Jump to content
Pete12

No exclusions-list in Anti-Rootkit BETA?

Recommended Posts

No exclusions-list in Anti-Rootkit BETA?

Is it possible to create one in the program , and.......how ??

Share this post


Link to post
Share on other sites

Greetings,

Actually, there is a way to exclude items from Malwarebytes Anti-Rootkit, but to do so you must have Malwarebytes 3 installed.  If you create exclusions in Malwarebytes 3 on a system, Malwarebytes Anti-Rootkit should honor them; at least that's how it worked in the Malwarebytes version 2 days, so as long as they have brought this feature forward into the current builds, then this should still work.

From the documentation included with Malwarebytes Anti-Rootkit BETA:

  1. Ignore List - MBAR uses the same ignore list used by MBAM so exclusions may be managed using the Ignore List tab in MBAM. In order to add or remove an item to be ignored by MBAR, MBAM must be installed as MBAR currently cannot add or remove any items to or from the Ignore List on its own.

Share this post


Link to post
Share on other sites

Yes , mbam 3 (latest version) is installed , in the same folder as Malwarebytes Ant-Rootkit !

And some exclusions are , indeed, added in the list in Malwarebytes ( its a text-file , used by Malwarebytes 3 )

These exclusions are excluded from scanning in Malwarebytes 3 already , but not in the Anti-Rootkit.......

Tried to copy this file to the Anti-Rootkit folder , still no luck !

So , there must be another solution , maybe copy to other place.............??

Share this post


Link to post
Share on other sites

They don't need to reside in the same folder, in fact, try keeping Malwarebytes installed in its default location (C:\Program Files\Malwarebytes\Anti-Malware) and just run Malwarebytes Anti-Rootkit from your desktop and allow it to extract to its default location on the desktop to run it from there and see how it goes.  Don't move any files because that won't help.  Anti-Rootkit is coded to read the Malwarebytes exclusion files from their default location, but if it isn't compatible with Malwarebytes 3, then you may need to remove that and install Malwarebytes Anti-Malware 2.x.  The last released version of 2.x may be found here.  You'll need to install it then add exclusions for whatever you don't want Malwarebytes Anti-Rootkit to scan, then it should work.

Share this post


Link to post
Share on other sites

Both programs are now installed in Program Files\Malwarebytes , in two folders ; Malwarebytes ( 3.5.1 latest) and Malwarebytes Anti-Rootkit.

I will uninstall Anti-Rootkit and allow it to extract to its default location on the desktop .

Does the last released version of 2.x perform well , updating and scanning ?

 

Share this post


Link to post
Share on other sites

It should update and scan, but it really isn't a replacement for version 3.  A lot of new detection and removal capabilities have been added since then which aren't backwards compatible with older versions of Malwarebytes.

If your goal is just to check your system for rootkits with Malwarebytes Anti-Rootkit BETA once in a while, that's fine, but really it's main purpose is as an emergency cleanup tool for badly infected systems.  Malwarebytes 3 has rootkit scanning built in and includes the capabilities of Malwarebytes Anti-Rootkit in its engine, so you'd be better off using that alone as a long term solution.  Just launch Malwarebytes 3 and go to Settings>Protection and enable the Scan for rootkits option and it will check for rootkits whenever you scan.

Share this post


Link to post
Share on other sites

Thank you , will first try to find a solution , if no luck will uninstall and use mbam 3 only..........

Besides I dont like a default Anti-Rootkit folder on my desktop , thats why I choosed the Malwarebytes-folder ( Program Files).........

Share this post


Link to post
Share on other sites

OK, sounds good.  Just FYI, Malwarebytes Anti-Rootkit BETA is a platform for testing new rootkit detection and remediation capabilities prior to integrating them into the main Malwarebytes product/engine.  There haven't been any major new rootkits in quite some time, so there haven't been any new features built into the beta that have yet to be integrated fully into Malwarebytes 3 so you aren't really gaining anything by running both tools.  Also, Anti-Rootkit doesn't detect PUPs or PUMs, so for a comprehensive scan you'd still need to run Malwarebytes 3 anyway.

On the other hand, there are still some items that ADWCleaner detects that Malwarebytes 3 does not, so it makes an excellent addition to a scanning regimen.

Share this post


Link to post
Share on other sites

Well, tried , but did not succeed , will keep this program next to Malwarebytes 3 , as a second opinion-scanner.

Will search for a working solution still...........

Share this post


Link to post
Share on other sites

Unfortunately there probably won't be a solution unless the Developers update Malwarebytes Anti-Rootkit to be compatible with Malwarebytes 3.  The format of exclusions in Malwarebytes 3 is different from Malwarebytes 2, and apparently Anti-Rootkit wasn't updated to be able to read the new format so until that happens, it isn't going to be able to use Malwarebytes 3's exclusions list.

Share this post


Link to post
Share on other sites
Posted (edited)

Ok , nice job for the developers for fixing this nasty problem , more people having troubles with this exclusions-list , which doesnt excist...........

Just uninstalled Anti-Rootkit , using mbam 3 , with a decent exclusions-list............

btw; thanks for your help ,appreciate..........:D

Edited by Pete12

Share this post


Link to post
Share on other sites

Yes, but the truth is most users don't even know that exclusion functionality exists in MBAR and since it only scans the locations where rootkits are known to install, it's not likely to flag anything as a threat that it shouldn't, especially since, unlike Malwarebytes, it doesn't detect Potentially Unwanted Programs.  It's a really specialized tool with a specific purpose designed to check known locations for rootkits and remove them as well as repair the fallout from such threats like broken Windows system services and other core OS components as a part of its cleanup routine.  It's far more specialized than Malwarebytes 3, which could theoretically scan all files and folders on your system (via the Custom scan option) so it's a lot less likely to scan anything that it shouldn't.  If you're trying to exclude a specific location because it contains a lot of data which makes the scan far longer that's understandable, but like I said, Malwarebytes 3 can do all that Malwarebytes Anti-Rootkit does anyway, and more, so you aren't really losing out on any critical functionality by skipping MBAR and just scanning with Malwarebytes 3.

Share this post


Link to post
Share on other sites

" you aren't really losing out on any critical functionality by skipping MBAR and just scanning with Malwarebytes 3. "...............yes, I thought so too !

Besides , Mbam taking about 200MB already , which I think its more then enough .

Other thing is ; is this program not a bit outdated , never been updated , beta "for ever"..........

While we are on latest Win10 ( just updated !!)

Share this post


Link to post
Share on other sites

Yeah, it used to get frequent updates when rootkits were more prominent, but these days most of the threats are PUPs and ransomware (as well as a lot of exploits that download/install ransomware) because, as they always do, the bad guys have moved on to new things now that the security industry has gotten a handle on their old tactics (thanks to tech like Anti-Rootkit and Malwarebytes 3).  Basically it's a never ending cat-and-mouse game where the bad guys keep changing up their tactics to avoid detection while the good guys keep building tech that is better at detecting what the bad guys have built, and it keeps going on this way until we paint them into a corner and force them to come up with completely new techniques to avoid detection.  Soon they'll change again now that the industry is getting a handle on ransomware (I cite the Ransomware Protection component in Malwarebytes 3 Premium as a prime example of this, which doesn't even use signatures/databases to stop ransomware in its tracks).

If rootkits become active again, MBAR will likely receive more updates, just as it did for a while last year after a couple of years of laying dormant thanks to one group of bad guys who decided to use a new rootkit to download, install and protect/reinstall PUPs for profit (a threat known as SmartService, which incidentally was also the reason the special build of MBAR posted in this topic was created).

Share this post


Link to post
Share on other sites

Yes , we are always "walking after the car" for these bad guys ( or should I say ; always too late ?)

One thing remains important ; the "cure" should not be worse then the disease ...........

Share this post


Link to post
Share on other sites

Yeah, too true.  However, thankfully these days we have more advanced proactive technologies like the signature-less Exploit Protection component which includes not only protection from unknown exploits based on detecting generic exploit techniques and behaviors, but also certain system component hardening features that render many frequently targeted system components and software immune to exploits both known and unknown.  Then there's the recently activated anomalous detection component that utilizes Machine Learning and cloud analysis technologies (what the AV industry frequently refers to as "AI" when in fact it's not really Artificial Intelligence by any stretch of the imagination) as well as the more traditional heuristics technologies built into the primary malware detection component of Malwarebytes.  Those, along with the Anti-Ransomware component which I already mentioned that targets ransomware based on behavior rather than relying on signatures for known ransomware, combine to form a layered defense against both known and unknown threats that might try to infiltrate your system.  They look at infections from every phase of the attack chain to try and stop it at every step in the process to keep your system clean.  A good overview of how these technologies function can be found in the diagram and information on this page.

Share this post


Link to post
Share on other sites

Oh, and I didn't even mention Web Protection which uses massive, frequently updated block lists of known bad sites and servers to stop malware at its source to prevent it from ever reaching your system, so even if the bad guys do change their threats to evade detection, unless they purchase new IPs/domains to host them, they'll still be blocked.  That makes things much harder for the bad guys because those things cost money and take time to set up.

Malwarebytes is also currently testing a new browser plugin that takes things even further by not just using block lists, but actually blocking malicious web pages based on their content and behavior to thwart attacks like lockscreen tech support scam pop-ups and phishing scams and it also blocks many ads as well as trackers to help guard your privacy.  It's currently available for both Chrome (and other Chromium based browsers like SRWare Iron) as well as Firefox and can be found at the following links:

Chrome
 Firefox

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.