alicez Posted December 4, 2008 ID:37791 Share Posted December 4, 2008 I have the MBAM on my Vista Premium.When I ran the Defender scan, the following file was found in the Defender History Area (Description: This program has potentially unwanted behavior.):C:\Windows\system32\drivers\mbamswissarmy.sysMBAM Swiss ArmyIs this a safe file? The Swiss Army is confusing me.Please advise as I do not want anything to corrupt my new Vista. Link to post Share on other sites More sharing options...
exile360 Posted December 4, 2008 ID:37808 Share Posted December 4, 2008 The file is one of Malwarebytes' drivers and Windows Defender flagging it is a known issue. Don't worry, the file is safe. Link to post Share on other sites More sharing options...
RedDawn Posted December 4, 2008 ID:37809 Share Posted December 4, 2008 Hi Alicez,Yes, Swiss Army is safe, it is part of MBAM, a Driver if I'm not mistaken. To configure Windows Defender to ignore it:Open Windows Defenderclick Tools > options scroll down to Advanced Options and under Do not scan these files or locations click add, navigate to mbamswissarmy and click OK. The path should be C:\Windows\system32\drivers\mbamswissarmy.sysYou should now stop seeing the warning from WD. Link to post Share on other sites More sharing options...
alicez Posted December 4, 2008 Author ID:37828 Share Posted December 4, 2008 Thank you both.Alice Link to post Share on other sites More sharing options...
catscomputer Posted May 28, 2009 ID:84307 Share Posted May 28, 2009 Hi Alicez,Yes, Swiss Army is safe, it is part of MBAM, a Driver if I'm not mistaken. To configure Windows Defender to ignore it:Open Windows Defenderclick Tools > options scroll down to Advanced Options and under Do not scan these files or locations click add, navigate to mbamswissarmy and click OK. The path should be C:\Windows\system32\drivers\mbamswissarmy.sysYou should now stop seeing the warning from WD.Thanks so much for this information. Since I got the update to MBAM version 1.37 I have been getting a warning show up in my Defender history for this file path every time I run a MBAM scan. Defender says it has potentially unwanted behaviour. Why would this be? I find it curious to note that this post is dated Dec 2008, as I didn't have this issue with version 1.35 or 1.36. Thanks again for the work-around Link to post Share on other sites More sharing options...
exile360 Posted May 28, 2009 ID:84481 Share Posted May 28, 2009 Greetings and welcome .The change is most likely due to the fact that the program and the drivers it uses were changed dramatically in the current release so its behavior is quite different. I use MBAM alongside Windows Defender without issue with the exception of those entries. WD by default will only block anything it positively identifies as malware, those entries are just warnings about the hidden driver MBAM uses (which is necessary for it to subvert nasty threats like rootkits and remove them). Link to post Share on other sites More sharing options...
maluser Posted May 29, 2009 ID:84545 Share Posted May 29, 2009 I get the same reply from Kaspersky, it's because it is a hidden driver. It's not bad it's just not run as a service or constant so it is installed hidden instead. I tried playing around with the file and in doing so it seems to have something to do with loading Malwarebytes antimalware database I believe.That's just my two cents anyhow Link to post Share on other sites More sharing options...
catscomputer Posted May 29, 2009 ID:84552 Share Posted May 29, 2009 Greetings and welcome .The change is most likely due to the fact that the program and the drivers it uses were changed dramatically in the current release so its behavior is quite different. I use MBAM alongside Windows Defender without issue with the exception of those entries. WD by default will only block anything it positively identifies as malware, those entries are just warnings about the hidden driver MBAM uses (which is necessary for it to subvert nasty threats like rootkits and remove them).Ahh. Yes, that makes sense re the hidden driver and how it works. Thanks for the explanation. I've been watching this forum since my computer fix-it person put me on to MBAM and I'd like to say that I'm so impressed with this product, and with the excellent support here in the forums and the helpdesk. Thanks heaps! Link to post Share on other sites More sharing options...
YoKenny1 Posted May 29, 2009 ID:84645 Share Posted May 29, 2009 I like the warning from Windows Defender about mbamswissarmy as it lets me know that MBAM was updated and run at the scheduled time. By the way Windows Defender updates itself slowly so I visit its portal daily to update it manually:http://www.microsoft.com/security/portal <== v1.59.496.0 is current update Link to post Share on other sites More sharing options...
Recommended Posts