Jump to content

Security HOLE in Malwarebytes 3


Recommended Posts

Hello,

Talking with Support yesterday, it was discovered that Malwarebytes does NOT support the Windows 10 redirection of Desktop, Documents, Downloads, Pictures, Videos or 3D Objects to another partition.

For those of us that use a SSD for the OS or routinely perform a fresh install to cleanup and optimize Windows 10 it is a MAJOR advantage to not have EVERYTHING on the same physical drive as the OS.

Windows 10 FULLY supports redirection. This is one of several methods to redirecting them:
1. Open File Explorer
2. In the Quick Access area or you can go under This PC if you , right click for example Desktop and choose Properties
3. Choose the Location Tab
4. Enter the new path (complete all the way to the drive letter)
5. Click Apply
6. Choose Yes to Move all items to the new location.
 

Now your SSD drive has much more free space for installed applications etc.

Here is the problem:
When you download to any of these new locations Malwarebytes 3 does not do any checks
AND MORE IMPORTANTLY, the Threat Scan "Our most comprehensive scan" does not scan these areas.

Therefore I say that there is a HOLE in the security.
 

Here's hoping for a quick resolution!

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

This is not just in Windows 10.

In HKCU are Registry entries that point to the location of Data File locations.  This is in every Windows NT version.  There are many reasons why one may want to change them.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Link to post
Share on other sites

I understand it is not just in Windows 10. But it seems a LOT of people do not know how EASY it is to redirect this stuff WITHOUT direct access to the Registry.

My issue is that the Malwarebytes 3 software does not look in the registry to see where stuff is going and check those locations.

Link to post
Share on other sites

These same functions (via Windows Explorer) have existed at least since Windows XP.  It relies on the structure in the registry described by David H. Lipman above (the user shell folders, also related to a similar function called environmental variables which have to do with standard locations for specific OS features and components and can be modified/redirected to other locations, including other disks or partitions).  There are also hard links which are another method of redirecting the contents of a directory to another location.

I don't know if Malwarebytes scans modified locations or not, however it may depend on a few factors such as whether or not the folders are moved to locations on a different partition or drive or just a different location on the same drive, but with that said, you should still be relatively safe because even if a specific location is not checked by the Threat scan, it still checks all processes in memory so if malware were running from such a location it would still be scanned and detected as a threat and removed accordingly upon completion of the scan once the remediation process is initiated by the user.

Likewise, the real-time protection components in Malwarebytes Premium should have no trouble detecting threats attempting to execute from such locations and the only specific location that might be impacted significantly by moving it would be the Downloads folder which is among the default locations checked by the Threat scan (because by default this is where files from the web are saved which might include potential Trojans and other executable malware payloads), however you should still be able to use the shell context menu entry for scanning with Malwarebytes to check the Downloads folder's contents whenever new items are saved from the web prior to executing them to check them with Malwarebytes which would also be faster than performing an entire Threat scan.  Besides, as I mentioned already, the real-time protection components shouldn't have any trouble identifying threats trying to run from the new location and should flag and quarantine them automatically, preventing them from infecting the system.

Link to post
Share on other sites

I understand ALL of that.

Forget Real time protection. I don't want to wait until I try to run something before I find out it is evil.

I just want Malwarebytes 3 Threat Scan to actually scan the updated locations. To not do so limits the Threat Scan's effectiveness.  

It really should not be that hard. I did not know I was going to start a religious war.

Link to post
Share on other sites

There should be no lesser "trust" @Nate-Dogg based upon this dialogue.  Although the subject of this thread has the words "security hole", what was discussed in this thread is not what the subject infers.

The fact remains that MBAM's proactive "On Action" measures as well as it's "On Demand" and "On Access" capabilities work under the Operating System as a whole and whether a user re-maps Document locations or not, does not change that.  The re-mapping of Document locations only changes the logistics of what the User is presented by Windows Explorer.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.