feature change request

[cybot]

MBAM currently can register itself with windows 10 security. however, it registers itself as an Antivirus program, which is not entirely accurate. Windows security has a new category that more suits MBAM called 'Web Protection'. MBAM used to have a setting that would let you choose whether you could have MBAM register as an AV provider or anti spyware/malware provider back in the windows 7 days. the setting has been missing for the last few versions. but I propuse a return of the setting with a few changes.  the option to have MBAM register as an AV provider, an Web Protection provider, or both. additionally the setting to turn on/off the registering with windows security would remain. turning the setting on, would let you select the setting previously discussed, while turning it off would be the same as it always has.

[exile360]

Greetings,

I am not aware of a function to have Malwarebytes register as anti-spyware/malware in Windows 7 (I'm a former Malwarebytes employee and have used the application since the pre-1.x days and have been using Windows 7 for years and still do to this day), however it does have the option to select whether to have Malwarebytes register with the Windows Security Center.  It is my understanding that they chose to have Malwarebytes register as virus protection specifically because in its current form Malwarebytes Premium is considered to be an AV replacement, meaning it can be used as the sole protection for a system without needing to run a traditional antivirus alongside it, however if Malwarebytes were to register as web protection only I do not believe this would accurately describe its function since Web Protection is only a small portion of the protection it provides and is only a single module out of at least 4 total, the rest of which deal specifically with malware, not just web filtering/blocking.

That said, if you wish to use Malwarebytes alongside an AV or Windows Defender then you may simply have Malwarebytes not register in the Windows Security Center.  In the past it has 3 settings to have Malwarebytes choose what to do automatically, to force registering with the Security Center, or for Malwarebytes not to register with the Security Center.  As far as I know there has never been an option to specify registering as a specific type of protection only.

I will however pass your request on to the Product team for consideration.

Thanks

[cybot]

i don't remember quite where it was in mbam, but what remains of the feature (only an on/off toggle) is under setting the security tab. I am pretty sure it was in the equivelant place in previous versions.

[cybot]

also you said it had three settings but only listed two.... so what was the third setting?

1 hour ago, exile360 said:

In the past it has 3 settings to have Malwarebytes choose what to do automatically, to force registering with the Security Center, or for Malwarebytes not to register with the Security Center. 

 

[Massimiliano]

As far as I remember the 3.x version they were

• always record
• never record
• automatically choose whether to record.

[exile360]

40 minutes ago, MAXBAR1 said:

As far as I remember the 3.x version they were

• always record
• never record
• automatically choose whether to record.

Right; the 3 options were to 1 have Malwarebytes decide what to do automatically (this was the default option), 2 always register with Security Center (i.e. force it to register as AV protection regardless of what else is active/installed), or 3 to have Malwarebytes not register with Security Center at all.  As I recall, the option to have Malwarebytes decide what to do automatically (the default) would leave Windows Defender active/not register with Security Center if Defender is the current/active AV in Security Center, and if Windows Defender is not the active/registered AV then Malwarebytes registers as AV protection which in most cases will simply result in 2 applications being registered as AV protection if a third party AV is installed.  If anyone from the staff remembers more clearly then they are free to correct me, but this is how I recall it functioning.

Today there are only 2 options with the option to have Malwarebytes automatically decide what to do being removed, the only real difference now being that by default it always registers with Security Center unless the user disables that option so that it does not.

[exile360]

Also, very long ago (either early in the lifecycle of Windows 7 or not long before 7 was released if I recall correctly), Malwarebytes would register with the Windows Action Center/Security Center as anti-spyware protection, however this category of protection does not exist in all versions of Windows so in order to register with Security Center consistently Malwarebytes had to seek classification as valid AV protection which they finally received from Microsoft after going through the validation process with Microsoft (which took quite a lot of time and effort from what I recall, including proving the product to be sufficient at detecting common malware/viruses etc.).  I don't have a Windows 10 machine handy to check, but I believe the only classifications of protection in the Security Center in Windows 10 are for AV protection and firewalls with no third category of spyware/malware protection any longer as Microsoft now classifies spyware/malware protection under the same category as general virus protection (AV) since technically speaking, all malicious software are malware, including viruses and these days most if not all AVs classify themselves as general malware protection rather than just antivirus (even if some of their products still include 'anti-virus' in the title) as they all claim to offer protection from malware including viruses, rootkits, Trojans, ransomware, spyware, adware etc., the very same threats/classifications of threats targeted by Malwarebytes.

[Carson70]

MB v3.8.3

[Porthos]

21 minutes ago, Carson70 said:

MB v3.8.3

Now you have the second 2 choices basically with the newer versions of Win 10.

If you want Defender active as well then it is never register.

If you do not want Defender, leave it as default. "Always Register"

Malwarebytes qualifies as a AV replacement now so it will disable Defender by default like any other AV program. (as far as Windows/Microsoft is concerned.

I saw this coming so I set all my clients to never register since ver 3.0 and the Malwarebytes process maintained that setting during the upgrade to 4.0

The reason Malwarebytes does not register correctly on some computers is usually because of leftovers from other 3rd party AV programs even after using the associated removal tool.

Edited April 12, 2020 by Porthos

[cybot]

On 4/11/2020 at 6:40 AM, exile360 said:

Also, very long ago (either early in the lifecycle of Windows 7 or not long before 7 was released if I recall correctly), Malwarebytes would register with the Windows Action Center/Security Center as anti-spyware protection, however this category of protection does not exist in all versions of Windows so in order to register with Security Center consistently Malwarebytes had to seek classification as valid AV protection which they finally received from Microsoft after going through the validation process with Microsoft (which took quite a lot of time and effort from what I recall, including proving the product to be sufficient at detecting common malware/viruses etc.).  I don't have a Windows 10 machine handy to check, but I believe the only classifications of protection in the Security Center in Windows 10 are for AV protection and firewalls with no third category of spyware/malware protection any longer as Microsoft now classifies spyware/malware protection under the same category as general virus protection (AV) since technically speaking, all malicious software are malware, including viruses and these days most if not all AVs classify themselves as general malware protection rather than just antivirus (even if some of their products still include 'anti-virus' in the title) as they all claim to offer protection from malware including viruses, rootkits, Trojans, ransomware, spyware, adware etc., the very same threats/classifications of threats targeted by Malwarebytes.

this is what i was refering too. it could register as anti-spyware and i guess later on, virus protection. I personally do not see MBAM as a anti-virus solution. I see it as more of a complimentary to Anti-virus solution and more of a Web Protection program. I am not the only one who agrees with this sentiment. if you google "is malwarebytes an antivirus program" you will find plenty of similair opinions. I also had a quote from an expert on anti-malware security, but i can't seem to find the link i went to that i saw the quote on.

 

Anyone who has issues running their AV side-by-side with MBAM should visit this link - https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/

spoiler - it basicly tells you to run MBAM the way I said i did in an earlier post in this thread. I.E. turn off the toggle for registering of MBAM in windows security center.

If my suggestion gets added, then I would defintitly have it registered as an Web Protection software since not not even the software i currently use  ESET Smart Security Premium or even Defender are able to register as Web Protection. by default windows has no web protection providers, and as far as I'm able to tell, the link in security center for "Find Security Providers" do not exist in the Windows Store.

[cybot]

On 4/11/2020 at 6:40 AM, exile360 said:

Also, very long ago (either early in the lifecycle of Windows 7 or not long before 7 was released if I recall correctly), Malwarebytes would register with the Windows Action Center/Security Center as anti-spyware protection, however this category of protection does not exist in all versions of Windows so in order to register with Security Center consistently Malwarebytes had to seek classification as valid AV protection which they finally received from Microsoft after going through the validation process with Microsoft (which took quite a lot of time and effort from what I recall, including proving the product to be sufficient at detecting common malware/viruses etc.).  I don't have a Windows 10 machine handy to check, but I believe the only classifications of protection in the Security Center in Windows 10 are for AV protection and firewalls with no third category of spyware/malware protection any longer as Microsoft now classifies spyware/malware protection under the same category as general virus protection (AV) since technically speaking, all malicious software are malware, including viruses and these days most if not all AVs classify themselves as general malware protection rather than just antivirus (even if some of their products still include 'anti-virus' in the title) as they all claim to offer protection from malware including viruses, rootkits, Trojans, ransomware, spyware, adware etc., the very same threats/classifications of threats targeted by Malwarebytes.

image attached shows the security provider page in Windows 10 Pro 190 build 18363.753

[cybot]

sorry i goofed.... and missed a digit from the windows image i posted above....  image is from windows 10 pro 1909 build 18363.753

[exile360]

While I concur that Malwarebytes is absolutely NOT an antivirus (nor do they claim that it is in any of their marketing materials or documentation), it IS technically an AV replacement, which is why they register as antivirus in Security Center now, because a user can run Malwarebytes alone and have sufficient protection, however as was always true of Malwarebytes, it is still developed to be largely compatible with other security applications, including most AVs, however classifying it only as 'Web protection' wouldn't work either since, as mentioned before, it does include real-time protection to guard against malware (including viruses) in memory, so it doesn't just filter websites and guard the network connections of the system (which is what a Web protection provider would be limited to in capability).

It is also for this reason that it doesn't make sense to classify Malwarebytes as just anti-spyware either, since it detects many more threats than just spyware.  Honestly, the only major differences between Malwarebytes and most traditional AVs are in how it monitors memory for threats, only acting on attempted execution rather than checking files on creation, download or access (most AVs monitor all filesystem activity in real-time, which is the primary reason it's a bad idea to run 2 AVs at the same time, because on-access solutions will analyze the same objects at the same time which can create a collision in memory resulting in a lockup between the two, possibly leading to system instability/hangs or even crashes/BSODs), and the other major difference is that Malwarebytes does not maintain a massive historical database of threats which no longer exist in the wild.  Instead, in order to optimize performance as well as reduce both the filesystem footprint on disk as well as the memory footprint (not to mention reduced scan times; another benefit of a smaller database), Malwarebytes' Researchers will remove old/outdated threat signatures which target threats which are no longer found in the wild and which Malwarebytes has not detected on any systems for a long time (information captured from all Malwarebytes installations by default) in order to reduce the size of the database by 'cutting the fat' from it since those signatures are no longer useful.  A great example would be a threat from the 1990's which only targets Windows 95; does it make sense for AVs to keep such threats in their databases?  I personally don't think so, and yet most of them do.  Malwarebytes would not, even if they did exist all the way back then because they remove signatures from the database as soon as they prove to be of no use to anyone.

Because Malwarebytes only checks objects attempting to enter memory/execute for its process/thread monitoring components, this prevents it from conflicting with traditional on-access AV engines, thus the user may still continue to run an AV alongside Malwarebytes if they wish, adding an additional layer of protection to their systems.

As far as Web Protection goes, as explained previously, it is one minor component of several in Malwarebytes' real-time protection layers and makes up a very small fraction of Malwarebytes' detection databases/rules.  These days Malwarebytes' primary direction and focus has been on being more proactive by leveraging more advanced detection techniques based on the behavior of processes rather than just identifying malware based on previously captured samples (the pure signature approach which at one time was all that most AVs offered, though most have followed in Malwarebytes' footsteps and others like them within the industry which have chosen to focus on behavioral and heuristics detection techniques in order to be more proactive).  Malwarebytes also uses Machine Learning/AI, as well as more defensive protection techniques such as process and system hardening through the Exploit Protection module, and of course Malwarebytes recently added the new Ransomware Protection module which detects ransomware primarily based on behavior, both in memory, as well as process activity interacting with system disks (i.e., if a process is attempting to delete and encrypt your files, Malwarebytes would detect and stop that activity, even if the ransomware infecting the system is completely new and unknown to Malwarebytes).

You can learn more about Malwarebytes' various protection modules/layers on this page, and you can get more specifics on Malwarebytes' official position with regards to being an AV replacement in this FAQ entry.

Edited April 12, 2020 by exile360