Jump to content

Using Malwarebytes on Chrome OS to scan Windows files?


Recommended Posts

Would using Malwarebytes installed on Chrome OS to scan common Windows file types (images, programs, pdf, etc) be just as thorough as scanning those same files using Malwarebytes from a Windows PC?

If one is using Malwarebytes installed on Chrome OS, do malware definitions include all of the definitions found on the Windows version of Malwarebytes (and vice-versa)?

Link to post
Share on other sites

That's not an proper application of Malwarebytes' Anti-Malware ( MBAM ).  MBAM is designed to be installed through the OS in question to take advantage of the Kernel level capability and modules such as; Web Protection, Anti Exploit and Anti Ransomware.

MBAM does not target scripted malware files via signatures.  That means MBAM will not target; JS, JSE,  PS1, PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents via signatures such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets PE binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.  This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.

Image.jpg.25e3a1569e1289737b7bd75486c831

 

MBAM's implementation of its Anti-Exploit module is a way to act not of a file pattern or file recognition (aka; signature) but upon a file's action or actions it may take and/or how the OS and its components and applications handle it.  For example take a Java based Remote Access Trojan ( aka JRAT ).  MBAM will not target a Java Jar or the .CLASS files via signatures but the actions the RAT takes in creating the Java Virtual Machine Environment for the RAT to exist in will be blocked.  Or take a MS Word document that has a malicious VB Macro that downloads and executes some payload like a password and/or data stealer.  MBAM will block Microsoft Word from the download and prevent the system from possibly being compromised.  Or take a MPEG  file that was designed to exploit the Windows Digital Rights Management ( DRM ).  MBAM will not detected that MPEG as a Wimad Trojan but it will prevent the DRM Exploitation attempt.

Additionally, each flavour of MBAM (Android, MAC and Windows) uses its own library of signatures so a MAC will not detect Windows malware and a Windows PC will not detect MAC malware, etc.  That is true also on Virus Total.  The Engine and Signatures on Virus Total are only for Windows so it will not reflect Android and MAC malware.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.