Jump to content

Malwarebytes, AVG ID Protection Question


Recommended Posts

Hi,

I installed MWB Anti-Malware a year or so ago, and also have the latest, up-to-date version of AVG Internet Security on my computer. The other day, I downloaded a zipped mod for a game, and scanned it with both MWB and AVG. A few minutes later, AVG Identity Protection gives me a message telling me that it has noticed a potentially harmful file- mbamswissarmy.sys, which is located in c:\windows\system32\drivers.

So I did a search for mbamswissarmy.sys on the net, and it seems like it's just AVG detecting part of MWB as a false positive, from what I've read. However, I'm curious about why the Identity Protection would flag the file as a problem shortly after I downloaded and scanned the zipped mod. In the past, I've run scans with MWB loads of times, and AVG's Identity Protection has barely ever given me warnings before. It only did so once previously. This happened when I downloaded a game editor called Quark, and a mini-python installer package with it. A few minutes after I scanned these items with AVG/ MWB, AVG Identity Protection also warned me about mbamswissarmy.sys.

So does this seem like normal behaviour? Or is it possible there might be some kind of malware in the zipped mod/ Quark & mini-python installer? i.e. something that could be interfering with mbamswissarmy.sys? Otherwise, why would AVG Identity Protection only warn me about it just after I've scanned these files? Why wouldn't it alert me about it after scans of other files, too?

If anyone's interested, the Quark game editor can be downloaded from this page:

http://quark.sourceforge.net/download.php

The version of Quark I installed was 6.3, and I also downloaded the mini python installer from the bottom of that page. Unfortunately you need to log in to fileplanet to get either of them. I would give out the url to the mod, but it's currently in testing and the maker doesn't want it distributed yet.

Thanks for the help.

Link to post
Share on other sites

Hello springer_1988, :P

Please exclude the following files from your antivirus, according to the version of your Windows:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products. It is worthwhile for you to read Section H of the FAQ as it is about AVG.

Please post back if you have any further problems. If the problem still exists after adding the exclusion list to AVG (and maybe firewall), please tell which operating system are you using.

Thank You :P

PS Please use the "ADDREPLY" t_reply.gif button instead of other ones when you start replying. :P

Link to post
Share on other sites

Hello :P

Might I also add that it is good practice to temporarily disable your AVG whilst installing Malwarebytes :angry:

My AV also pops up with a "suspicious driver" alert when I install Mbam if I forget to temporarily disable it. It's just due to the nature of the drivers. Malwarebytes is obviously not malicious :P

As a side note, please use the ADD REPLY t_reply.gif button located at the bottom of the page when replying.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.