Jump to content

MBAM processes


Recommended Posts

If using the free version it only runs a single process, and only when it is open (no background processes or startups with the free version). That process is mbam.exe.

If using the PRO version, it runs 2 processes, mbamgui.exe and mbamservice.exe. mbamgui.exe is the tray process which represents the interactive part of the protection module (ie, this is where you can access settings from the tray for the protection and this is the component that displays alerts when malicious processes or malicious websites are detected). mbamservice.exe is the background process that runs at kernel level and scans processes in memory as they attempt to execute and that does the removal of detected threats and it also executes scheduled scans and updates.

Link to post
Share on other sites

Yes, because the mbam.exe process requires administrative privileges to run. It is the scanner and it is the component used for downloading and installing updates. The tray process mbamgui.exe runs in user mode, not as administrator, only the kernel level service runs with administrative privileges (actually higher privileges than that as it runs as SYSTEM).

The scheduler avoids this because mbamservice.exe already has higher privileges, so when it calls mbam.exe to execute a scheduled update or scan, mbam.exe is a child process of mbamservice.exe, and thus runs with sufficient privileges without requiring a UAC prompt.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.