Jump to content

Antivirus and Malwarebytes and Widows Defender


Recommended Posts

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    welcome mbst.png
  • Click the Gather Logs button
    gatherlogs.png
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

    Click "Reveal Hidden Contents" below for details on how to attach a file:
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    _mb_attach.jpg.a0465aaafd6cae688aa38ab16

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Hello and Welcome @Limefielder

You will get mixed answers depending on who you talk to, everyone has their favorite software's… that being said, there are many folks that run Windows Defender and Malwarebytes Premium, and that should be plenty if you choose to go that route. Remember if you decide to go that route, make sure you uninstall you expired Bitdefender when ready to make that switch.

Thanks

Link to post
Share on other sites

As Firefox says, 2 people 2 answers.

For my part if it's Windows 10 then Defender is fine. Most of the stuff you see saying WD is no good are talking about much older versions.

Add Malwarebytes and that's another layer of protection.

No one honest will say nothing will ever get through that combination.But if something does I doubt anything else would have stopped it.

Link to post
Share on other sites

55 minutes ago, Firefox said:

Hello and Welcome @Limefielder

You will get mixed answers depending on who you talk to, everyone has their favorite software's… that being said, there are many folks that run Windows Defender and Malwarebytes Premium, and that should be plenty if you choose to go that route. Remember if you decide to go that route, make sure you uninstall you expired Bitdefender when ready to make that switch.

Thanks

Appreciate your speedy reply, Firefox.

I'm sure that sometime recently Malwarebytes said that after a certain update it had become as good as an antivirus software and with Microsoft increasing the effectiveness of Window Defender & Firewall. The two together made antivirus software "obsolete" (my word not Malwarebytes'). 

Does anyone else remember that?

Link to post
Share on other sites

7 minutes ago, nukecad said:

As Firefox says, 2 people 2 answers.

For my part if it's Windows 10 then Defender is fine. Most of the stuff you see saying WD is no good are talking about much older versions.

Add Malwarebytes and that's another layer of protection.

No one honest will say nothing will ever get through that combination.But if something does I doubt anything else would have stopped it.

Thanks for the speedy response, appreciated. I also replied to Firefox as below

I'm sure that sometime recently Malwarebytes said that after a certain update it had become as good as an antivirus software and with Microsoft increasing the effectiveness of Window Defender & Firewall. The two together made antivirus software "obsolete" (my word not Malwarebytes'). 

Does anyone else remember that?

Link to post
Share on other sites

Just now, Limefielder said:

Does anyone else remember that?

Yes, Malwarebytes feels that having only Malwarebytes is enough.... I like many other techs, feels that having layered protection is the best approach.  There are features in antivirus programs that Malwarebytes just does not have, this is why most feel that having both is the best practice.

Lets me just post this from one of the experts here on these forums... (these are the words of @David H. Lipman)

MBAM is not an anti virus application and does not replace an an anti virus application.  MBAM is an adjunct, complimentary, anti malware application.
 
In its role as a adjunct, complimentary, anti malware application it has limitations in aspects that the anti virus application performs in its role.
 
MBAM does not target script files. That means MBAM will not target; JS, JSE, PY, .HTML, HTA, VBS, VBE, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, WSF, etc.
It also does not target document files such as; PDF, DOC, DOCx, DOCm, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.
 
MZ-binary.jpg

MBAM targets mainly non-viral malware.  The exception being a virus dropper ( a malware file that drops a virus and starts a virus infection but is not infected with the virus ) and worms ( such as Internet worms and AutoRun worms ).
 
MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file.  That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code.  An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state.  Which may or may not return the file to its original, non infected, checksum value.
 
A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file.  Once infected, that infected file can further the infection by infecting other legitimate files.
 
On the other hand there are trojans that will prepend, append or cavity inject malicious code into a legitimate file.   However that file can not infect other files.  The infection stops with that targeted file.  These files are either deemed to be "trojanized" or "patched".  Since MBAM can not remove the added malicious code, at best MBAM will try to replace the trojanized file with a legitimate, unaltered, file.
 
Where a traditional anti virus application is weak, MBAM is strong.  Today's malware is much more complex than 10 years ago.  When we saw the Melissa virus ( I-Worm via SMTP  ), Lovsan/Blaster worm (  I-Worm via RPC/RPCSS @ TCP port 135 ) etc, they were distributed for the effect, damage and bragging rights.  Today's malware is more sophisticated in that it is "all about the money".  Malicious actors use malware to profit from.  Either by stealing, distribution affiliation revenue, data exfiltration, personal identification impersonation, etc.  To effect that the malicious actors don't want the victim to know that their system was compromised or they are so blatant about it by generating advertisements,  Yesterday's malware was simple and less obtrusive.  Today's malware is very intrusive and makes numerous modifications to the Operating System.  Those numerous modifications to the Operating System is where the traditional anti virus application does poorly and where MBAM specializes.
 
MBAM is not a historical anti malware solution.  That means it will not target old malware.  It's intent is to target 0-Day malware.  Malware that is infecting computers Today with malware found in-the-wild, Today.  That means that something like the BugBear which infected years ago will not be targeted by MBAM.  Malwarebytes will actually cull their signature database for malware that is no longer seen in-the-wild Today.   This is why Malwarebytes requests samples that are submitted for detection consideration be no older than 3 months old.
 
Malwarebytes rests its new declaration as a replacement upon the shoulders of its anti exploit module.
 
When one talks about an "exploit" there are two basic kinds.
 

  • Exploiting a software vulnerability to gain elevated privileges to effect a compromise
  • Taking advantage of a capability to use in their benefit in an unexpected or unanticipated way.


 
As an example of the first case I'll use the Lovsan/Blaster worm.  It exploited a software vulnerability in the Operating System RPCSS/DCOM which uses TCP port 135.  The Lovsan/Blaster worm would send a specific set or string of characters to TCP port 135 to create a "buffer overflow with an elevation of privileges" condition where if successful, the worm would create a BLASTER.EXE file on the target system and then execute it.  Once the PC was infected it would seek new hosts and the Lovsan/Blaster worm would spread exponentially.
 
As an example of the second  case I'll use the Wimad trojan.  The Wimad trojan takes advantage of the Digital Rights Management (DRM) incorporated in media files such as MP3, WMV and other music and video files.  By taking advantage of the DRM, it would be used in combination of Social Engineering and one's desire for "free music" or a "free movie" to cause the person to download and run some malicious program.
 
Therefore you use an anti exploitation application to thwart the malicious activity of deliberately exploiting a vulnerability to effect a system compromise.
 
One may use a specially crafted...

  • PDF file to exploit a vulnerability in a PDF viewer like Adobe Reader or FoxIt.
  • MOV file to exploit a vulnerability in a Apple's QuickTime renderer.
  • GIF file to exploit a vulnerability in Microsoft's Graphics Device Interface (GDI).
  • DOC, XLS or other MS Office document file to exploit a vulnerability in Microsoft Office or to use a macro to download and execute a file or extract an embedded file and execute it.
  • RMP file to exploit a vulnerability in RealPlayer.

It is for situations as enumerated above where an anti exploit application will be used to monitor and shield a given application, which exhibits vulnerabilities, from attempts using the vulnerability/exploitation attack vector.  It is not for untrusted applications.
 
The intention is to monitor and shield a given application which has a propensity of being exploited.
 
 
So MBAM may block a Wimad trojan from exploiting Windows DRM but it is incapable of detecting a media file as being a Wimad trojan.  This is something an anti virus application will do.  Now one may not get infected due to a Winmad trojan while using MBAM, but it will not identify these DRM exploitative files. 
 
MBAM is not VIM or MAPI compliant nor does it supply POP Proxy capability.  Therefore email is not scanned for malicious file or malicious content.  MBAM may block a "known" Phishing URL or a HTML.FakeAlert but it is incapable of identifying and quarantining the malicious email.  This is also something an anti virus can do.
 
MBAM may block a "known" Phishing URL or a HTML.FakeAlert site but since it does not target scripted malware it can't preload the HTML and block access to a site using malicious code if is not known by Malwarebytes.  MBAM may handle a software exploit well but due to its inability to scan scripted malware, it will not help in Social Engineering events which is a the Human Exploit.  A traditional anti virus application on the other hand ads that additional capability.  Below is a snapshot of some of the detections a traditional anti virus application can perform that MBAM can not.
 

Html.Phish


Html.Phishing
html.redirector.an.gen
HTML/ExDrive.5C7!phish
HTML/Fraud.A!phish
HTML/PDFFishing
HTML/Phish
HTML/Phishing
HTML/Phising
HTML_MA
HTML_PHISH
JS.Phish
JS.Phishing
JS/Phish
Mal/Phish-A
Malware.JS.Generic (JS)
PHISH/
Phish-SiteFraud
PWS.HTML.Phish
Ransom.Agent!8.6B7 (shepherd)
SCRIPT.Virus
Script/Trojan.2e2
Script/Trojan.7e1
Script/Trojan.e6c
Trojan.Generic
Trojan.HTML.Phishbank
trojan.html.redirector.b
Trojan.Iframe!8.D (shepherd)
Trojan.Kryptik!8.8 (shepherd)
Trojan.PHP.Phishing
Trojan.Redirector!8.E (topis)
trojan-clicker.js.agent.ma
Trojan-PWS.HTML.Phish
Trojan-Spy.JS.Phish
TrojanSpy:JS/Phish
virus.html.gen03.182
virus.js.gen.1
virus.js.gen.90
Win32.Trojan-qqpass
Win32/Trojan.0c3
Win32/Trojan.c27
Win32/Trojan.ca8
Win32/Trojan.e2a
Win32/Trojan.ed4
Win32/Trojan.ef6
Win32/Trojan.f2a
Win32/Trojan.PSW
Win32/Trojan.Script.ed4
XPL/Def
XPL/Gen


 
 
With all the things that that MBAM can not do, it is not an anti virus application and it remains an anti malware application which relegates it to its complimentary position.
Link to post
Share on other sites

  • 2 weeks later...

Thanks for the extensive response Firefox.

The version of MBAM I'm using is 3.5.1.2522.

Component Package version is 1.0.374

Update Package Version is 1.0.5536.

In your response your detail is well researched and I will take your advice and use MBAM as an adjunct to an Anti Virus software.

As Windows defender & Firewall come ready packaged in MS Windows 10 and I have the latest feature update version that is available in England, which is 1803.

I currently use Bitdefender but am thinking of saving some money and using MBAM for Malware protection and Windows Defender as the Anti Virus software.

I appreciate that is a MalwareBytes Forum, but I would appreciate you thoughts on what I'm proposing.

Thanks

 

Link to post
Share on other sites

  • Staff

The majority of information posted above by Firefox quoting David H. Lipman is actually no longer relevant.  It was created specifically based on information regarding just the Malware Protection component in Malwarebytes Anti-Malware 1.x, not the 3.x version of Malwarebytes that exists today and includes several additional layers of protection capable of stopping such threats through more effective means, including Exploit Protection (which does in fact target scripts, documents, media files and other non-PE/non-MZ file types) and signature-less behavior based protection layers like Ransomware Protection that targets threats/attacks based on behavior.  When added to the Malware Protection, heuristics, Web Protection (that now blocks domains/URLs in addition to IP addresses/IP blocks) as well as the recently activated anomalous threat detection engine, you should be pretty well covered and you do get comparable protection to what a modern AV provides.

That said, Malwarebytes has always been and still is designed deliberately not to conflict with AV software running in real-time, including Windows Defender, so if you choose to still use a traditional AV with Malwarebytes 3 you can.

Edited by exile360
Link to post
Share on other sites

exile360; Thanks very much for your response. It has been difficult to get up-to-date information on what I propose to do in running an updated MS Windows Defender & Firewall alongside an up-to-date Malwarebytes . 

A lot of info/stuff out there is as you say is old and is going back to 2014/15/16/17 and during that time MBAM has changed or morphed into a much broader scaled protection.

So again I thank you for your input. I will run Malwarebytes alongside MS Win 10 defender + Firewall once my current licence expite with my present AV software. I reckon Ill be as safe as anyone can be these days.

Thanks again. Appreciated.

Link to post
Share on other sites

  • Staff

You're welcome, I'm glad I could help :)

Yes, Malwarebytes 3 works quite well alongside Windows Defender and the built in Windows Firewall in newer Windows versions (Vista+) is actually quite robust, and very different from the one Microsoft provided in Windows XP Service Pack 2/Service Pack 3 (and even that was a huge step up from what XP originally shipped with).

If there's anything else we might assist you with please let us know and we'll do our best to help.

Thanks :) 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.