Jump to content

Recommended Posts

Greetings :)

Unfortunately at the moment, Malwarebytes' Anti-Malware does not have any sort of active self-protection the way that some security applications do, though it is something we are considering.

The reverse side of that is that, assuming an infection is already running and doing so with administrative privileges (which is what would be required to disable/stop a running service), then it's too late anyway and the infection will likely require manual removal (if it's already running, that means our protection module missed it and so did your antivirus, so you're already infected). In fact, even the security programs that have such countermeasures built in to protect themselves are often circumvented by infections that target them because once a threat is running with system/admin level access, there really isn't much you can do to stop it from doing what it wants, that's why detecting it before it gets in is always the best way when possible (if such a threat tried to run and it is in our database, Malwarebytes' Anti-Malware PRO would detect the threat when it tried to execute and would block it from doing so, allowing the user to safely quarantine the threat, thus preventing any harm the threat may have attempted to do, including disabling any security software, including our own).

Link to post
Share on other sites

Thank you for your reply. I certainly would not want to understate the complexities involved, but it would seem to me there would be some way to identify a resource outside of the users on a computer that is obtaining Admin privileges. Oh well, you answered my question. Thanks again.

Link to post
Share on other sites

User account control actually does this. It's a feature built into Windows Vista and Windows 7 that blocks any process that attempts to execute with administrative privileges and shows a prompt for the user to either allow the program to run or to deny it. It's very effective in blocking such threats from executing. An alternative would be a HIPS application, which monitors all processes and files on a computer and prompts the user to allow or deny any action, a feature that is also built into many of the more powerful software firewalls, though personally I generally find such software to be too complex to use as it's often difficult to positively identify whether a particular file or action is actually malicious, but if I see a User Account Control prompt for a file that I did not try to run, then I would certainly block it from doing so :).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.