Jump to content

Recommended Posts

Hi,

is it possible to install MBAR to windows servers? if yes, which server will this support all the win servers or selected versions.

Share this post


Link to post
Share on other sites

No.  Client operating systems only (Windows 7, 8.x, 10).

Share this post


Link to post
Share on other sites

MBAR is a self extracting tool, Malwarebytes Anti-Rootkit scanner, it does not install. Do you mean MBARW, Malwarebytes Anti-Ransomware?

Edited by djacobson

Share this post


Link to post
Share on other sites

Please read my response.  The answer is no.

Share this post


Link to post
Share on other sites

No, MBARW only supports workstation OS. Additionally, the MBARW protection software must be on the endpoints in order to protect a server share. If one of your users opens a macro infected office doc or malicious *.js or *.scr in a zipped email attachment, the malicious encryption process is not running on the server, therefor the server will not be able to stop the encryption process. It must be stopped at the source machines.

Share this post


Link to post
Share on other sites

A server will not be at risk for ransomware unless one is using them for questionable purposes, like using them for internet browsing or opening email, which is a huge no no. You protect your servers by implementing solid policies around acceptable usage, a staggered backup schedule and having MBARW on the clients that connect to the servers.

Again, even if you put MBARW on a server, it cannot stop an encryption process that is running from an endpoint workstation. That ransomware process is located in the memory of the endpoint it unpacked on, you must have the MBARW software on the endpoint to be able to stop the encryption process before it reaches a server share / mapped drive.

Share this post


Link to post
Share on other sites

Hey @SLSHAMAL I was making that point more for people who will come across this thread in the future wondering the same thing, I wasn't trying to put you on blast. I just want your environment to be safe, a goal I know you share.

Share this post


Link to post
Share on other sites
On 4/26/2017 at 10:36 AM, djacobson said:

A server will not be at risk for ransomware unless one is using them for questionable purposes, like using them for internet browsing or opening email, which is a huge no no. You protect your servers by implementing solid policies around acceptable usage, a staggered backup schedule and having MBARW on the clients that connect to the servers.

Again, even if you put MBARW on a server, it cannot stop an encryption process that is running from an endpoint workstation. That ransomware process is located in the memory of the endpoint it unpacked on, you must have the MBARW software on the endpoint to be able to stop the encryption process before it reaches a server share / mapped drive.

What if Ransomware gets executed from the workstation and just encrypts the UNC Shares/ Mapped Drives ONLY - ignoring the files on the computer?

How can the server protects it self from computers that is infected by Ransomware?

Edited by vane

Share this post


Link to post
Share on other sites

MBARW will still kick off on the workstation as the encryption process is running on the workstation. What that process is encrypting does not matter, the important part is from where that process is running.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.