New rules.ref file - how recognized re Protection?

[dallas7]

I haven't had much luck in timing my attempts to observe what happens when a new rules.ref file arrives while running MBAM Full with Protection on a system with Internet connectivity.

Does MBAM just "know" the old one got replaced?

Or does MBAMService stop and start after its arrival?

Or what?

I'm curious about how that works in respect to dropping the new file manually onto a system with no Internet (LAN only) connectivity.

OK. I lied. I really want to know because I'm a Geek and lie awake at night wondering about this.

Thank you!

[dallas7]

I'm curious about how that works in respect to dropping the new file manually onto a system with no Internet (LAN only) connectivity.

Oops. That should read: I'm curious about how that works in respect to dropping the new file manually onto a system running MBAM Full with Protection with no Internet (LAN only) connectivity.

[AdvancedSetup]

It works just fine as the file is not open for lock unless you're already scanning.

[dallas7]

Thanks for the reply. However, I can only guess at what you mean by "file not open for lock" nor am I asking or needing you to explain. In re-reading my original post, there is no mention of scanning either.

My questions still remain unanswered.

Let me rephrase: on an unconnected system running MBAM with Protection, a new rules.ref file is copied into its directory. Does Protection immediately begin to use the new data? If not, what further step(s) must be taken to do so?

Thank you!

[exile360]

Hello B)

You can check by monitoring the process mbamservice.exe via the Task Manager at the point where you copy the rules.ref file into place. If it's CPU usage spikes and the amount of memory being used by it begins changing then it is loading the new database. You can also tell by looking in the latest Protection Log as it will show whether or not it has registered an update.

If it does not recognize and load the new DB then rebooting the computer would make it load the new one.

[AdvancedSetup]

You must restart the Protection Module in order for it to use the new database.

[dallas7]

@exile360: I use Process Explorer and TCP View (both by Sysinternals) and Winterholler's NetMeter. But as stated in my OP, I haven't had much luck in timing my attempts to observe the behavior I'm interested in. Fortunately, I've been busy lately which is why I posted up here on this. Thanks for the tips, tho.

@AdvancedSetup: I don't see anywhere in the MBAM Pro/Full/Paid GUI that jumps out at me on restarting the Protection Module.

I see thread(s) here where the discussion centers on updating unconnected systems for the free version of MBAM. Of course, you copy the file over and then open MBAM.

I'm still in the dark on what's involved in getting Protection to recognize a new rules.ref file when it's dropped onto an unconnected system.

@AdvancedSetup: how do you restart the Protection Module?

Thank you.

[AdvancedSetup]

@dallas7

I'm sorry but you appear to be using the program well beyond the scope of a home user. Any use for business requires either a Technician's License or a Corporate License. With that license comes direct support from the Corporate Support Team via email where they will be happy to assist you as best as possible.

If you have either a Technician's License or Corporate License then please send me a Private Message with your full contact information and either myself or someone else from the support team will contact you via email for further assistance.

Thank you.