Jump to content

Does Malwarebytes have a Behavoir Blocker besides AntiRansomware?


Recommended Posts

I know malwarebytes has an excellent behavoir-based Anti-Ransomware and Anti-Exploit.

However, i am wondering if the anti-malware component offers any post-execution protection against other malware (e.g. backdoors, spyware, botnets, ect.).

I know there are heuristic, behavoir-based detections like MachineLearning/Anomalous or Generic.Malware/Suspicious but do these also work post-execution?

Thanks for your Answers in advance :)!

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    welcome mbst.png
  • Click the Gather Logs button
    gatherlogs.png
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Click "Reveal Hidden Contents" below for details on how to attach a file:
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    _mb_attach.jpg.a0465aaafd6cae688aa38ab16

     

    After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by email when someone has replied to your post.

    _mb_follow.jpg.7868cc281f66ac22e919c2c48

    _mb_follow_options.jpg.dcb79fc10aa35beb0

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

We definitely do, here's just a few examples:

  • Web Protection can stop infections from being able to reach out to their control servers or other malicious sites
  • Real-Time Protection actively monitors for applications performing badly, even after infection
  • Ransomware Protection will help stop active infections from being able to encrypt files

These are just a few methods

Link to post
Share on other sites

12 hours ago, Darku said:

I know malwarebytes has an excellent behavoir-based Anti-Ransomware and Anti-Exploit.

However, i am wondering if the anti-malware component offers any post-execution protection against other malware (e.g. backdoors, spyware, botnets, ect.).

I know there are heuristic, behavoir-based detections like MachineLearning/Anomalous or Generic.Malware/Suspicious but do these also work post-execution?

Thanks for your Answers in advance :)!

Are you asking about Malware Clean-Up after infection?

Link to post
Share on other sites

20 hours ago, dcollins said:

We definitely do, here's just a few examples:

  • Web Protection can stop infections from being able to reach out to their control servers or other malicious sites
  • Real-Time Protection actively monitors for applications performing badly, even after infection
  • Ransomware Protection will help stop active infections from being able to encrypt files

These are just a few methods

Thanks for the information! Nice to hear that :).

14 hours ago, plb4333 said:

Are you asking about Malware Clean-Up after infection?

I know that MB can clean up active Infections, however,

if you know something about malware action rollback capeabilities of malwarebytes, i would be intrested in that.

Link to post
Share on other sites

In the remediation engine there are several aspects which can reverse certain damage and system configuration changes made by malware.  These include system policies in the registry, infected/corrupted system files, patched/modified boot files and several other issues.  Some of them are part of the anti-rootkit component, while others are part of the normal detection engine.

Link to post
Share on other sites

1 hour ago, exile360 said:

In the remediation engine there are several aspects which can reverse certain damage and system configuration changes made by malware.  These include system policies in the registry, infected/corrupted system files, patched/modified boot files and several other issues.  Some of them are part of the anti-rootkit component, while others are part of the normal detection engine.

That's better than I thought! That's very good to have in MBAM and glad to see it. I really had no idea

Link to post
Share on other sites

Yes, it's technology which has evolved over time as threats have changed along with the fallout they leave behind.  At first, it was mainly just things like the use of policy restrictions in the registry and Group Policy that were targeted.  Things like preventing the user from running Task Manager, the command prompt or Regedit or even preventing them from changing their desktop background (after putting some kind of malicious message as the desktop wallpaper to scare users into paying the bad guys money etc.) or prevent them from changing settings for their internet browser.  Most of these were classified as PUM or Potentially Unwanted Modifications.  But later on, as rootkits became prominent, we frequently found that even after clearing the system of the rootkits, components and damage remained in system files and the boot files (MBR/VBR etc.) and so additional remediation technology was required to repair this damage, and so Malwarebytes Anti-Rootkit was enhanced with several fixes which would reset things to their normal, pre-infected state.  Eventually these technologies were integrated into Malwarebytes and are now a part of Malwarebytes 3.

The best part is that whenever the bad guys do something new, the Researchers can add new fixes into the database without needing to release a new version of the software so that Malwarebytes can handle the fallout.  When it detects a threat known to modify or break certain components, like the Windows Firewall or the Windows Update service, it can deploy these fixes as a part of the cleanup routine so that as the threats are removed, the damage they left behind is removed/repaired with them.

Link to post
Share on other sites

7 minutes ago, exile360 said:

Yes, it's technology which has evolved over time as threats have changed along with the fallout they leave behind.  At first, it was mainly just things like the use of policy restrictions in the registry and Group Policy that were targeted.  Things like preventing the user from running Task Manager, the command prompt or Regedit or even preventing them from changing their desktop background (after putting some kind of malicious message as the desktop wallpaper to scare users into paying the bad guys money etc.) or prevent them from changing settings for their internet browser.  Most of these were classified as PUM or Potentially Unwanted Modifications.  But later on, as rootkits became prominent, we frequently found that even after clearing the system of the rootkits, components and damage remained in system files and the boot files (MBR/VBR etc.) and so additional remediation technology was required to repair this damage, and so Malwarebytes Anti-Rootkit was enhanced with several fixes which would reset things to their normal, pre-infected state.  Eventually these technologies were integrated into Malwarebytes and are now a part of Malwarebytes 3.

The best part is that whenever the bad guys do something new, the Researchers can add new fixes into the database without needing to release a new version of the software so that Malwarebytes can handle the fallout.  When it detects a threat known to modify or break certain components, like the Windows Firewall or the Windows Update service, it can deploy these fixes as a part of the cleanup routine so that as the threats are removed, the damage they left behind is removed/repaired with them.

Now I know why I've always thought of MBAM as top of the class in malware removal and its technology, and had no qualms when it went to paid version, I always thought it was a small price to pay, considering...Thank you for the enlightenment on this matter, deeply appreciated by me and others I'm sure. :)

Link to post
Share on other sites

You're very welcome :)

And honestly, that's just the tip of the iceberg.  I didn't even mention things like Linking, which is a smart heuristics tech built into the scan engine capable of detecting an infection's entire installation based on catching just a single trace or the additional measures implemented in the Anti-Exploit component which not only monitor for exploit behavior, but also lock down vulnerable system settings and components, hardening the OS and software against attacks.  Malwarebytes has tons of amazing things going on under the hood, and I've barely scratched the surface of what it's capable of.

Link to post
Share on other sites

17 minutes ago, exile360 said:

You're very welcome :)

And honestly, that's just the tip of the iceberg.  I didn't even mention things like Linking, which is a smart heuristics tech built into the scan engine capable of detecting an infection's entire installation based on catching just a single trace or the additional measures implemented in the Anti-Exploit component which not only monitor for exploit behavior, but also lock down vulnerable system settings and components, hardening the OS and software against attacks.  Malwarebytes has tons of amazing things going on under the hood, and I've barely scratched the surface of what it's capable of.

Thank you so much Exile360, this is tremendous in regards to MBAM's reach into OS and files. When I think back when the company 1st started, for many years it went free while they were busy expanding its powerful methods. And I used to amazed then, just how much a person got for free, and always knew the day would come for paying, but it lasted very long as free and I'm sure it wasn't easy for the company. So in essense, I was amazed then, and I'm even more amazed now. Thanks to you, and you describing what is just the tip of the iceberg, for just how much this program does. It goes above alot of peoples' heads and that just goes to show just how complicated these matters can be when there's hackers that are top of their game, plus they really know how to circumvent the OS and what have you. What more could a person ask for? A top-notch program to save us, and as well as support staff on this forum, and within the company besides, that are always there to help users. You specifically are amazing for all you do in this forum and other forums.

Link to post
Share on other sites

Thanks for the complements, I'm just glad I could help :)

Yes, they've been at this for a long time and I've been pretty much from the beginning, at first as a user/beta tester, then later as an employee.  I've seen how they've adapted and grown over the years as the threats have changed and they've adapted, built and acquired new technologies to meet the challenge.  It's been a long hard fight, but Malwarebytes still holds its own against threats that seek to infiltrate, exploit and extort computer users.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.