3.


I have tried Malwarebytes 3.0 but want to go back to MBAM 2.2.1
If for whatever reason you want to downgrade to MBAM 2.2.1 and wait for a new version of 3.0, you can do so easily. Simply uninstall Malwarebytes 3.0, reboot and then download and install MBAM 2.2.1 from here.



Edited by bdubrow
Added new item on protection updates to legacy versions
Link to post
Share on other sites

  • Staff


What will be the price for a Malwarebytes 3.0 Premium license, and how many PCs will it cover?
The price for new purchases of Malwarebytes 3.0 Premium is $39.99/year for 1 PC. 


What is the Malwarebytes 3.0 Premium price for existing Malwarebytes Anti-Malware or Malwarebytes Anti-Exploit customers?
Existing Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit customers will be automatically entitled to a free upgrade to Malwarebytes 3.0 and will keep their existing subscription price (typically $24.95) for as long as they keep their subscription active.

Edited by pbust
Link to post
Share on other sites

  • Staff

Third-Party Testing & Antivirus Replacement


I saw a Youtube video some guy recorded claiming that Malwarebytes Anti-Ransomware didn't detect ransomware

In today’s quickly evolving world, revolutionary products are occasionally released, and that is what Malwarebytes Anti-Ransomware is... a game changer in the Anti-Ransomware field. One thing that hasn’t changed though is the methods used to benchmark Security products, and using an old technique on a new product never works with anything. Malwarebytes Anti-Ransomware uses advanced behavior detection that rely on real world scenarios, which is also why it works so well on real machines! In test environments like these, the user doesn’t perform enough “usage” of the machine to constitute what events Ransomware would normally perform, and in exchange changes the events that Malwarebytes Anti-Ransomware would normally detect! One very simple example in thousands of others is the lack of enough variety of files on the machine and lack of a spread out location of said files, this alone changes ransomware's behavior entirely. There are too many of these configuration details to list, and the only way to truly test Malwarebytes Anti-Ransomware properly is to use it on a real machine that has some usage under its belt. It should also be said that Simulators and Custom Ransomware tools to test security products also have the same limitations noted above.

More info on ransomware here: https://www.malwarebytes.com/ransomware/


What is an antivirus replacement, and how can Malwarebytes 3.0 replace my antivirus?
Antivirus replacements utilize signature-less and behavior-based detection technologies to catch the latest and most relevant threats, as opposed to anti-virus programs that rely on large databases of signatures that can quickly become outdated and are typically ineffective against many modern threats. In combination, all of our technologies can replace antivirus if a customer wishes to do so. Over 50% of our home user customers have already replaced their Symantec, McAfee, etc. with Malwarebytes Anti-Malware Premium. We believe in layered defense and built Malwarebytes 3.0 Premium to provide the right mix of proactive and signature-less technologies to combat modern threats and zero-day malware. The combination of our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies provides better coverage against modern and zero-day threats than the traditional antivirus companies that charge more for less effective protection.

Traditional antivirus vendors have struggled to keep pace with rapidly-changing malware, especially ransomware and data breaches where 0-hour protection has become the only meaningfully-relevant protection. In today’s modern threat world, where professional malware writers make their living engineering new ways to bypass protection, it is more important than ever to utilize signature-less technology and layered security to provide the greatest possible chance of defense. It is just as important to provide comprehensive remediation capabilities to clean up active malware when all else fails.

Prior to Malwarebytes 3.0, our software was intended to be layered together with a traditional antivirus. Malwarebytes 1.x and 2.x contained only two primary layers of defense (Malware Protection and Website Protection) plus remediation, none of which is fully signature-less. But in Malwarebytes 3.0, with the addition of the three signature-less anti-exploit layers and the signature-less anti-ransomware layer, Malwarebytes defense against real-world threats has finally surpassed that of the traditional AVs.

We didn’t originally expect to draw this conclusion. But after we developed the anti-exploit, anti-ransomware, and other Application Behavioral Protection technology in Malwarebytes 3.0, our researchers tested our performance against the full landscape of real-world threats and found we offered our users more comprehensive protection at a better price with Malwarebytes 3.0 than by recommending you buy a separate traditional AV. So we did it.

For our users who do prefer to continue using a traditional antivirus alongside Malwarebytes, by all means please continue to do so. Malwarebytes will always maintain compatibility with all major security software on the market, both free and paid. In particular, Microsoft’s traditional antivirus Windows Defender is included by default and for free with Windows 8 and 10, and is a useful additional layer alongside Malwarebytes 3.0.

More info here: https://www.malwarebytes.com/malware/

So in summary, our recommendations are:

  • If you would prefer to use only one security product, choose Malwarebytes 3.0 Premium. Based on our testing, Malwarebytes 3.0 alone provides excellent protection against today’s threat landscape.
  • If you would prefer to pay for only one security product, choose Malwarebytes 3.0 Premium and add a free traditional antivirus like Windows Defender (pre-installed for free in Windows 8 and 10). Malwarebytes installs alongside Windows Defender by default, so this is the default configuration in Windows 8 and 10.
  • If you would prefer to pay for two security products, by all means feel free to do so. Malwarebytes is compatible with all major security products on the market.


Can Malwarebytes 3.0 run alongside Symantec or McAfee?
Certainly! We built Malwarebytes 3.0 to be compatible with all major anti-virus software, even Windows Defender and Microsoft Security Essentials. In fact by default Malwarebytes 3.0 installs in compatible mode alongside Defender, MSE or third-party antivirus products.


Since Malwarebytes 3.0 Premium can be considered an anti-virus replacement, will it register itself in Windows Security Center in order for Windows to recognize it as security software?
We have designed an innovative approach that allows us to run both as a recognized and certified/compliant primary line of defense as well as a layered or complement to other third-party security applications. Malwarebytes 3.0 Premium will only register in Windows Security Center if there is a third-party anti-virus program registered (i.e. a non-Microsoft anti-virus program). If there is only a Microsoft antivirus registered and active, we will not register in Windows Security Center in order to preserve the benefit of layered security. If desired, users will be able to go into Malwarebytes 3.0 Premium Settings and change this behavior to force Malwarebytes 3.0 Premium to either “always register” or “never register”.


Since Malwarebytes 3.0 Premium can be considered an anti-virus replacement, does it include a Firewall?
Ever since Windows Vista the built-in Windows Firewall is strong enough from a security perspective. In fact, after Windows 7 SP1 many leading AV vendors dropped their proprietary firewall in favor of the built-in firewall with a UI front-end. At Malwarebytes we don't provide a UI front-end to the Windows Firewall, but we have been relying on the Windows Filtering Protocol (WFP) for our IP and domain blocking protection layer for years. Therefore for modern Operating Systems (i.e. Windows 7 and beyond) we don't recommend or require the use of a third-party firewall.


How to test Malwarebytes 3.0
It is important to measure how security products perform against real-world malware under real-world conditions. Traditionally, industry test organizations gather malware that is often 3+ months old, drop it in a folder on the desktop, and right-click it and scan. A modern test organization might actually try to execute some malware to see if it is blocked behaviorally, or download some malware from a static website to see if the download is blocked.  But unfortunately, most testers today do not take live malware less than 24 hours old, replicate the infection vector in its original context (exploit-driven or malspam), and evaluate how well vendors detect and block the original infection vector and 0-day threat. Admittedly, such a test can be time-consuming to conduct, but it is also far more real-world relevant, a better representation of the dangers that real-world users face.

For exploit and drive-by download testing in particular, the challenge is compounded because exploit kit writers actively try to fingerprint tester machines to avoid running in those environments.  If a lab machine is fingerprinted by a threat, they often will decline to infect. Exploit kit writers err on the side of paranoia, so setting up an effective exploit testing rig is very challenging, and a mistake can lead to a tester’s IP being blacklisted or the malware not running at all in the lab machine.

Some of the ways exploit kit writers detect lab machines are by looking for signs of known virtualization (VirtualBox or VMware Tools installed, or timing attacks), an absence of everyday applications installed, or the presence of known testing tools (Fiddler, Wireshark).  Exploit kits also tend to trigger only if the HTTP referrer looks like it comes from a real-world source (Google, Bing), and only once for each public IP address. These restrictions have made it much more difficult to test effectively.

Detailed instructions for how to set up a valid test lab are available at https://malwarebytes.box.com/s/ct1xck9f7hphaeuj9nbhq9xxt4ayd6tk

Exploit attacks should be replayed using packet captures from Wireshark (.pcap) or Fiddler (.saz).  Exploit captures for testing can be obtained from Malwarebytes (https://blog.malwarebytes.com/malwarebytes-anti-exploit-itw), or from a third-party source like VirusTotal Intelligence using search terms like type:”pcap”, tag:”cap”, or tag:”exploit-kit”.  Other third-party capture sources are listed in the instructions document above.

Malspam, social engineering, or spear-phishing attacks or payloads should be executed or triggered directly from an email client or webmail interface, as a real user would do.

It should be noted that most of the leading third-party testing organizations who belong to the Anti-Malware Testing Standards Organization (AMTSO) do not test by replaying exploits, and the few ones that do, only do so for a few set of samples because of the difficulty of exploit testing. The vast majority of third-party scoring is done by scanning files on disk and executing them, without replicating the infection vector.


Why doesn’t Malwarebytes detect EICAR?

According to the European Expert Group for IT-Security (EICAR) organization, the EICAR test file is a plain string of ASCII characters which can be opened with a regular text editor. EICAR asserts that antivirus products should detect any file that starts with the EICAR strings, which are the following 68 characters:


Detecting the EICAR strings doesn’t mean anything in terms of proving a products’ real-world effectiveness against threats. This experiment merely proves that the antivirus product can use a pattern-matching signature and trigger against a DOS file (not a Windows PE file) whose content starts with the above EICAR string.

At Malwarebytes we employ over 7 different prevention layers. Each layer has a specific objective in terms of disrupting threats at different stages of the attack chain. Most layers are signature-less and are designed to protect against the real-world threats our researchers observe in-the-wild, ensuring Malwarebytes customers are protected against prevalent and relevant threats.

The detection or lack thereof of the EICAR test file is not representative of how our different vector blocking and payload prevention techniques work, both in pre-execution and post-execution phases of the attack. The MBAM engine does not need to deal with scripts because our anti-exploit, web blocking and application behavior engines are much more effective at disrupting script-based malware and exploits without relying on signatures. Most anti-virus products have to rely on signatures to detect and block script malware, which is exactly what you DON'T WANT your antivirus to do. There are many more obfuscation and signature evasion techniques available for script droppers than there are for binary malware. Therefore relying on signatures to detect script droppers or files like the EICAR test file, is actually damaging to your security. The fact that your security product detects EICAR with a signature should be a reason for CONCERN instead of success. Most modern script-based droppers and attacks are obfuscated anyways, so using signatures on scripts (like those signature detections for .JS ransomware droppers regularly found in VT) is largely useless and easily bypassed as compared to other protection approaches like those found in MB3.

An EICAR detection proves that a product is able to use pattern-matching signatures and detect a type of threat that may have been prevalent and relevant over 2 decades ago. According to EICAR, a batch file that reads in another file and displays an “alert” message if it finds the EICAR string would qualify as a virus detection product.

So in summary, MB3 already incorporates world-class, next-generation anti-malware technologies. Our combination of signature-less and rules-based layered approach is far more effective than using AV signatures. Malwarebytes is able to prevent 0-minute threats and attacks without updates, even script-based, file-less, and other advanced attacks . We won’t detect EICAR because EICAR is not representative of either today’s threat environment or security needs.

Edited by celee
Added more info links
Link to post
Share on other sites

  • Staff

Existing Subscriptions

I have a Malwarebytes Anti-Malware Premium or Malwarebytes Anti-Exploit Premium subscription. Will I get Malwarebytes 3.0 Premium subscription automatically?
Yes. If you have an existing Malwarebytes Anti-Malware or Malwarebytes Anti- Exploit subscription, your subscription will be migrated to Malwarebytes 3.0 Premium automatically at no extra charge.


What will happen if I have both Malwarebytes Anti-Malware Premium and Malwarebytes Anti-Exploit Premium subscriptions?
If you have both Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit, you will now have 2 Malwarebytes 3.0 subscriptions. If you don’t want the extra subscription, you can give it away to friends or family, or choose not to renew when you subscription term is up.


I'm a business customer and I want Malwarebytes 3.0! When can I get it?
Business customers using un-managed Malwarebytes Anti-Malware standalone can upgrade to Malwarebytes 3.0. The managed Malwarebytes 3.0 will be shipping for business customers by early next year. We’re very excited about some really cool endpoint protection management technologies we have in the pipeline for our business customers.


What will happen to Malwarebytes Anti-Exploit Free?
We will continue offering Anti-Exploit as a stand-alone perpetual Beta. This Beta of Anti-Exploit will include all Premium features of Anti-Exploit. New techniques will be added first to the Anti-Exploit Beta before for testing before they are integrated into Malwarebytes 3.0 Premium. Users who wish to continue using Malwarebytes Anti-Exploit only instead of Malwarebytes 3.0 will be able to do so through the use of this perpetual Beta.


What will happen to Malwarebytes Anti-Ransomware Beta (Free)?
We will continue offering Anti-Ransomware as a stand-alone perpetual Beta. This Beta of Anti-Ransomware will include all ransomware blocking capabilities. New techniques will be added first to the Anti-Ransomware Beta before for testing before they are integrated into Malwarebytes 3.0 Premium. Users who wish to continue using Anti-Ransomware Beta only instead of Malwarebytes 3.0 will be able to do so through the use of this perpetual Beta.

Edited by pbust
Link to post
Share on other sites

  • 4 weeks later...
  • Administrators

Malwarebytes 3.0 files to be added to AV Exclusions List

Some antivirus applications require exclusions to be defined for Malwarebytes Anti-Malware, so that they do not interfere with Malwarebytes operation and vice versa. These are typically referred to as exclusions or ignore list entries. The following is a list of Malwarebytes programs which should be placed on an Exclusion list if required. 

This list is specific to Malwarebytes Anti-Malware 3.x.

Exclude the following folders: (The complete folder)

  • C:\Program Files\Malwarebytes\Anti-Malware
  • C:\ProgramData\Malwarebytes\MBAMService

Exclude the following files:

  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys
  • C:\Windows\system32\Drivers\farflt.sys

For specific steps on how to add these files to your antivirus' exclusion list, you will need to contact your antivirus provider directly for best results.

If you have additional questions or need assistance with this particular scenario, please head to our Malwarebytes 3 Support section and create a new topic or simply click here (note: you need to be signed in to create a new topic)

Edited by pbust
Link to post
Share on other sites

  • 8 months later...

Malwarebytes support for legacy Windows XP and Vista Operating Systems

Malwarebytes 3.5.1 build 2522 component package 1.0.365, will continue to support legacy Windows XP and Windows Vista at the same level as we had with earlier 3.x releases. In order for Malwarebytes to better support these legacy operating systems we’ve designed Malwarebytes 3.5 with special compatibility features to allow on-going protection updates and other maintenance upgrades via a separate development track.

Malwarebytes does not recommend running operating systems that Microsoft no longer supports. We strongly recommend that you consider upgrading your legacy operating systems due to the risk from exploits and other threats. However, we recognize that some customers have reasons to continue working with legacy systems so Malwarebytes wants to continue providing support for these legacy platforms for as long as possible. 

Users running Malwarebytes 3.5 on Windows XP and Vista will continue to receive on-going protection updates to keep safe from the latest infections. However these operating systems will no longer receive program upgrades, such as component packages or newer program versions, for new features. Malwarebytes will continue to release bug fixes, stability improvements, and other upgrades for the XP and Vista platforms on an as needed basis.

You may download the latest available version for XP and Vista by clicking here.

For further details, please view the official Malwarebytes Lifecycle Policy:  


Edited by bdubrow
Added download link for latest installer for legacy OSes
  • Like 1
Link to post
Share on other sites

Malwarebytes support for Windows 7

As Microsoft has announced its Support for Windows 7 will be ending Jan 2020, we are frequently asked about Malwarebytes supporting Windows 7.

Even though Malwarebytes does not recommend running operating systems that Microsoft no longer supports, we have no current plans of ending, or phasing out in any form our support for Windows 7. This means that going forward, and until further notice, we will continue to support Windows 7 as we have up to this point.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Erix unpinned this topic
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.