Kaspersky isn't too happy with MBAM, huh?

[FatCat0623]

I was updating MBAM to the latest 1.42 version when Kaspersky Internet Security 2010 flagged its installation file in the TEMP folder as suspicious, later on labeling it as a generic malware and blocked it...i have to turn off Kaspersky in order to complete the installation.

Everytime i installed MBAM on a fresh copy of Windows or on a different PC with Kaspersky installed, Kaspersky also flagged the driver installed by MBAM during installation as being suspicious which clearly isn't. Maybe it was due to Kaspersky's default heuristic level settings (medium) that contributed to the false positive, but aside from lowering the heuristic protection, can't MBAM do something to make Kaspersky accept the installation and driver as legitimate?

[mountaintree16]

I'm PMing one of our experts here for you who also uses Kaspersky and Malwarebytes together, he'll be able to help you better with this

[FatCat0623]

Okay, many thanks to mountaintree16! =D

[mountaintree16]

Not a problem

[GT500]

We are using more stealthy methods of installing our drivers in the new version, and Kaspersky is flagging it because they don't yet know what it is. Just let them know that it's safe, and they should update their database accordingly.

[exile360]

Kaspersky always flags an MBAM installation because of its heuristics. This detection is made strictly based on behavior, not on actual threat identification and Kaspersky has no whitelist (meaning list of programs marked as safe when detected) so this detection will continue every time a new version of Malwarebytes' is installed. I simply have it ignore the detection each time I'm installing Malwarebytes' as the installation completes fine, that way you don't have to turn Kaspersky off during the process but you still avoid it interfering with MBAM's installation .

[FatCat0623]

Thanks to GT500 & exile360 for the explanation. FYI i always turn Kaspersky off completely, because i just want to be assured that Kaspersky doesn't simply remove anything from the installation. After all, turning the protection off and on again after i complete the installation shouldn't be too much of a problem.

About the fact that Kaspersky always flagged MBAM's installation...did the team ever consider contacting Kaspersky about it?

[Baz.]

Hi,

I explained this behaviour a few versions back: http://www.malwarebytes.org/forums/index.p...ost&p=85020

Short version, in the case of MBAM, it is safe to allow.

[CCMUA2009]

Hi,

I explained this behaviour a few versions back: http://www.malwarebytes.org/forums/index.p...ost&p=85020

Short version, in the case of MBAM, it is safe to allow.

I know Norton detects mbam.exe as suspicious, but it does not bloack it

[GT500]

...

About the fact that Kaspersky always flagged MBAM's installation...did the team ever consider contacting Kaspersky about it?

If a random company drops by and says "stop blocking our product", then an AV vendor isn't that likely to care. They get a lot of threats from little companies, and they ignore most of them.

If the users of an anti-virus software start complaining in large enough numbers about such a thing, then an AV vendor has to take notice. Companies tend to get scared if a large enough number of customers get mad at them.

[exile360]

Agreed GT, but I see no reason for Kaspersky to ignore it, as this is what Kaspersky's protection is supposed to do in this case, monitor and warn the user about hidden driver installations which could potentially be a rootkit installation. I believe MBAM uses this method to actually fight against rootkits, but sometimes the methods required to fight the nasties means using some of the same tactics they use.

As I said before, I don't believe there's a whitelist with regards to Kaspersky's heuristics, although there is one for their HIPS, but the HIPS module is only in KIS, not KAV.

[paddy murphy 51]

I know Norton detects mbam.exe as suspicious, but it does not bloack it

Norton prevents malwarebytes from accessing certain Norton files, it does this with any software that behaves like malewarebytes, it does the same with Super-anti-spyware. Norton should not however be continuosly detecting mbam.exe as suspicious, if it is there is a problem. I use Norton 360 and I do not get this.

[SaferNet4All]

I hope I'm not flogging a dead horse here, but ...

I've been running Malwarebytes' Anti-Malware quite happily alongside KIS 2009 (8.0.0.506 ) for six months. No qualms, KIS '09 did insist I uninstall Spybot S&D however on install, but them the breaks.

I'm talking about a Licensed KIS .

I decided to update to KIS 2010 (9.0.0.736) about a week ago. It was a disaster of many facets of which I was unable to unravel, reverted back to KIS 2009, after three days of advice.

To try to cut a long story short, and leave out the juicy conflicts I had with the hardly less than useless "helpers" @ https://forum.kasperskyanz.com.au/index.php?showtopic=146 (No malice intended . Really I can't get into that here obviously, sorry . When someone says I have Malware on my machine I expect them to know what it is, and to be sure )

I'm the one who objects to being told I have Malware, and is replied to when questioning "why" ;

the helper saying, "Why do I believe them to be malware? To bo honest, I'm not sure."

So I Emailed Tech support after submitting a GetSystemInfo .log to them.

This is their reply why can't install KIS 2010 (9.0.0.736):

HI,

You have incompatible software

Please remove them

You have malwarebytes and spyware blaster

Go to start > control panel > add / remove programs

Remove both of them

Please clean up your temp folder (delete the whole file on this folder)

C:\Documents and Settings\Xxxx\Local Settings\Temp

Regards,

Kaspersky ANZ Consumer Support

Mon-Fri 8:00 am - 6:30 pm AEST

support@kasperskyanz.com.au

Phone: 1300-762-833

(03) 9005-1669

NZ: (09) 887-0355

sms06

I'm pretty well at my wits end, as I'm sure that Kaspersky Internet Security 2010 had been adapted to accept Malwarebytes' Anti-Malware ?

Reading posts here after recieving Email from Kaspersky support lead me to post here.

The problems I encountered with KIS 2010 ranged from let's just say strangely erratic behaviour at the most inconvenient times. (Rookit scanner on the hour, although disabled)

Please if someone has knowledge further than I about these incompatibilities they'd be most welcomely recieved, and of course the Kaspersky problems aren't what I'm asking about, it's the sudden incompatibility of Malwarebytes' Anti-Malware with KIS 2010 which I'm not sure of stated in above Email.

I have spent more time already than I'm willing to find out why I can't get a clear fix or answer from Kaspersky .

Kind Regards.

[exile360]

Kaspersky isn't incompatible with most of the software that KL support and the forum members there claim it is (this includes much of the softwares it forces you to uninstall, such as Spybot Search & Destroy). For proof just take a look at my signature, I run all of that alongside KAV and it works just fine even though KAV wanted me to remove most of them as well .

As for the rootkit scan, it runs in the background with KAV\KIS regardless but the issue where it gets stuck at 99% has been corrected so it doesn't take too long now thankfully. I had suffered some serious performance problems as well, but the latest patch released by Kaspersky which downloaded and installed with the definitions fixed those issues .

Now, as for KIS\KAV not working with MBAM, they work just fine together, KL is just another AV company who doesn't want to have to support system configurations that include third party software that might cause conflicts with their software (I say might because I've never seen them present any evidence that any of the software that I use that they claim is incompatible is actually incompatible ).

And of course, finally, there's also a nice feature built into KAV\KIS, it's listed under Settings and it's called Threats and Exclusions. This function can be used to exclude the files and processes of the various other security softwares you have installed and will thus help to avoid any potential conflicts between them.

[Baz.]

SaferNet4All:

Hi,

They may suggest removing other security related software in order to rule out a conflict is causing the install to malfunction. You can obviously reinstall it afterwards if it doesnt solve your issue.

The helper you talk about on the other forum is just a forum user like yourself so your words are pretty harsh and uncalled for, norwegian is quite a well respected member of the main Kaspersky boards too (which are at forum.kaspersky.com) but he is not a HJT log worker or Kaspersky employee and was simply giving you an opinion. Beating someone down because they haven't graduated from a malware removal school isn't exactly nice.

[exile360]

They may suggest removing other security related software in order to rule out a conflict is causing the install to malfunction. You can obviously reinstall it afterwards if it doesnt solve your issue.

I understand that, and it does make sense (unless you're talking about the free version of MBAM which loads 0 drivers unless the scanner is running). Eliminate all variables to track down the root of a problem. That's not really my issue with the KL method, mine is only with the installer which now forcably removes most other installed security apps claiming incompatibility when I've never seen or read any evidence that most of them were incompatible.

As for what the support person said, that is just standard procedure, as I said, it's not their job to support third party security software, which includes testing for incompatibility so it's safest to have users remove it, at least temporarily, until the problem is corrected, but again, this is unrelated to what the installer for their softwares does (which can be circumvented by a command line switch).

[SaferNet4All]

Thanks for your insights into the inner workings (Politics) of AntiMalware provider's. Funny, I've been using Kaspersky products for about two years and not come across any problems really .

Anyhoo ... exile360 you've given me some good info to work with, thankyou. I notice though you have KAV 2010, not KIS . Wouldn't this change things, i.e. compatability issues ? I'll read this over when I have some spare brain cells. Thanks for replying .

@Baz.

You can obviously reinstall it afterwards if it doesnt solve your issue.

Damn, no one said anything obvious, thankyou !

If someone tells me I had four infected files, which took about a Nanosecond to dispell, and when asked, Please; why do you believe them to be indication of Malware ? And your source, thanks and you get a reply; "Why do I believe them to be malware? To bo honest, I'm not sure." It really is disconcerting, not that I want to be mean to anyone volunteering their time, I don't know of any reputable Forum I could say such a thing

My teachers used to say my text was a waste of Bandwidth, ( it worried me a lot ) :) , just to toughen me up against bad people like myself.

Plus heck, I did apologise.

I'm sorry, I was very angry and tired after trying to understand the settings in the new KIS 2010.

I've given this Software a really good looking over and it is too complex and buggy for everyday use, in my opinion, who knows why ? Too much of my time has been spent on this .

Cheers and thankyou for your insights

Hmmm, so I'm staying with KIS 2009 , and hey don't go updating Mozilla Thunderbird 3 if your running Kaspersky, KIS xxx .

[Einstein]

Hello guys, I reported this false positive to PDM Team of Kaspersky, cause is a generic detection of the heuristic.

I installed MBAM a few minutes ago and nothing was detected here (using KAV 2010).

If the detection still persists, please warn me

[JerryM]

I went back to KIS 2010 a few days ago. On both computers I had MBAM paid. There have been no problems. I had some trouble with KIS and SAS Pro on one computer, but have not tried it on this one.

I think one needs something like MBAM or SAS to run alongside the AV. I think if KIS would not run with either I would ditch it, and go to either Avira or F-Secure. Both run well with both on my machines.

Regards,

Jerry

[exile360]

Thanks for your insights into the inner workings (Politics) of AntiMalware provider's. Funny, I've been using Kaspersky products for about two years and not come across any problems really .

Anyhoo ... exile360 you've given me some good info to work with, thankyou. I notice though you have KAV 2010, not KIS . Wouldn't this change things, i.e. compatability issues ? I'll read this over when I have some spare brain cells. Thanks for replying .

You've very welcome

It could make a difference (KAV vs KIS), but generally doesn't especially when you take a look at their incompatible software lists:

From here:

Even if your previous security software is not in the official list of incompatible software, removing it prior to installing Kaspersky is recommended.

Kaspersky incompatible software lists:

• Kaspersky Internet Security 2010
  
• Kaspersky Antivirus 2010
  
• Kaspersky Internet Security 2009
  
• Kaspersky Antivirus 2009
  

Processing exclusions for your other security programs in Kaspersky as described here (a link that exists in Malwarebytes' own FAQ located here ) will usually prevent any conflicts.

Anyway, long story short: I love Kaspersky, but they like any other software vendor do have the occasional hiccup with their software, but like any good vendor they are also quick to correct problems, at least they have been as long as I've been using their products (since version 6).

[Rage Skywolfe]

I hope I'm not flogging a dead horse here, but ...

I've been running Malwarebytes' Anti-Malware quite happily alongside KIS 2009 (8.0.0.506 ) for six months. No qualms, KIS '09 did insist I uninstall Spybot S&D however on install, but them the breaks.

I'm talking about a Licensed KIS .

I decided to update to KIS 2010 (9.0.0.736) about a week ago. It was a disaster of many facets of which I was unable to unravel, reverted back to KIS 2009, after three days of advice.

To try to cut a long story short, and leave out the juicy conflicts I had with the hardly less than useless "helpers" @ https://forum.kasperskyanz.com.au/index.php?showtopic=146 (No malice intended . Really I can't get into that here obviously, sorry . When someone says I have Malware on my machine I expect them to know what it is, and to be sure )

I'm the one who objects to being told I have Malware, and is replied to when questioning "why" ;

the helper saying, "Why do I believe them to be malware? To bo honest, I'm not sure."

So I Emailed Tech support after submitting a GetSystemInfo .log to them.

This is their reply why can't install KIS 2010 (9.0.0.736):

HI,

You have incompatible software

Please remove them

You have malwarebytes and spyware blaster

Go to start > control panel > add / remove programs

Remove both of them

Please clean up your temp folder (delete the whole file on this folder)

C:\Documents and Settings\Xxxx\Local Settings\Temp

Regards,

Kaspersky ANZ Consumer Support

Mon-Fri 8:00 am - 6:30 pm AEST

support@kasperskyanz.com.au

Phone: 1300-762-833

(03) 9005-1669

NZ: (09) 887-0355

sms06

I'm pretty well at my wits end, as I'm sure that Kaspersky Internet Security 2010 had been adapted to accept Malwarebytes' Anti-Malware ?

Reading posts here after recieving Email from Kaspersky support lead me to post here.

The problems I encountered with KIS 2010 ranged from let's just say strangely erratic behaviour at the most inconvenient times. (Rookit scanner on the hour, although disabled)

Please if someone has knowledge further than I about these incompatibilities they'd be most welcomely recieved, and of course the Kaspersky problems aren't what I'm asking about, it's the sudden incompatibility of Malwarebytes' Anti-Malware with KIS 2010 which I'm not sure of stated in above Email.

I have spent more time already than I'm willing to find out why I can't get a clear fix or answer from Kaspersky .

Kind Regards.

lol I ran into something similar to that after the 736 version had just been released. my problem was with slow startups just after windows updates. and because they found two errors in my event viewer from the GSI log their responce was to reformat the system. ok I am running 64 bit vista home premium and getting driver errors and sometimes com+ errors in event viewer. the computer itself runs fine no hints of malware anywhere and yet their reaction is to reinstall the os. that particular error is due to the ps/2 keyboard driver. so I did an experiment last week. plugged in a ps/2 keyboard and the error messages were gone. when I just have the usb devices in (keyboard and mouse both) I get The following boot-start or system-start driver(s) failed to load:

i8042prt the guy in the e mail from Kaspersky said it was a critical driver and should have loaded anyway.... if it is so critical then why does it only show up when USB devices are plugged in and not when the standard PS/2 is.....doesn't seem to me that that would need a reinstall just for one little thing lol

[JerryM]

I have been running KIS 2010 for about a week. I am also running MBAM on both computers real time without a single problem. When I installed KIS I also had SAS Pro which KIS removed.

Today I reinstalled SAS Pro and am running it in real time on my laptop along with Win Patrol Pro, and MBAM also in re al time. So far there have been no conflicts or problems.

I wonder if there could be a conflict between SAS and MBAM with both running real time if there was an attempt to penetrate my system by malware since both are protecting from much the same types of malware? Would it be better from a potential conflict standpoint to run one real time and the other on-demand?

Thanks,

Jerry

[exile360]

I know of no conflicts between MBAM and SAS in realtime, in fact, I use both together myself.

[GT500]

I know of no conflicts between MBAM and SAS in realtime, in fact, I use both together myself.

There should be conflicts running both in real-time. That is the nature of the beast.

[exile360]

There should be conflicts running both in real-time. That is the nature of the beast.

They both have an Ignore function, so as long as you ignore the detection in one and have the other remove it should they both detect the same item, you'll be fine (I've tested it, the same also applies to Windows Defender). AV's work differently most of the time, that's why they tend to conflict with one another.