Jump to content
Hoppity

How to use Malwarebytes 3 optimally with Kaspersky Total Security?

Recommended Posts

I read this link from 2015:

The user stated that you should exclude certain files of MBAM in KTS in order to not have the 2 programs intervene each other.

Questions:

#1 Since I am installing malwarebytes 3.0 instead of MBAM, could someone tell me which files I need to exclude?

#2 Can someone tell me how to do this? The link in that thread forwards to a tutorial on how to enable/disable Trusted Applications in KTS. Is that how it should be done? And wouldn't you need to have "Trusted Applications" enabled all the time in order for it to exclude the Malwarebytes files? If so, what are the downsides to having it enabled all the time?

#3 Do I need to exclude the KTS files in Malwarebytes too?

Thanks.

 

Share this post


Link to post
Share on other sites

#2 Is MBAM3 appearing in KTS' Manage Applications (under TAM)? What is its classification? Trusted/Low Restricted/High Restricted/Untrusted? If not "Trusted", right-click and mark "Trusted".

#3 It would be wise to add an exclusion for the KTS folder... \Program Files (x86)\Kaspersky Labs here:

33a.png

34a.png

Share this post


Link to post
Share on other sites

Hi Hoppity,

Here are instructions on how to configure Malwarebytes-related exclusions within your Kaspersky product.

Kaspersky Anti-Virus | Internet Security | Total Security | Security Cloud 2017

  • Open the Kaspersky product installed
  • Click Settings (fig. 1)
  • Click Additional (fig. 2)
  • Click Threats and Exclusions (fig. 3)

image.png.4e756ecdd387de1431141ca9fce06f83.png
Figure 1. Open Settings

image.png.a5240912264ed7bcc3ed7a110528d058.png
Figure 2. Open Additional

image.png.ddd7ebd29e313d4588d7a046b3a8c472.png
Figure 3. Open Threats and Exclusions

 

  • Click Manage exclusions (fig. 4)
  • Click Add (fig. 5)
  • Ensure all items under Protection components: are checked (fig. 6)

image.png.099f6e6ce2bd16f636b240b4dd3741ba.png
Figure 4. Open Manage exclusions

image.png.504ce67dd0a0cb5ce8ea33e380792c5f.png
Figure 5. Add button

image.png.f68c95236c2b3140700b06a990111d11.png
Figure 6. Protection components

 

  • Enter C:\Program Files\Malwarebytes into the text field and click Add (fig. 7)
  • Place a checkmark next to Do not prompt for confirmation during the next 30 minutes and click Continue (fig. 8)
  • Repeat for C:\ProgramData\Malwarebytes
  • Click Add (fig. 5)
  • Enter C:\Windows\System32\drivers\mbam.sys into the text field and click Add (fig. 9)
  • Repeat for the following files:
    • C:\Windows\System32\drivers\mwac.sys
    • C:\Windows\System32\drivers\mbamswissarmy.sys
    • C:\Windows\System32\drivers\mbamchameleon.sys
    • C:\Windows\System32\drivers\farflt.sys
    • C:\Windows\System32\drivers\mbae64.sys (64-bit)
    • C:\Windows\System32\drivers\mbae.sys (32-bit; enter both if unsure)

image.png.62591b776909d14992e4b12b13c72789.png
Figure 7. Enter first exclusion

image.png.554ff1f77b854e5c08c6a36019ac5456.png
Figure 8. Continue button

image.png.a281fb019526a838f84941e9b0367e70.png
Figure 9. Enter third exclusion

 

  • Close the window to finish (fig. 10)

image.png.31de10ba45949a0e43532ac17c5d05f8.png
Figure 10. Close button

Share this post


Link to post
Share on other sites

Based on guidance from Malwarebytes post on 4/6/2017, the  above guidance is different in that Malwarebytes previously recommended Excluding  drivers using the C:\Windows\Sysnative\drivers folder for 64 bit operating systems. I have been using the following Trusted Applications and Exclusions in Kaspersky Total Security 2017 and 2018 since 4/6/2017 with no problems. I  have also been setting Exclusions in Malwarebytes for the Kaspersky Lab folder and the applications/executables in the C:\Program Files (x86)\Kaspersky Total Security 18.0.0\ folder like avp.exe, avpui.exe, etc.

I hope Malwarebytes Staff will clarify whether or not we should be using the Sysnative\drivers\ folder or the System32\drivers folder for exclusions on a 64 bit system.

Trusted Applications

# C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

# C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
# C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

# C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

# C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
# If the above items are not found in the list that comes up when you select “Add”, click on the “Browse” button at the lower left of the screen and select them by browsing to the Anti-Malware folder.

 

 

Exclusions

Based on latest recommendations from Malwarebytes Forum on 4/6/2017. Copy and paste these into the Exclusions search list.

C:\Windows\Sysnative\drivers\mbae64.sys
C:\Windows\Sysnative\drivers\mbam.sys
C:\Windows\Sysnative\drivers\MBAMChameleon.sys
C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
C:\Windows\Sysnative\drivers\mwac.sys
C:\Windows\Sysnative\Drivers\farflt.sys

The above (.sys) files appear in my C:\Windows\System32\drivers\ folder but Malwarebytes recommended the above folders instead. This is because the Kaspersky UI is a 32-bit executable where as you need to access the 64-bit version of drivers. The sysnative folder is a linked folder, that won't show up in the list. You have to type the path in manually or copy and paste as I mentioned above.

Share this post


Link to post
Share on other sites

Still hoping Malwarebytes Staff will verify which is proper way to exclude Malwarebytes drivers in Kaspersky Total Security or Internet Security. The conflicting advice provided by Malwarebytes on different occasions is confusing and can result in conflicts if we are doing it wrong.

Should we use the C:\Windows\Sysnative\drivers\ folder or the C:\Windows\System32\drivers\ folder for these exclusions?

Share this post


Link to post
Share on other sites

If the files exist in \System32\, then use that directory. If they don't exist there, use \Sysnative\. The \Sysnative\ folder will only show up when trying to access the 64-bit system32 directory from a 32-bit application. I will have to double check Kaspersky to see what type of application it is

Update

Did some checking, you'll want to use \System32\. The files may not show up properly in \System32\ so you may have to type the file paths manually, but if you use \Sysnative\, it looks like the Kaspersky exclusions may not work properly

Edited by dcollins

Share this post


Link to post
Share on other sites

I still find this incredibly confusing.  What exactly do I type into the Malwarebytes Exclusions page.  I gave up on Malwarebytes some time ago but decided to try it again

yesterday and have bought and downloaded Malwarebytes Premium.  I already have Kaspersky Total but the more I read the various discussions on avoidance of the clash between them, the more confused I get.  I would be grateful for some plain directions.

Share this post


Link to post
Share on other sites

Greetings,

This thread is nearly 2 years old so any conflicts or issues mentioned likely do not apply at this point since both products have been updated many times since then.  That said, if you wish to exclude Kaspersky from Malwarebytes all you need to do is follow the instructions under the Exclude a File or Folder section of this support article, click the button to Select Folder... and in the dialog that opens browse to the location of Kaspersky's program folder (most likely located under C:\Program Files or C:\Program Files (x86)) and select it by clicking on it once and clicking Select Folder.  You may also exclude any data folder(s) belonging to Kaspersky, likely located under C:\ProgramData.

The list of items to exclude for Malwarebytes in Kaspersky can be found in this support article.  I don't have Kaspersky myself so I do not know the exact instructions for excluding items, but in my experience most AVs have some kind of option to exclude individual processes and that's generally the best way to exclude Malwarebytes to help reduce the chance of a conflict by excluding Malwarebytes' executable files located under C:\Program Files\Malwarebytes\Anti-Malware; the main process to exclude would be MBAMService.exe.

Share this post


Link to post
Share on other sites

Sorry I did not reply to this earlier.  Could not get on to this site until 10th June when I finally managed to change my password from the one they were rejecting.

I appreciate I am on too old a thread.  Many thanks.  I have given up on Kaspersky and am trying BitDefender but seems to be causing even more problems...

Thanks again.

Share this post


Link to post
Share on other sites

By the way, it would also be a good idea to run the Kaspersky removal tool just to ensure that there are no traces of the program remaining on your system now that you have decided to use a different AV as such traces and leftovers have been known to cause issues with other AV products.  You'll find the tool and instructions on how to use it on this page.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.