Jump to content
Christopherfest

What AV do you use with MEP?

Recommended Posts

If any, what Anti-Virus solution are you using with Malwarebytes Endpoint Protection?  I'm asking because after adding MEP, we had to ditch our AV solution (Trend Micro Worry-Free Business Security) due to issues we were unable to resolve after working with Malwarebytes and Trend support departments.

Thanks!

Share this post


Link to post
Share on other sites

Windows Defender. I know what you're thinking but in Windows 10 they honestly make a good pair.

Share this post


Link to post
Share on other sites
4 hours ago, Kalrand said:

Windows Defender. I know what you're thinking but in Windows 10 they honestly make a good pair.

I'm currently testing a Windows 7 with MSE / MEP and Windows 10 Defender / MEP. When you did the exclusions, did you add any others beyond this list:

 

For Windows Endpoints

%ProgramFiles%\Malwarebytes Endpoint Agent

%ProgramData%\Malwarebytes Endpoint Agent

%ProgramFiles%\Malwarebytes\Anti-malware\

%ProgramData%\Malwarebytes\MBAMService

%ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Incident Response\Logs

%SystemRoot%\system32\drivers\ESProtectionDriver.sys

%SystemRoot%\system32\drivers\farflt.sys

%SystemRoot%\system32\drivers\mbae.sys (mbae64.sys on an x64 system)

%SystemRoot%\system32\drivers\mbam.sys

%SystemRoot%\system32\drivers\MBAMChameleon.sys

%SystemRoot%\system32\drivers\MBAMSwissArmy.sys

%SystemRoot%\system32\drivers\mwac.sys

 

Thanks!

-Chris

 

Share this post


Link to post
Share on other sites

Don't forget the exe's :)

Processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamwsc.exe
C:\Program Files\Malwarebytes Endpoint Agent\ConfigurationRecoveryTool.exe
C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe

 

Edit - Adding other drivers and folders

Folders:
C:\Users\*\AppData\Local\Malwarebytes
C:\Program Files\Malwarebytes\Anti-Malware
C:\Program Files\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes\MBAMService
C:\Program Files\Malwarebytes Endpoint Agent\Plugins\Incident Response

Drivers:
C:\Windows\system32\drivers\ESProtectionDriver.sys
C:\Windows\system32\drivers\farflt.sys
C:\Windows\system32\drivers\mbae.sys
C:\Windows\system32\drivers\mbae64.sys
C:\Windows\system32\drivers\mbam.sys
C:\Windows\system32\drivers\MBAMChameleon.sys
C:\Windows\system32\drivers\MBAMSwissArmy.sys
C:\Windows\system32\drivers\mwac.sys

Edited by djacobson

Share this post


Link to post
Share on other sites

I've never needed to exclude the drivers (they only apply to the scanner in MSE/Defender anyway; you can only exclude EXE files from real-time protection so it's moot to add them).  I haven't used Windows 10 (or 8/8.1 for that matter), however I have used MSE with Malwarebytes on many XP, Vista x64 and 7 x64 systems and have never had a single issue between them (I don't think exclusions are actually necessary anyway as I have used them without any exclusions and never had trouble then either; I just add them in case it might help performance).

Share this post


Link to post
Share on other sites

With Windows Defender we've never had to add exclusions.This may be because we keep it registered with the Action Center so Windows, and by extension Windows Defender, already knows it exists.

Share this post


Link to post
Share on other sites

We tested McAfee VSE/ENS with other antimalware/MBAM.
You just have to exclude relevant processes (exe) vise versa in each antimalware product.


But as far as I understood, Malwarebytes sees itself as a *full* Antimalware-Solution, so there shouldn't be no need for another antivirus except Malwarebytes or am I wrong?

Share this post


Link to post
Share on other sites
21 hours ago, djacobson said:

Don't forget the exe's :)

Processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamwsc.exe
C:\Program Files\Malwarebytes Endpoint Agent\ConfigurationRecoveryTool.exe
C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe

 

Edit - Adding other drivers and folders

Folders:
C:\Users\*\AppData\Local\Malwarebytes
C:\Program Files\Malwarebytes\Anti-Malware
C:\Program Files\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes\MBAMService
C:\Program Files\Malwarebytes Endpoint Agent\Plugins\Incident Response

Drivers:
C:\Windows\system32\drivers\ESProtectionDriver.sys
C:\Windows\system32\drivers\farflt.sys
C:\Windows\system32\drivers\mbae.sys
C:\Windows\system32\drivers\mbae64.sys
C:\Windows\system32\drivers\mbam.sys
C:\Windows\system32\drivers\MBAMChameleon.sys
C:\Windows\system32\drivers\MBAMSwissArmy.sys
C:\Windows\system32\drivers\mwac.sys

Does anyone have a better way of adding these besides the one by one method using the MSE/Defender interface?

Share this post


Link to post
Share on other sites
6 hours ago, anyWARE-Mainz said:

We tested McAfee VSE/ENS with other antimalware/MBAM.
You just have to exclude relevant processes (exe) vise versa in each antimalware product.


But as far as I understood, Malwarebytes sees itself as a *full* Antimalware-Solution, so there shouldn't be no need for another antivirus except Malwarebytes or am I wrong?

Thank you all for the feedback, Mainz brings up a good point though. IS Malwarebytes Endpoint Protection a full suite or is AV still needed?

Share this post


Link to post
Share on other sites

Malwarebytes should provide sufficient protection on its own, however it also doesn't hurt to have an AV layer there still as a backup/secondary protection.  The primary benefit of using two products is that if one were to fail for any reason (not just because some malware wasn't detected, i.e. because of a bug with the software or some system issue that impacts one product and not the other), you've still got the other solution running to provide some level of protection until you can get the issue with the other product corrected.  Basically it's like redundancy for the sake of better security.

Share this post


Link to post
Share on other sites

By the way, I don't know how it is now, but MSE used to store its exclusions in the registry, so if you can find the location and determine the appropriate syntax to use, you should be able to write up a batch or reg file that will add them all in at once, then restart the system or reload MSE/Defender to make sure it picks them up from the registry (you can check its exclusions tab to find out).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.