Jump to content

MB3 Consumer Command Line


Recommended Posts

Hey there,

I'm trying to build a home sandbox for learning and filtering processes. I'm using Python to run files into a VM, open them there for behavioral analysis and scan and then pass on to the network.

I was hoping to use Malwarebytes inside the VM to do a prescan of the file (having the python script run it silently) and then also collect the logs from the background running MBAM process for behavioral analysis.

And while the latter part is doable (more or less, cause if it finds something, it'll pop up the GUI and I only need the logs), the former is now apparently not.

Do you and when do you expect the mbamapi or the old CLI features to return to the home version of your excellent product?

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Staff

Greetings,

I'm honestly not sure that they intend to implement command line support for the home version of Malwarebytes, however if they do then it probably won't be for a while until the next major release (like 4.x or whatever it may be called the next time they overhaul the UI and other major features).

Link to post
Share on other sites

  • 8 months later...

MBAM: I really hope that you are looking at this thread.

I am a Premium user and I have a huge need for command line support

I want to run a full MBAM scan every day as part of a suite of nightly processes.

The only way to properly do this is to have a command line script that says "do process 1" and then when that is over "do process 2" etc.

But because MBAM lacks command line support, I have to resort to scheduling scans.  But that is a deeply inadequate substitute, because all the processes in the suite have variable execution times.  So, with scheduling, I am forced to make very conservative assumptions about execution times, and this causes the entire suite to take 3X longer to completely finish than it ought to.

Link to post
Share on other sites

  • Staff

Greetings,

Unfortunately there is no command line support in the consumer version, however as you already mentioned, the scheduler is an option (with the caveats you mentioned of course).  That said, I'd strongly advise *against* using a full system scan daily as that is going to take a very long time and put unnecessary strain on your system disks as Malwarebytes is designed to look in all of the locations where threats are known to hide and install themselves and it also checks every process and module loaded into memory, so even if a threat is running from some unorthodox location for some reason Malwarebytes will still detect it as it checks all threads in memory as well as their associated files on disk along with all the other loading points in the registry, startup folders and other locations used by active threats to launch/persist on boot.  This is actually the primary reason that no default 'full scan' option is made available, and instead only the choice of a Custom scan where the user selects all objects on the system to be scanned via the provided checkboxes are provided and why the Threat scan, which checks all the items and locations I mentioned (in addition to many others) is the default scan type provided.  In fact, whenever any new location is found to be used by malware, the Malwarebytes Research team will add that location to the Malwarebytes threat databases so that once the signatures are updated, that new location will be included in all subsequent scans so it doesn't even require any new code by the Developers or any new version/build of the product to change where the product scans by default using the Threat scan.

With all of that said, I will still submit your request for CLI functionality to the Product team for consideration, however that is not a guarantee that they will implement it as the decision is not mine to make.

Link to post
Share on other sites

20 hours ago, exile360 said:

Unfortunately there is no command line support in the consumer version, however as you already mentioned, the scheduler is an option (with the caveats you mentioned of course).

Thanks for your reply and for confirming my understanding.

 

Quote

That said, I'd strongly advise *against* using a full system scan daily as that is going to take a very long time and put unnecessary strain on your system disks as Malwarebytes is designed to look in all of the locations where threats are known to hide

Old style mechanical hard drives have been pretty durable for years (a few decades?) now.

The sole concern that I am aware of is with SSDs.

It is true that SSDs do have write limitations.  Key specs to look out for are "Drive Writes Per Day" (DWPD) and "Terabytes  Written" (TBW).  For example, my latest laptop is a Dell 7530 Precision Mobile Workstation with a Samsung 970 EVO 2 TB SSD.  Its product page gives a "Terabytes  Written" spec of "1,200 TBW with a 5-year limited warranty, achieving 50 percent higher than the previous generation".  That's 600 full drive writes.

However, since when has reading an SSD been an issue?

To my knowledge, massive disk reading is almost all that a full disk malware scan should be doing, but almost no writing.  So I see zero issue with doing full disk scans and SSD degradation.

I have been doing full disk scans for ~5 years on my old desktop's SSD, an Samsung 840 EVO 500 GB, and I have seen zero issues with it so far.  Samsung Magician reports the drive's status as Good.

 

Quote

With all of that said, I will still submit your request for CLI functionality to the Product team for consideration, however that is not a guarantee that they will implement it as the decision is not mine to make.

Thanks a million!

There has to be many others like me who want this.

I have zero problem if you limit this feature to your Premium product.

One feature needed in the CLI: I should in the GUI be able to save a named custom scan configuration, and then refer to that custom scan as a command line argument.  Much better than supplying a dozen command line arguments.

 

 

Link to post
Share on other sites

  • Staff

Part of my concern is that I believe there may actually be some write activity in scanning.  If you have a tool to monitor this it may illuminate the issue; something like Process Monitor or the like.  I seem to recall that a component of scanning is to see if certain objects exist on disk related to certain threats by attempting to create files with the same name in the same location, and if Windows prevents it because an object sharing the same name/location exists this confirms the object's existence.  That information is very old though so it may no longer apply.  There's also the question of rootkit scanning, assuming you have it enabled.  That level of scan is much deeper than a normal file/disk scan and again may do more than a standard read analysis would, but of course most modern disks aren't prone to failure as early as older disks so I may be concerned over nothing, I just thought I should voice my concerns just in case you were not aware.

I think I'll also submit the idea of 'saving' a custom scan configuration.  Even if they do not implement CLI support, it might make it easier for users like yourself to have an easily accessible saved scan configuration to execute on demand to scan whatever locations you choose.  I think that might be a fair compromise if they are against the idea of implementing full CLI support.

Link to post
Share on other sites

  • 1 year later...

+1 for adding this functionality.  While I do have all MalwareBytes Premium protection options turned on, there are rare cases when I need (for my conscience) to ensure that I have scanned a file (or in some cases, a RAR, the ZIP within the RAR, and files within the ZIP) in a manner that isn't just "well, it didn't trip the scanner..." 

I have download tools that have the option of keeping a file in quarantine until it has run an explicit AV scanner against the newly downloaded file, and I'd *really like* to use that functionality.  That way, if MBAM decides the file is untrustworthy, then it has touched less of my system than if it had been downloaded in its full form, placed in its final resting place, *then* scanned. 

Also, if something managed to temporarily disable MBAM, then forcing a quick scan against exactly one file should tell me that the scanner has been disabled, which will alert me much faster to a major problem.

This would be a minor piece (for MBAM) to add to its consumer lines, and a great source of joy for Power Users.

Link to post
Share on other sites

13 minutes ago, Vaneyen said:

there are rare cases when I need (for my conscience) to ensure that I have scanned a file (or in some cases, a RAR, the ZIP within the RAR, and files within the ZIP) in a manner that isn't just "well, it didn't trip the scanner..." 

Although you can right click a file and scan it, keep in mind the following.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution only with the anti-exploit module of the paid program.

Link to post
Share on other sites

  • Staff

Thanks for the suggestions, I'll be sure to pass them on to the Product team for consideration.

In addition to what Porthos mentioned above, just in case you were not aware, if you run the default Threat scan it does actually check the downloads folder, the desktop and several other locations where a file would commonly be saved after downloading through a web browser if that helps at all, and of course you may always use the right-click Scan with Malwarebytes function Malwarebytes installs in the Windows Explorer context menu to check any recently downloaded file.

As far as Malwarebytes being disabled is concerned, if it is registered with Windows Security Center (which it is by default, at least for Premium), then Windows should alert you any time Malwarebytes is disabled and Malwarebytes Premium uses a rather robust self-protection mechanism (also enabled by default).

I'd also personally suggest that if you really aren't sure about a file, that rather than scanning it with a single anti-malware/antivirus engine, that you instead upload it to a multi-engine service such as VirusTotal to see if any of the engines/products there detect it as a threat or not.

Link to post
Share on other sites

I suggest you extract the zipped file and run the right click scan on the extracted folder. As long as you do not run/execute any files in the infected folder you are safe.

Also, to get a accurate scan from Virus Total the file should be unzipped any way.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.