Jump to content
John L. Galt

Micr$oft Edge & Insider Preview Build WIN10

Recommended Posts

4 hours ago, John L. Galt said:

MB is not hijacking anything, Defender has changed with the way it interacts with other software.  This change is programmed by Microsoft, not Malwarebytes.

Furthermore, if you were to install MB 3 on a clean system running build 15048 or newer (and maybe older, might be as far back as 15025) it would ask you about disabling Defender - but when you already have MB 3 installed, it doesn't ask, it just disabled, and that is due to Microsoft's coding, not any (new or old) coding in MB 3. 

This is a relatively recent change, and if you want I can find the exact Insider Preview build that it started happening on over at tenforums.com

Hi John

I haven't tried earlier W10 Insider versions and I don't really care when this started.  15061 is close to what is going to be soon released by Microsoft.

I did install Malwarebytes on a clean system running 15061 and it did not ask permission to disable Defender. I didn't even realise that Defender had been disabled until I was checking a few settings.  Since Defender is my primary defence on Windows 10, I call that hijacking.

Malwarebytes has to mould itself to continuing changes to Windows10.  If Defender has changed the way it interacts with other software, then Malwarebytes install should be fixed so that it asks permission to disable Defender, particularly as Malwarebytes is not an AV.

Share this post


Link to post
Share on other sites

Since when is MB not an AV? First I've ever heard that.

And just a head's up that most all AV's (Kaspersky, Norton, etc.) all shut Defender off because they are considered the primary AV's, not Defender.

 

Share this post


Link to post
Share on other sites
8 minutes ago, Soozy said:

Since when is MB not an AV? First I've ever heard that.

And just a head's up that most all AV's (Kaspersky, Norton, etc.) all shut Defender off because they are considered the primary AV's, not Defender.

 

MB doesn't work like a traditional signature based AV, as stated in the link below - it doesn't have a protection layer called Virus protection.  Although it is boldly claimed that it can replace the traditional AV, it is still designed to run alongside traditional AVs.

So in that case it shouldn't register itself with Action Centre such that Defender shuts down without permission.

Yes, I understand that Kaspersky etc AVs shut off Defender - to me, that would be expected, since you are installing a new AV and shouldn't have more than one operational

https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/

Share this post


Link to post
Share on other sites
20 hours ago, John A said:

Hi John

I haven't tried earlier W10 Insider versions and I don't really care when this started.  15061 is close to what is going to be soon released by Microsoft.

I did install Malwarebytes on a clean system running 15061 and it did not ask permission to disable Defender. I didn't even realise that Defender had been disabled until I was checking a few settings.  Since Defender is my primary defence on Windows 10, I call that hijacking.

Malwarebytes has to mould itself to continuing changes to Windows10.  If Defender has changed the way it interacts with other software, then Malwarebytes install should be fixed so that it asks permission to disable Defender, particularly as Malwarebytes is not an AV.

Then perhaps you should go back and read this topic from December.

 

 

Share this post


Link to post
Share on other sites
On 3/18/2017 at 7:11 PM, John A said:

Yes, but there is no indication that Defender has been turned off unless you actually open it up and have a look.  In my case I want Defender on so I have changed the setting in MB and turned Defender back on again. 

MB should ask permission to do this, not just hijack the AV. 

Hi John A.  Going back to your earlier comment, with something as important as your A/V, why not have the icon show in the taskbar so you don't need to go searching?  (Go to Settings > Personalization > Taskbar.  Scroll down to "Notification area" and click "Select which icons appear on the taskbar".  That way if the Windows Defender is on the taskbar, you'll know to investigate.  I always glance there before launching the browser to make sure both WD and MBAM are showing.

Edited by Corrine

Share this post


Link to post
Share on other sites
3 hours ago, John L. Galt said:

Then perhaps you should go back and read this topic from December.

I had seen that thread, but it relates to an earlier version of Windows.

Share this post


Link to post
Share on other sites
2 hours ago, Corrine said:

Hi John A.  Going back to your earlier comment, with something as important as your A/V, why not have the icon show in the taskbar so you don't need to go searching?  (Go to Settings > Personalization > Taskbar.  Scroll down to "Notification area" and click "Select which icons appear on the taskbar".  That way if the Windows Defender is on the taskbar, you'll know to investigate.  I always glance there before launching the browser to make sure both WD and MBAM are showing.

Hi Corrine

In 15061, the (now called) "Defender Security Centre "icon still appears even if Defender has been turned off by another AV.  Only when it is open do I see that Defender was disabled and that MB had taken its place.

Share this post


Link to post
Share on other sites

I forgot about that change.  That wasn't the case with the Insider Builds when Malwarebytes version 3 was released. 

Share this post


Link to post
Share on other sites
22 hours ago, John A said:

I had seen that thread, but it relates to an earlier version of Windows.

But it relates to the exact same behavior, with an explanation on why it occurs, and how to fix it so MB 3 doesn't force Windows to disable Defender.

The same still applies now.

Share this post


Link to post
Share on other sites

To what Soozy described, about the protections status after a new insider build is applied, just observed that after completion of setup of build 15063.

This time malware protection happened to show as not on.   Here is what to do in two easy steps.

Right click the Malwarebytes icon on taskbar ( notfication area) and select QUIT to exit the program and services.

Then restart the program from either Start menu or the desktop shortcut.

 

Share this post


Link to post
Share on other sites
1 hour ago, John L. Galt said:

But it relates to the exact same behavior, with an explanation on why it occurs, and how to fix it so MB 3 doesn't force Windows to disable Defender.

The same still applies now.

I am personally not concerned because I can easily fix it.  But I am thinking of the many people out there who wouldn't even know this has happened.

Share this post


Link to post
Share on other sites
The recently published “DoubleAgent” attack was disclosed by Cybellum to Malwarebytes on January 20th, 2017. We were already aware of the issue at the time and were working on measures to improve the self-protection mechanism in our product to protect against this attack vector. We released a fix for this in late February.
 
The vulnerability used in the attack is not specific to anti-malware software, it affects any Windows application that does not have the appropriate protections in place. Furthermore, the vulnerability requires the attacker to have local administrative privileges on the target machine.
 
Using non-admin-level  login account is something I encourage, as does our colleague Corrine.  ^_^
Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login.  Just use the new Standard-user-level one for everyday use while on the internet.
 

Share this post


Link to post
Share on other sites
42 minutes ago, Soozy said:

Just a head's up. Microsoft started releasing Redstone 3 today

with build 16170.

Have you installed it and how does MBAM work?  I am hesitant with stable RS2 now to move back to Fast ring.  LOL

Share this post


Link to post
Share on other sites

So far all is OK.  Will have to test to see if protections are all ON with a restart.

But that only happens after the 1st reboot after a new build.

Share this post


Link to post
Share on other sites

I have no issues on my physical laptop with 16170 and MB 3 either.

I'm going to test a bit further in a VM here shortly, should have no issues with that either, but to make things a bit simpler, on the laptop I actually disabled MB 3 before initiating the WU check for the new IP build.  So, I can only (currently) say that MB 3 has no issues running on 16170, but not whether or not it poses an issue when running during the update itself (I'm guessing it won't, as Micro$oft has streamlined the update process really well, to the point now that, with my nice fat downpipe, I'm up and running in less than 40 minutes from the time I initiate the WU check on my desktop, which is running dual gigabit Ethernet wired connections, and in under an hour on my laptop, which is running wirelessly on a 5 GHz 803.11 N connection.

I've currently opted out of running MB 3 on my desktop, which is a glorified gaming machine as well as the host for my VMs (not concurrently, of course :p).  For a while there, there was simply too much getting in the way, and now , well, I do all my stuff with bit-by-bit images ready to restore in case anything gets in the way.  So, the laptop keeps MB3 running as well as 2 test VMs, whereas this machine does not.

Edited by John L. Galt

Share this post


Link to post
Share on other sites
6 minutes ago, John L. Galt said:

from 15063 to 16170?  awesome.  Thanks!

I also didn't disable MB and had no issue going from 15063 to 16170.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.