MBAM and KIS2011

[daledoc1]

Hi, all:

Well, courtesy of "the big red M", I had to restore my DT to the factory image last weekend (Thanks, McAfee! ).

I am now happily running KIS2011 instead, as I get everything reinstalled and back to normal.

Experts at the KL user forum are quite emphatic about NOT using MBAM Pro alongside KIS2011, for the usual reasons. (Bummer!)

They do seem to think MBAM Free should be no problem, so long as the proper exclusions are set.

I'm still on the steep part of their learning curve.

And although I am generally familiar now with the firewall settings UI, I thought I would check here about the detailed, SPECIFIC steps for MBAM installation and for setting the MBAM file exclusions in KIS.

1) I assume that I need to temporarily exit/disable KIS for the MBAM installation?

(I have found this to be necessary for re-installation of several other, routine, non-security applications for which this step was NOT needed when running McAfee. However, they make it easy, with a one-click "exit KIS" from the R-click context menu from the system tray icon.)

2) I have "show hidden files and folders" enabled in Windows, but I am not certain how to add the specific MBAM dll and other files. Does anyone know how?

3) Is anyone successfully running MBAM Pro with the active protection module AND KIS2011 11.0.1.400?

Thanks much in advance,

daledoc1 (happy with KIS, but experiencing "separation anxiety" from MBAM)

[noknojon]

Hi daledoc1 -

http://forums.malwarebytes.org/index.php?s...st&p=290077

This user seems to be getting on OK - Exile may also jump in as he never had problems -

Regards -

[daledoc1]

Thanks, Noknojon -- can you (or someone) please merge this thread with the other one or move this post over there?

I am still looking for a little more explicit guidance on the procedures to successfully install and run MBAM (Free or Pro) alongside KIS2011, akin to the instructions here at the forums for other security suites.

My brain is total mush after the past 10 days of troubleshooting and restoring my computer.

So, I'm trying to avoid any issues/crashes/conflicts with a little advance planning.

I assume that I need to exit KIS temporarily when I install MBAM.

However, it would be nice to know specifically:

1) Should I update MBAM and run a Quick Scan before enabling KIS?

2) Do I need to manually set the MBAM program exclusions to trusted in the KIS FW (it seems pretty good about assigning applications to the trusted list appropriately)?

3) Will I need to exit KIS in order to run on-demand MBAM Free scans?

4) Is is possible to run MBAM Pro alongside KIS2011, perhaps by disabling certain MBAM features (file protection? IP protection? Shuriken?)

At the very least, I'd like to be able to run MBAM Pro, so that I can use automatic updates and perhaps scheduled scans, even if I cannot enable the protection module b/c of KIS conflicts.

And, since KIS is a bit twitchy, I'd prefer not to have to make too many changes to its settings, esp since I am still on the steep part of their learning curve.

Exile360 or anyone using KL products, I'd sure appreciate your help.

My "MBAM Separation Anxiety" is starting to nag me! ;-)

Thanks,

daledoc1

[exile360]

Hi daledoc1

• To install and configure MBAM to work well alongside Kaspersky the first thing to do is right-click the Kaspersky tray icon and select Pause Protection.
  
• Once that's done, install Malwarebytes' Anti-Malware but don't let it update just yet.
  
• Close Malwarebytes' Anti-Malware and right-click the Kaspersky tray icon again and this time select Resume Protection
  
• Now double-click the Kaspersky tray icon to access the user interface and follow the guide here to have Kaspersky trust the following files (make sure to check all 4 of the boxes in the small exclusion window for each one):
  

For 32 bit Windows Versions:

• C:\Program Files\Malwarebytes' Anti-Malware\
  mbam.exe
  
  
• C:\Program Files\Malwarebytes' Anti-Malware\
  mbamgui.exe
  
  
• C:\Program Files\Malwarebytes' Anti-Malware\
  mbamservice.exe
  
  

For 64 bit Windows Versions:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\
  mbam.exe
  
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\
  mbamgui.exe
  
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\
  mbamservice.exe
  
  

• Open Malwarebytes' Anti-Malware and manually check for updates, this will prompt Kaspersky to ask you what to do regarding the firewall if it isn't set to take actions automatically so you can now allow MBAM to have internet access
  
• Register MBAM with your ID and Key and enable the protection module then set up any desired scheduled scans and updates
  

That should be all you need to do to get the two to work well together

[daledoc1]

Most grateful to you, Exlie360.

That's just what I needed.

It looks a bit involved, so I may wait until light of day, when I am fully rested.

I am still on the steep part of their learning curve with KIS.

(I have to read that Trusted Applications article very carefully, as it is quite detailed...)

It looks as though I only need to deal with MBAM's exe files, not the dll, ref or sys files, right?

Would the same procedures be needed for MBAM Free, or does this only apply to Pro?

Assuming I am able to install MBAM Pro, will I be able to fully enable all the MBAM services, including Shuriken?

And I won't have to pause KIS in order to either update or scan with MBAM, right?

Thanks again very much!

This stuff is a bit over-my-head.

daledoc1

[exile360]

You're most welcome

Yes, with Kaspersky you only need to deal with MBAM's exe's. I've excluded MBAM's drivers and dll's before and it made no difference in performance and compatibility so I don't see it as being necessary.

It wouldn't hurt to exclude MBAM's exe's from Kaspersky if using the free version, but with the paid version I highly recommend it for the sake of system performance.

After setting exclusions you won't have to disable any components of Kaspersky to update and use MBAM and you won't need to disable any of the features in MBAM for it to work alongside Kaspersky .

[mountaintree16]

I use KAV and I have added those three items to my Trusted Applications per Exile's recommendations and it runs beautifully on my system with Mbam

[daledoc1]

Hello, all:

Thanks for the detailed instructions.

I've waited to install MBAM until all my other programs were installed and running OK, so that, if a problem had arisen, the KL folks wouldn't try to pin it on a conflict with MBAM.

Couple of questions:

Exile360, you wrote:

>>(make sure to check all 4 of the boxes in the small exclusion window for each one).>>

Are there not *5* such boxes (see attached)?

And do I "tic" all of them for each file?

Or am I looking in the wrong place?

(The only other programs for which I have needed to do this so far are Adobe apps -- Acrobat and Distiller for starters; don't know yet about the other CS4 components.)

and:

>> Open Malwarebytes' Anti-Malware and manually check for updates, this will prompt Kaspersky to ask you what to do regarding the firewall if it isn't set to take actions automatically so you can now allow MBAM to have internet access>>

There are so MANY settings options in KIS2011, I can't seem to find the right one to set for a prompt -- I am certain the default settings are to take action WITHOUT a prompt. So, in order to be sure I get a prompt to ALLOW MBAM, might you know whiich setting to tweak?

I confess to being so squeamish and skittish about crashes/conflicts and other disasters, nearly 2 weeks into recovery from the McAfee debacle, that I am a bit overly obsessive at this point.

This is especially so since the KL folks insist that ONLY the FREE versions of MBAM (and SAS) can play nicely with KIS2011.

I hope you are right in saying that MBAM Pro will be OK, since I particularly miss the MBAM real-time IP protection.

I'll wait to hear back before proceeding.

Much obliged, as always for an outstanding product and an outstanding forum!

daledoc1

[exile360]

Are there not *5* such boxes (see attached)?

Ah, so there are, that Do not inherit restrictions of the parent process (application) is a new one . You might as well check it as well, just in case.

And do I "tic" all of them for each file?

Yes, all of them for each file.

There are so MANY settings options in KIS2011, I can't seem to find the right one to set for a prompt -- I am certain the default settings are to take action WITHOUT a prompt. So, in order to be sure I get a prompt to ALLOW MBAM, might you know whiich setting to tweak?

I don't believe so, it will most likely be allowed to communicate automatically. Once you get the free version of Malwarebytes' Anti-Malware installed, open the Updates tab and check for updates. If it is able to download updates then no exclusion needs to be set in Kaspersky's firewall component.

I confess to being so squeamish and skittish about crashes/conflicts and other disasters, nearly 2 weeks into recovery from the McAfee debacle, that I am a bit overly obsessive at this point.

This is especially so since the KL folks insist that ONLY the FREE versions of MBAM (and SAS) can play nicely with KIS2011.

No problem. Troubleshooting incompatibilities with Malwarebytes' Anti-Malware is easy because none of our drivers or processes load in Safe Mode, that means that in the unlikely event that there is some unforeseen conflict, you can simply boot into safe mode, uninstall Malwarebytes' Anti-Malware if needed, though I sincerely doubt you'd ever need to as I've been using Kaspersky alongside Malwarebytes' Anti-Malware for years now without any issues, as have several others I know.

This is especially so since the KL folks insist that ONLY the FREE versions of MBAM (and SAS) can play nicely with KIS2011.

Yes, they say that about all other security software that runs in realtime because they're concerned about conflicts, but the reality is, any antivirus that is running in realtime will ALWAYS get the first chance to analyze any file being downloaded to your computer or any process being executed, meaning if it's detected by your AV and you have your AV remove the infection, MBAM never even sees it so there's no room for a conflict. Malwarebytes' Anti-Malware was deliberately designed this way to avoid such conflicts. Malwarebytes' Anti-Malware is a backup to catch what your AV misses.

I hope you are right in saying that MBAM Pro will be OK, since I particularly miss the MBAM real-time IP protection.

Absolutely, I've never seen any issues between Kaspersky and the IP blocking mechanism in Malwarebytes' Anti-Malware.

[daledoc1]

OK, THANKS!

Your instructions (and the detailed KIS2011 instructions from the link you sent) worked fine.

I've now got MBAM 1.46 successfully installed, without any problems.

Manual update and manual quick scan ran just fine.

I think I will stick with running "Free"/on-demand for a day or so, to make sure all is OK.

If that turns out fine, I will then re-register my "Pro" version, but disable the load at Windows start-up for a day or so.

If that also turns out to be OK, then I will take the full plunge, enabling all the MBAM real-time services AND loading MBAM at Windows startup.

I am very much indebted to all of you -- esp Exile360 & mountaintree16 -- for your patience and expertise.

I feel SO MUCH better now, having MBAM back on this computer.

The "separation anxiety" was killing me!

Much obliged!

daledoc1

[exile360]

You're most welcome daledoc1

Please post back once you get it running in realtime and let us know how it's going and if you have any issues between the two.

[mountaintree16]

I am glad that this is all working out for you, DaleDoc. Kaspersky and Mbam are wonderful partners, in my opinion Looks like I may have a few settings to look over myself.

And I have never had a conflict between IP Blocking and Kaspersky either

[daledoc1]

So far, so good.

The only MBAM Pro feature I have not yet enabled is to load at Windows startup (this was not an issue with McAfee and hasn't been a problem with the *current* version of WISE on my laptop, though it *was* problematic with WISE 6.*)

Other than that, the updater and scheduled scanner and protection module seem to be fine alongside KIS2011.

I'll post back if there are any problems, but it looks fine for now.

Thanks for the assistance and the virtual hand-holding, ;-)

daledoc1

[exile360]

Marvelous, thanks for letting us know B)

Having it run at startup shouldn't cause any issues either, as Kaspersky starts loading much earlier than MBAM does in the boot process.

[daledoc1]

Update:

There *may* indeed be some issues running the MBAM protection module with KIS2011 when using "Safe Run".

According to KL, "Safe Run" is "limited functionality" in the 64-bit environment.

Indeed, "Safe Run for Applications" does not even show up in the KIS GUI on a 64-bit platform, and there are occasional "limited fuctionality" popups from KIS2011 even for the "Safe Run for Websites" feature.

I did experience some odd crashes of the KIS2011 GUI, particularly the "Safe Run" section, when running the MBAM Protection module.

It actually hung Windows to the extent that I could not even use Task Manager to kill either MBAM or KIS, and ended up having to hard boot.

This may or may not have been directly related to MBAM + KIS2011 running together in real-time, as there have been a few threads at the KL forums about Safe Runs bugs, problems, etc.

It would not surprise me if there some sort of subtle conflict between MBAM active protection and KIS2011 Safe Run, at least on a 64-bit platform.

It may be necessary to run EITHER MBAM protection module, OR KIS2011 Safe Run, but not both.

For the time being, I have disabled MBAM protection module. I have had no further problems with Safe Run, so, again, there MAY have been a connection.

MBAM Scheduled updates (with flash scans) and daily scheduled Quick Scans are still working fine.

I may try to play around a bit to see if I can reproduce and troubleshoot what I observed.

In the interim, I thought I'd post back, for "reference" by other users.

Regards,

daledoc1

[exile360]

Interesting. I'm not familiar with Safe Run. Please keep us posted on your progress and if you're able to find a resolution for the apparent conflict.

[Haider]

Hello daledoc1: The culprit may be Windows 7 itself. please read MS-KB 2265716 and see if you have this hotfix installed

[daledoc1]

Hi:

@exile360: http://support.kaspersky.com/kis2011/securityzone

@Haider: This is on the Win7/64 box, and yes, I do have all the Windows patches. I'll check out that hotfix you mentioned. (It may indeed relate to Win7/64, as the Safe Run for Applications feature in KIS is only "limited" in its functionality. More details at the KL web pages linked above.)

Thanks!

daledoc1

[exile360]

Ah yes, I see. It's basically a sandbox type application. You aren't trying to run MBAM inside of Safe Run are you? That would be mistake as it would likely cause MBAM to malfunction since it needs to have full system access to function properly (as does any security application).

[daledoc1]

Hi, Exile360:

No, not to my knowledge, since Safe Run for APPLICATIONS doesn't really function on a 64-bit platform.

In fact, one doesn't even see the option to run it in the GUI -- only Safe Run for WEBSITES.

So, the user has no option to manually enable/run the *applications* version. I don't know if it "partially" runs in the background when one runs the *website* version, perhaps?

I *think* the problem occurred when MBAM protection module was enabled AND I was using Safe Run for Websites in my default browser (FF).

I experienced a corruption/crash of the KIS2011 GUI and a hangup of the OS, which necessitated a hard boot.

This was several days ago. And, for fear of corrupting KIS or causing other major problems, I haven't tried to reproduce it.

So, whether this was a coincidence or related, I cannot be sure. (And Safe Run does have a few issues, esp in 64-bit environment.)

What is sure is that the KL are a bit more adamant than most other security software publishers about NOT running MBAM protection module in real-time with KIS.

It seems to be the case that I can use Safe Run fine without MBAM protection module.

And it may be that I can run MBAM protection module IF I *don't* run KIS Safe Run.

But the combination of the two in real-time may, in fact, create problems?

This is all totally over my head, I'm afraid. (The only sandbox I know anything about is the kind I played in about 52 years ago!)

Thanks very much for your advice and explanations!

daledoc1

[exile360]

You might try MBAM with Website Blocking disabled to see if that's the cause. You can do that through the options in the GUI before enabling the protection module again.