Exclusions

[CeeBee]

Just installed MBARW "arw-setup-consumer-0.9.18.807-1.1.278-1.0.14637" on a w10 (1809) where I have MBAE 1.13.1.146 and NAV 22.20.1.69 running.  Any suggestions on what programs to exclude to optimize run-ability and performance?

[exile360]

Greetings,

If you can, you might exclude Norton from Malwarebytes Anti-Ransomware and it may also help performance and compatibility to exclude both Malwarebytes applications from Norton though it likely is not a requirement to do so and I don't recall any recent issues being reported with any Norton products offhand.

I hope this helps and if anyone else has firsthand experience with Norton and its compatibility with Malwarebytes please feel free to chime in, however given how frequently we see users running a popular product like Norton on these forums, I would expect to have heard about any current incompatibilities by now, but that's just my take based on my experiences here on the forums.

Please let us know if there is anything else we might assist you with.

Thanks

[CeeBee]

Thanks for that!  I have excluded the folder C:\Program Files\Norton Security for now.  If that's too broad, let me know.  (I use Norton Security "basic", aka NAV, by choice.)

Norton Security "dumps" folders/files all over the place, so in case there are other locations or files, let me know too.

As for the revers issue, excluding MBARW and/or MBAE from Norton, I'll check on that next time I visit Norton's support forum.

[exile360]

Nope, that should be just fine

The only other folder you might consider excluding would be Norton's primary data folder which is likely located under C:\ProgramData, however it isn't nearly as likely to address potential issues with performance as just excluding the AV's main program folder as you already did.

[CeeBee]

Thanks!  So far it seems they are playing nicely together.  We'll see what the guys at the Symantec forum say.

Different issue, Security Certificates: whereas MBAE has valid certificates, I just noted that MBARW has outdated certificates (both Sha1 and Sha256).  How come? 

[LiquidTension]

Hi @CeeBee,

The files are all counter-signed, which proves the validity of the signing signature despite it being expired. This can be seen in any of the file properties (e.g. open mbarw.exe properties -> Digital Signatures -> Open details -> Countersignatures -> Details). What's important is the signing timestamp of the counter signature, which is before the certificate expired.

You can read more about this here:
https://docs.microsoft.com/en-us/windows/win32/seccrypto/time-stamping-authenticode-signatures

Quote

The countersignature method of time stamping implemented below allows for signatures to be verified even after the signing certificate has expired

[CeeBee]

7 minutes ago, LiquidTension said:

The files are all counter-signed, which proves the validity of the signing signature despite it being expired. What's important is the signing timestamp of the counter signature, which is before the certificate expired.

Okay, got it.  For a layman it seems a bit silly to validate a lapsed certificate by a counter signature (instead of updating the certificate).  But, I'm sure there is a reason for it.  Thanks!