Conflict between MBAM Protection module and AV software?

[FoxTint]

Hi there, I'm new here

Just a few days ago I paid for the full version of MBAM, as I am really impressed with this piece of software!

But, just one thing is on my mind that is concerning me at the moment.

If I enable the Malwarebyte's Anti-Malware protection module (The thing that comes with the paid version that allows you to get MBAM to run in the background and scan your computer/internet sites for Malware, will it conflict with my Anti-Virus program - which is McAfee VirusScan Enterprise (8.5)

If someone could clear this up, I'd be ever thankful to you.

FoxTint

[Sartori]

Heres a section to help with that:

http://forums.malwarebytes.org/index.php?s...mp;#entry162098

[mtr12533]

Heres a section to help with that:

http://forums.malwarebytes.org/index.php?s...mp;#entry162098

I am having the exact same issue on 4 computers running Avast free and now Malwarebytes antimalware. They ran fine until I installed Malwarebytes realtime protection. They all freeze now.

I just removed Malwarebytes and Avast from 2 of them. Even though I paid for Malwarebytes I cannot run it yet. I install AVG and Avira as a test on these two and have not had a lockup yet. I may try and reinstall MBAM.exe if they are OK

[Sartori]

Heres the files you need to add to your exclusions in your Antivirus programs:

Also theres this section for AVG:

http://forums.malwarebytes.org/index.php?s...mp;#entry167851

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

* C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

* C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

* C:\Windows\System32\drivers\mbam.sys

* C:\Windows\System32\drivers\mbamswissarmy.sys

For 32 bit versions Windows Vista or Windows 7:

* C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

* C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

* C:\Windows\System32\drivers\mbam.sys

* C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

* C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

* C:\Windows\System32\drivers\mbam.sys

* C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

[noknojon]

Hi mtr -

Which of the 2 did you decide to leave on (AVG or Avira) as you can only leave one of them on at any time - Did you properly uninstall Avast as per the full given instructions - Never use more than one -

Many people here use either AVG or Avira or Microsoft Security Essentials as their choice of free antivirus - I did try Avast but Did not find it suited me only on a personal basis - I now only use MSE and find it is very good -

Thank You -

[daledoc1]

Hi there, I'm new here

Just a few days ago I paid for the full version of MBAM, as I am really impressed with this piece of software!

But, just one thing is on my mind that is concerning me at the moment.

If I enable the Malwarebyte's Anti-Malware protection module (The thing that comes with the paid version that allows you to get MBAM to run in the background and scan your computer/internet sites for Malware, will it conflict with my Anti-Virus program - which is McAfee VirusScan Enterprise (8.5)

If someone could clear this up, I'd be ever thankful to you.

FoxTint

Hi, FoxTint:

The experts here have already given you the best and most sound advice.

However, I will say that I am running the active protection module of the paid version of MBAM Pro 1.44 alongside my OEM Consumer (NOT Enterprise) McAfee Security Center (VS 13, SC 9 -- we are still waiting for the 2010 updates here in the US) without any problem.

I did take the trouble during the MBAM install to follow the expert advice provided about making sure that the MBAM exe files are allowed in the McAfee firewall. (I also followed the general -- though not universal -- recommendation to TEMPORARILY disable the McAfee FW and AV features during MBAM installation.)

I had some issues with MBAM Pro running at Windows startup on my other computer (that runs Webroot ISE, not McAfee).

So, to avoid any potential issues with that on the McAfee system, I don't have MBAM Pro active protection set to run at Windows startup.

Instead, I wait ~30 seconds until the system has fully booted before I manually start the MBAM Pro active protection.

If you find this too cumbersome, you can either try setting MBAM Pro to run at startup, or the MBAM folks here can send you a registry import that will set MBAM Pro active protection to start a couple of minutes after Windows startup.

Or, there is a standalone utility called WinPatrol (currently v 17) that includes a feature that allows one to set any application to a delayed start.

Anyway, MBAM Pro 1.44 active protection seems to work just fine alongside McAfee, at least on this particular platform and with the current software versions.

AND, MBAM Pro has been FAR more "protective", having blocked several real malicious IP attacks that the McAfee FW didn't even notice.

I feel much safer with it running in the background.

Hope this helps,

Daledoc1

[whatmeworry?]

FoxTint, though others have already given you some excellent advice, I thought I'd reply too, since I have used MBAM Pro with McAfee Enterprise 8.5 and now with 8.7. They work well together, as long as you lists the exclusion files for McAfee to ignore. If you're on XP, setting a delayed startup for MBAM also helps (I think a delayed startup is automatic for MBAM on Vista and Windows7). I use WinPatrol, and it makes setting delayed startups VERY easy.

[paulhafer]

My experience with Malwarebytes performance has been incredible...the free version has completely resolved massive malware issues on 2 pc's that had almost appeared hopeless...so, I bought the program and enabled its protection mode. However, I too am experiencing a conflict resulting in frequent freeze ups that I can only recover from by shutting down the pc (and my old dell laptop then reqires about 10 minutes to fully boot up)

I believe this thread references a remedy for a conflict with mcafee and avg, but can someone help me with a specific instruction for resolving a conflict with sebroot spysweeper? (In the meantime, I had to boot up in safe mode and remove malwarebytes)

Thanks, Paul

[paulhafer]

oh btw, I have XP Home SP3 - Paul

[noknojon]

Hi Paul -

Can you please list a bit more about your 'sebroot' spysweeper - There is only one listing in the whole of Google and I am having problems getting that page to load -If it is another antivirus program then it will cause problems with your McAfee -

Thank You -

resolving a conflict with sebroot

EDIT -I thought this may have been a misspell as it was not realy listed - That was why I asked-

[paulhafer]

Hi Paul -

Can you please list a bit more about your 'sebroot' spysweeper - There is only one listing in the whole of Google and I am having problems getting that page to load -If it is another antivirus program then it will cause problems with your McAfee -

Thank You -

Oh my I should proof read posts... my av is "Webroot Antivirus with Spysweeper" (fwiw: version 6.1.0.145 virus detection from Sophos). I dont have McAfee...Webroot is the only av on my pc, and its fairly good, but, clearly there is some conflict with Malwarebytes when I installed it and enabled its protectection mode...the pc will either freeze as soon as it boots up completely, or, it might freeze a few hours later. Thanks for any suggestions and help. Paul

[Jacktivity]

@ paulhafer

We don't currently have a write up for setting exclusions in Webroot but you should still be able to adapt your situation.

I'm not personally familiar with Webroot these days as I haven't used it since my last company, but look to see if there is an advanced setting you can use instead of the default. There may not be one. Not all A-V apps have them. If there is one, switch to that view.

Whether there is an advanced view or not, look for places you can put exclusions in beyond just an on-access/resident shield type setting. Particularly look for HIPS (Host Intrusion Prevention - sometimes Protection) or PUP's (Potentially Unwanted Programs) settings. HIPS and PUP's are generic names and various security vendors call them different things for marketing purposes. Also be looking for a place to allow MBAM through the firewall if one is included.

If you can exclude the entire directory for MBAM at C:\Program Files\Malwarebytes' Anti-Malware\ then do so. Otherwise, list the files individually as outlined above by Sartori. Check to see if you can do this on multiple-tabs on any sub-dialog boxes.

My experience in getting MBAM to run along side another AV program is that the user doesn't explore the AV settings enough. They typically stop after the first place they see to put the exclusions and then MBAM still won't work.

DaleDoc1 seems to think you need to also delay the start of MBAM's protection module. We do need to do that with some AV's, on some platforms, but not often. Those cases typically tend to be older XP machines. So far, I only know of one enterprise AV that requires this in Vista. If need be, we can accomplish that either internally with a registry switch or you can use a third party tool to delay protection start up.

[daledoc1]

@ paulhafer

<snip>

DaleDoc1 seems to think you need to also delay the start of MBAM's protection module. <snip>

@Paulhafer

Yup -- my first attempt at installing MBAM on the laptop (running Webroot ISE w/the same version Paul mentioned (6.1.0.145) did not complete properly, b/c I had neglected to temporarily disable the Webroot FW/AV during MBAM install. I ended up having to uninstall/clean/reinstall MBAM, making sure that Webroot was disabled during the installation. It went fine the 2nd time, although I did make sure to "allow" all the MBAM EXE files in the Webroot firewall and MBAM as a "trusted publisher".

However, I did find that -- even on this Win7 platform -- configuring MBAM active protection to start @ Windows startup *did* cause apparent conflict with Webroot (both applications hung/crashed). The easiest fix was to disable the MBAM "run at startup" feature, letting Webroot load completely and check for its updates *before* starting MBAM active protection. (Like Jacktivity said, this shouldn't be "necessary" on Vista or 7, but it does seem to be the case with Webroot products, and you can either do as I do (manually start MBAM active pro after bootup), use the reg import the MBAM folks can give you, or install WinPatrol, which allows you to configure MBAM (or any program) for a delayed start.)

I used to run Webroot products on my old XP box some years ago and did find a tendency to conflict with other programs, especially other security apps. So, I was not surprised to observe this issue, even w/today's current versions and a new OS. That said, the FW is quite sensitive and seems to work much better than the crappy McAfee FW on my other computer.

FWIW, there *is* no way for home users of consumer Webroot products to configure the FW beyond adding EXE files and "trusted publishers". When I tried to add the other MBAM files (DLL, SYS, REF, etc), I found no way to do it. I contacted Webroot support about this, and they confirmed that this isn't possible (or, according to them, necessary).

MBAM Pro (with a manual start to active protection ~1 min or less after bootup) seems to work fine on both the laptop running Webroot and the desktop running McAfee.

Anyway, this is just what happens on my system.

Yours might be a bit different, esp if it is running XP, not Vista or 7.

Best regards,

daledoc1

[paulhafer]

@ paulhafer

We don't currently have a write up for setting exclusions in Webroot but you should still be able to adapt your situation.

I'm not personally familiar with Webroot these days as I haven't used it since my last company, but look to see if there is an advanced setting you can use instead of the default. There may not be one. Not all A-V apps have them. If there is one, switch to that view.

Whether there is an advanced view or not, look for places you can put exclusions in beyond just an on-access/resident shield type setting. Particularly look for HIPS (Host Intrusion Prevention - sometimes Protection) or PUP's (Potentially Unwanted Programs) settings. HIPS and PUP's are generic names and various security vendors call them different things for marketing purposes. Also be looking for a place to allow MBAM through the firewall if one is included.

If you can exclude the entire directory for MBAM at C:\Program Files\Malwarebytes' Anti-Malware\ then do so. Otherwise, list the files individually as outlined above by Sartori. Check to see if you can do this on multiple-tabs on any sub-dialog boxes.

My experience in getting MBAM to run along side another AV program is that the user doesn't explore the AV settings enough. They typically stop after the first place they see to put the exclusions and then MBAM still won't work.

DaleDoc1 seems to think you need to also delay the start of MBAM's protection module. We do need to do that with some AV's, on some platforms, but not often. Those cases typically tend to be older XP machines. So far, I only know of one enterprise AV that requires this in Vista. If need be, we can accomplish that either internally with a registry switch or you can use a third party tool to delay protection start up.

Thanks Jack...I have been unable to find any place to exclude mbam in Webroot, in fact the only exclusion list I have is for some website cookies that I dont want the av to block or quarantine, and I sure havent found any HIPS or PUPS settings. Frankly I'm not stuck on this av, but I am VERY impressed with MBAM, so if there is a more mbam compatible av you could suggest, I would appreciate it.

Regarding the startup timing of mbam or the av, this is all pretty over my head, but I have noticed an odd occurence on every one of three pc's AFTER i've installed mbam where I was already using Webroot av: for some reason the av takes a LOT longer to start after a reboot, such that I get a windows security warning of no av, until finally it sets up. Its not a major deal, it does finally start, but unless I'm imaging things, something changes after running mbam on the pc that effects the startup of the Webroot av.

Anyway thanks again for the help, and I would like a mbam-friendly av suggestion if you can offer one.

Paul

[daledoc1]

Thanks Jack...I have been unable to find any place to exclude mbam in Webroot, in fact the only exclusion list I have is for some website cookies that I dont want the av to block or quarantine, and I sure havent found any HIPS or PUPS settings. Frankly I'm not stuck on this av, but I am VERY impressed with MBAM, so if there is a more mbam compatible av you could suggest, I would appreciate it.

<snip>

Anyway thanks again for the help, and I would like a mbam-friendly av suggestion if you can offer one.

Paul

@Paulhafer:

MBAM Pro runs fine with the entire Webroot ISE suite (FW/AV/AM), once you take care to install it properly.

It sounds as if you are only running the AV with Spysweeper (NOT the full suite with the Firewall, as I am)?

That may explain why you can't find a way to set firewall exclusions?

This concept applies to a *firewall*, so you would want to do the same thing for whatever firewall you are using on your system.

What Jacktivity was trying to explain -- I think -- is that the MBAM folks have prepared detailed instructions for how to do this for *some* ISS, but not all of them.

Webroot just isn't one of the ones they've covered.

But the process is the same.

It wasn't hard.

Security apps and suites are complex things these days, so it's not surprising that one needs to pay attention to a few details (especially during installation) in order to minimize conflicts and other problems when one runs a "layered" security approach on one's system.

At least that's been my observation over the years, as a nearly computer-illiterate senior citizen.

(FWIW, one major advantage for me with Webroot is that their tech support is based in North America. There is no perfect ISS, and they all have advantages and disadvantages.)

Regards,

daledoc1

[xxEIEIOxx]

I'll add myself to the list of those having a problem. I have been using the free version for a while and decided to buy 2 licenses yesterday. On my desktop machine I notice that it does cause some things to lag (it causes more slowdown than antivirus does) but it does not cause major problems.

I enabled protection on my laptop and I can't even get past logging in. I get to the desktop and the CPU goes to 100% and everything freezes. I had to power off and boot into safe mode and uninstall it to be able to do anything. I am running Windows 7x64 on both machines and set all of the exclusions as listed here.

I am running it with ESET Smart Security because I have seen that as the most recommended pairing with this product. I also have licenses for Kaspersky Internet Security, Outpost Security Suite, and Norton Internet Security if any of those give better results. I'm not sure what the conflict on the laptop is, I try to keep the software setup the same on both machines, but the hardware is obviously different.

I am not running any other security software on either machine than the ESET Smart Security, so if that is not the conflict I am not sure what is. Hopefully we can discover what the issue is.

[Jacktivity]

@paulhafer

Well...

I was just about to suggest ESET Smart Security 4 or ESET NOD32 as likely being a compatible paid solution when xxEIEIOxx posted about his trouble. I did some limited testing for two or three days, a week or so ago, on XP SP3, between ESET Smart Security 4 and MBAM 1.44. I tried it without any exclusions and didn't appear to have any trouble except one time. I'm still not sure what caused it and hesitate to blame it on the two. The problem occurred while I was doing some other testing at the end of this one so they may not be related. I never had any boot up problems. One of the things that impressed me about ESET SS4 was how extremely configurable it is. That can be good if you like to tweak things, but can also backfire and be trouble, or at the least, an annoyance for some people. I would venture to say it is the most configurable AV I've seen targeted at home users. As you know from my previous posting, I haven't seen them all though. I hope to be able to do a retest in the not too distant future.

I have also used the free version of Avira AntiVir on numerous home machines running XP and Vista, both x86 and x64 for a year and a half without needing any exclusions for MBAM. I've read that exclusions are required for Avira's paid-for premium version. This is likely to be the case for most AV's. As Daledoc1 pointed out, AV's and layered security have become a little complex and generally need some tuneup and attention to detail in order to avoid problems.

We also normally recommend

• Kaspersky - Paid but with 30 day trial - will need some tweaking. For detection rates, general consensus seems to favor this one.
  
• MSE - Free for home use - will need some tweaking
  
• Avast - Users are experiencing difficulties right now with the latest version. Hopefully, this will be sorted out soon. There is another thread about it here in the General Forum.
  

If you're willing to spend some time, I'm sure we can come up with a solution that works for you. As I recall, when Daledoc1 first came on the board he didn't appear to be too keen on the idea of all the tweaking that may be necessary and didn't seem to really be sold on the idea that MBAM real time protection was all that. It looks to me like we made a believer out of him after all. Some folks come on the board for one problem and then we never see them again. He's still here though and contributing.

@daledoc1 - It sounds like you understood me completely. I do have some other write ups in mind because of the support testing I do. I just need to get the time. I'm also waiting for some board updates to help accommodate the write ups.

@xxEIOEIOxx - Please start a new topic for this in this forum and you can reference a link to this one. Only reason I say that is to help keep things neat and orderly. Once in a while some of these topics get overrun with too many users with similar symptoms that may or may not be related and it becomes really hard to follow along. Sometimes people do get lost in the shuffle because of it. Granted, just looking at the title, this was the perfect place to post it. Thanks for taking the time to look around a little first - a lot of people don't. We really do appreciate it.

Before you do that though, please take a look at the FAQ and perform the clean removal process as outlined in Section A: Solution 7. Not that you have a license issue; sometimes this just solves some other unexplained problems and it's easy and fairly quick. Make sure to install as an administrator and to disable ESET during the installation.

Meanwhile, if you do still have problems, you don't need to uninstall MBAM again. Reboot in safe mode as you did before, then go to the Protection tab and un-tick the check box to start with Windows and boot normally. Wait a few minutes till everything settles down, then try to enable the protection module from the Protection tab and see if you still have problems. This will help see if it's just a boot/timing problem or not.

After all this, if something is still not right, please start the new topic stating what you've done and the results.

Thanks,

[xxEIEIOxx]

@paulhafer

Well...

I was just about to suggest ESET Smart Security 4 or ESET NOD32 as likely being a compatible paid solution when xxEIEIOxx posted about his trouble...

@xxEIOEIOxx - Please start a new topic for this in this forum and you can reference a link to this one. Only reason I say that is to help keep things neat and orderly. Once in a while some of these topics get overrun with too many users with similar symptoms that may or may not be related and it becomes really hard to follow along. Sometimes people do get lost in the shuffle because of it. Granted, just looking at the title, this was the perfect place to post it. Thanks for taking the time to look around a little first - a lot of people don't. We really do appreciate it.

After all this, if something is still not right, please start the new topic stating what you've done and the results.

Thanks,

On your suggestion for ESET Smart Security, don't let me stop you, I found out that isn't the issue. I removed ESS and had nothing installed but MBAM and as soon as I enabled protection and tried to launch Firefox the machine just froze, no other security software installed whatsoever, Windows Defender disabled. Had to force it off, Windows would not respond to anything. The CPU gadget shot up to 100% immediately before it stuck, the clock stopped, etc. Just wanted to clarify to anyone already reading this thread that ESS is not at issue here.

I will go ahead and start a new thread when I have more info. It looked like something that should go here and as a new member it takes a post or two to find the procedures at a particular forum. Thanks for the response.

[daledoc1]

@paulhafer

<snip>

If you're willing to spend some time, I'm sure we can come up with a solution that works for you. As I recall, when Daledoc1 first came on the board he didn't appear to be too keen on the idea of all the tweaking that may be necessary and didn't seem to really be sold on the idea that MBAM real time protection was all that. It looks to me like we made a believer out of him after all. Some folks come on the board for one problem and then we never see them again. He's still here though and contributing.

Other than the fact that I'm a "she", not a "he", I would tend to agree with you.

daledoc1

[daledoc1]

On your suggestion for ESET Smart Security, don't let me stop you, I found out that isn't the issue. I removed ESS and had nothing installed but MBAM and as soon as I enabled protection and tried to launch Firefox the machine just froze, no other security software installed whatsoever, Windows Defender disabled. Had to force it off, Windows would not respond to anything. The CPU gadget shot up to 100% immediately before it stuck, the clock stopped, etc. Just wanted to clarify to anyone already reading this thread that ESS is not at issue here.

I will go ahead and start a new thread when I have more info. It looked like something that should go here and as a new member it takes a post or two to find the procedures at a particular forum. Thanks for the response.

@xxEIEIOxx:

I'm no expert -- just that mostly computer illiterate senior citizen again -- but what you're describing kinda sounds like a Windows problem, rather than an MBAM problem per se?

(Not to mention that, if you're running FF 3.6, it's a bit buggy and has its own share of "issues". Have you tried another browser, such as Opera, to see if it has the same problem?)

But I assume you've already considered that.

And you've probably already tried rolling back to a Windows RP.

FWIW, my systems are both 32-bit -- Vista Ultimate SP2 on the desktop (OEM McAfee Security Center) and 7 Pro on the laptop (Webroot ISE).

MBAM Pro does seem to be running fine (WITH active protection) on both.

I know that Win 7 (X64) still has its issues insofar as some software and drivers are concerned. Software in particular has been slow to catch up for X64 for some reason, though I assume that MBAM Pro has been fully tested in that environment.

But you've probably already thought of that, too.

Sorry, I'm really not much help.

I do hope you get it sorted out, though.

I can appreciate your frustration.

Computers just stink sometimes.

*Ms." daledoc1

[Jacktivity]

Other than the fact that I'm a "she", not a "he", I would tend to agree with you.

daledoc1

Oops! Sorry for the assumption MS daledoc1 Now I know better.

You can safely refer to me as "he"

[Guest]

Avast have now posted a beta build which tries to fixes the problem with MBAM.

http://forum.avast.com/index.php?topic=55365.0

[paulhafer]

Thanks very much Madam daledoc1 and Jack...after I uninstalled MBAM, I shutdown Webroot (obviously should have thought of this the first time) then re-installed MBAM. I also start up MBAM protection manually after windows start up (the laptop stays on basically 24/7). I think that the only firewall I have is windows firewall, and its on. But so far everything is now running fine with no freeze at all. Thank you again for the help. Paul

[daledoc1]

Thanks very much Madam daledoc1 and Jack...after I uninstalled MBAM, I shutdown Webroot (obviously should have thought of this the first time) then re-installed MBAM. I also start up MBAM protection manually after windows start up (the laptop stays on basically 24/7). I think that the only firewall I have is windows firewall, and its on. But so far everything is now running fine with no freeze at all. Thank you again for the help. Paul

Hi, Paul:

Glad it's working for you.

Just to be clear, though, I DO have the WISE FW enabled and it works fine with MBAM Pro active protection (with the minor tweak of starting MBAM active pro AFTER system boots).

I only TEMPORARILY disabled the WISE FW during the MBAM installation. I turned it back on after installed MBAM.

You should probably be able to do the same thing, so long as you've set all the FW exclusions for the MBAM exe files.

Or you could just stick with the Windows FW, I suppose.

See ya,

daledoc1

[paulhafer]

Hi, Paul:

Glad it's working for you.

Just to be clear, though, I DO have the WISE FW enabled and it works fine with MBAM Pro active protection (with the minor tweak of starting MBAM active pro AFTER system boots).

I only TEMPORARILY disabled the WISE FW during the MBAM installation. I turned it back on after installed MBAM.

You should probably be able to do the same thing, so long as you've set all the FW exclusions for the MBAM exe files.

Or you could just stick with the Windows FW, I suppose.

See ya,

daledoc1

Thanks daledoc1...but I think I spoke too soon...completely froze sometime overnite, with my only option to power it off. Rebooting my 5 year old dell laptop is kind of almost a 10 minute ordeal, but after restarting, I'm just going to leave MBAM protection off, and just manually run it from time to time. My schedule just doesnt allow me much more trouble shooting time. Thanks again, Paul