Jump to content

Micr$oft Edge & Insider Preview Build WIN10

John L. Galt
 Share

Recommended Posts

John A

John A

Posted
Posted
4 hours ago, John L. Galt said:

MB is not hijacking anything, Defender has changed with the way it interacts with other software.  This change is programmed by Microsoft, not Malwarebytes.

Furthermore, if you were to install MB 3 on a clean system running build 15048 or newer (and maybe older, might be as far back as 15025) it would ask you about disabling Defender - but when you already have MB 3 installed, it doesn't ask, it just disabled, and that is due to Microsoft's coding, not any (new or old) coding in MB 3. 

This is a relatively recent change, and if you want I can find the exact Insider Preview build that it started happening on over at tenforums.com

Hi John

I haven't tried earlier W10 Insider versions and I don't really care when this started.  15061 is close to what is going to be soon released by Microsoft.

I did install Malwarebytes on a clean system running 15061 and it did not ask permission to disable Defender. I didn't even realise that Defender had been disabled until I was checking a few settings.  Since Defender is my primary defence on Windows 10, I call that hijacking.

Malwarebytes has to mould itself to continuing changes to Windows10.  If Defender has changed the way it interacts with other software, then Malwarebytes install should be fixed so that it asks permission to disable Defender, particularly as Malwarebytes is not an AV.

Link to post
Share on other sites
  • Replies 148
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

John A

John A

Posted
Posted
8 minutes ago, Soozy said:

Since when is MB not an AV? First I've ever heard that.

And just a head's up that most all AV's (Kaspersky, Norton, etc.) all shut Defender off because they are considered the primary AV's, not Defender.

 

MB doesn't work like a traditional signature based AV, as stated in the link below - it doesn't have a protection layer called Virus protection.  Although it is boldly claimed that it can replace the traditional AV, it is still designed to run alongside traditional AVs.

So in that case it shouldn't register itself with Action Centre such that Defender shuts down without permission.

Yes, I understand that Kaspersky etc AVs shut off Defender - to me, that would be expected, since you are installing a new AV and shouldn't have more than one operational

https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
  • Author
Posted
20 hours ago, John A said:

Hi John

I haven't tried earlier W10 Insider versions and I don't really care when this started.  15061 is close to what is going to be soon released by Microsoft.

I did install Malwarebytes on a clean system running 15061 and it did not ask permission to disable Defender. I didn't even realise that Defender had been disabled until I was checking a few settings.  Since Defender is my primary defence on Windows 10, I call that hijacking.

Malwarebytes has to mould itself to continuing changes to Windows10.  If Defender has changed the way it interacts with other software, then Malwarebytes install should be fixed so that it asks permission to disable Defender, particularly as Malwarebytes is not an AV.

Then perhaps you should go back and read this topic from December.

 

 

Link to post
Share on other sites
Corrine

Corrine

Posted
Posted (edited)
On 3/18/2017 at 7:11 PM, John A said:

Yes, but there is no indication that Defender has been turned off unless you actually open it up and have a look.  In my case I want Defender on so I have changed the setting in MB and turned Defender back on again. 

MB should ask permission to do this, not just hijack the AV. 

Hi John A.  Going back to your earlier comment, with something as important as your A/V, why not have the icon show in the taskbar so you don't need to go searching?  (Go to Settings > Personalization > Taskbar.  Scroll down to "Notification area" and click "Select which icons appear on the taskbar".  That way if the Windows Defender is on the taskbar, you'll know to investigate.  I always glance there before launching the browser to make sure both WD and MBAM are showing.

Edited by Corrine
Link to post
Share on other sites
John A

John A

Posted
Posted
2 hours ago, Corrine said:

Hi John A.  Going back to your earlier comment, with something as important as your A/V, why not have the icon show in the taskbar so you don't need to go searching?  (Go to Settings > Personalization > Taskbar.  Scroll down to "Notification area" and click "Select which icons appear on the taskbar".  That way if the Windows Defender is on the taskbar, you'll know to investigate.  I always glance there before launching the browser to make sure both WD and MBAM are showing.

Hi Corrine

In 15061, the (now called) "Defender Security Centre "icon still appears even if Defender has been turned off by another AV.  Only when it is open do I see that Defender was disabled and that MB had taken its place.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
  • Author
Posted
22 hours ago, John A said:

I had seen that thread, but it relates to an earlier version of Windows.

But it relates to the exact same behavior, with an explanation on why it occurs, and how to fix it so MB 3 doesn't force Windows to disable Defender.

The same still applies now.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

To what Soozy described, about the protections status after a new insider build is applied, just observed that after completion of setup of build 15063.

This time malware protection happened to show as not on.   Here is what to do in two easy steps.

Right click the Malwarebytes icon on taskbar ( notfication area) and select QUIT to exit the program and services.

Then restart the program from either Start menu or the desktop shortcut.

 

Link to post
Share on other sites
John A

John A

Posted
Posted
1 hour ago, John L. Galt said:

But it relates to the exact same behavior, with an explanation on why it occurs, and how to fix it so MB 3 doesn't force Windows to disable Defender.

The same still applies now.

I am personally not concerned because I can easily fix it.  But I am thinking of the many people out there who wouldn't even know this has happened.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted
The recently published “DoubleAgent” attack was disclosed by Cybellum to Malwarebytes on January 20th, 2017. We were already aware of the issue at the time and were working on measures to improve the self-protection mechanism in our product to protect against this attack vector. We released a fix for this in late February.
 
The vulnerability used in the attack is not specific to anti-malware software, it affects any Windows application that does not have the appropriate protections in place. Furthermore, the vulnerability requires the attacker to have local administrative privileges on the target machine.
 
Using non-admin-level  login account is something I encourage, as does our colleague Corrine.  ^_^
Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login.  Just use the new Standard-user-level one for everyday use while on the internet.
 
Link to post
Share on other sites
  • 2 weeks later...
John L. Galt

John L. Galt

Posted
  • Author
Posted (edited)

I have no issues on my physical laptop with 16170 and MB 3 either.

I'm going to test a bit further in a VM here shortly, should have no issues with that either, but to make things a bit simpler, on the laptop I actually disabled MB 3 before initiating the WU check for the new IP build.  So, I can only (currently) say that MB 3 has no issues running on 16170, but not whether or not it poses an issue when running during the update itself (I'm guessing it won't, as Micro$oft has streamlined the update process really well, to the point now that, with my nice fat downpipe, I'm up and running in less than 40 minutes from the time I initiate the WU check on my desktop, which is running dual gigabit Ethernet wired connections, and in under an hour on my laptop, which is running wirelessly on a 5 GHz 803.11 N connection.

I've currently opted out of running MB 3 on my desktop, which is a glorified gaming machine as well as the host for my VMs (not concurrently, of course :p).  For a while there, there was simply too much getting in the way, and now , well, I do all my stuff with bit-by-bit images ready to restore in case anything gets in the way.  So, the laptop keeps MB3 running as well as 2 test VMs, whereas this machine does not.

Edited by John L. Galt
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.