Malwarebytes Anti-Ransomware Beta

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Jan 25, 2016.

  1. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Will Malwarebytes Anti Ransomware continue to exist as a standalone app after the beta?
     
  2. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    No...

    it will be joined with there flag ship MBAM
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    ... along with JRT.
     
  4. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Beta or not but such stuff is far away from an alpha product.

    And no I not want to make your work by submit every xyz stuff which is false positive, if the algorithm isn't that good to detect generic Chrome builds or other static builds then is just alpha and not even beta. I doubt that this product will ever be good, just concentrate on existent product is more than enough. :p

    After uninstalling it there are leftovers ... this is also something for beginners, why you never look at this? really come on ...

    Leftovers:
    C:\ProgramData\Malwarebytes
    * config
    * mbarwind-00.arw
    * mbarwind-01.arw
    * mbarwind-02.arw
    * mbarwind-03.arw
    * mbarwind-04.arw

    Registry:
    HKEY_CLASSES_ROOT\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7} (random)
    HKEY_CLASSES_ROOT\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495} (^^)
    HKEY_CLASSES_ROOT\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1} (^^)

    C:\Windows\System32\drivers
    * MBAMSwissArmy.sys
    * farflt.sys


    C:\Windows\Installer
    * random (empty) but folder is still present
     

    Attached Files:

    Last edited: Feb 24, 2016
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's OK, everybody is entitled to an "opinion".
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I haven't tried the product yet, but what I don't understand is why the quarantine feature is so aggressive, without giving the user an option to cancel it. From what I've read this was the biggest problem. Or has this already been fixed? Perhaps it's an idea to compare MBARW with HMPA and WinAntiRansom.
     
    Last edited: Feb 25, 2016
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    BOOOOOOOOOOO!

    "Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security.

    http://support.emsisoft.com/topic/19289-compatibility-with-malwarebytes-anti-malware/"

    Does MBAR also use a WFP driver to capture network traffic, or does MBAR not work in this manner?"

    Been using the Beta with EMIS 11 with no problems that I know of (which means little). Did have one incident where MBAR spotted and quarantined "antiransomeware activity" and quarantined it but my Quarantine was empty.

    Thing with running two antimalware programs is that you really do not always know if one is interfering with the other, absent official OK from the creator after their testing.
     
    Last edited: Feb 26, 2016
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    There are absolutely no problems running multiple products that use a WFP driver. The only problem that could cause a conflict is if one product does not chain correctly.

    We'll test this internally to see if its a bug on our end or not.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks. It would be good to have confirmation of this, as I am currently running MBAM Pro (with RT components off however, just scheduled daily scan alongside EAM, and Adguard).
    The Emsisoft forum topic would indicate multiple WFP drivers are a problem, though I have not noticed anything untoward (so far).
    Edit: On rereading, I see only EIS has the WFP driver (though EAM may get in future). But then Adguard compatibility question with MBAM remains.
     
    Last edited: Feb 27, 2016
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Well I hope there is no issue. But note that this year Emisoft has and continues to make it's products more effective against Ransomware. Dunno if that is relevant to the issue. When I hear Fabian W. make the statement that he did (the quoted text) I can not ignore it. Perhaps you might speak with him. I know you guys have a commendable cooperative attitude, but sady were ignored by the Gawds at Kaspersky re: MBAE.

    Also to be clear, FW said "Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security." That is far from a definifinitive corporate endorsed official statement that"MBAR IS incompatible with EMIS and using the two together will cause problems."
     
    Last edited: Feb 27, 2016
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Technically multiple products that rely on WFP can happily co-exist without a problem. In fact MBAM happily co-exists with all AV's out there, and many if not most also use WFP.
     
    Last edited: Feb 28, 2016
  12. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    You people are confusing me. The conversation keeps switching from AE to AM to AR. I have to keep going back up to see what thread I am in LOL
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We tested MBARW compatibility with Emsisoft and could not replicate the problem.

    It could very well be a conflict with some other software.
     
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Thanks pbust. Good to hear this :)
     
  15. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
  16. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Through the kindness of our friend chachaz:
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  18. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    There's no change log posted you'll have to start the down loader to see what was fixed you can stop it before it installs at that point, so far so good with my PC's.

    they did improve FP's
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think I will wait for the final version, thanks for the info.
     
  20. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Change log is 2 post above yours
     
  21. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    Yea missed that,I meant on there web site.
     
    Last edited: Mar 29, 2016
  22. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    Is the "You've been signed in with a temporary profile" bug fixed in beta 6?
     
  23. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
  24. Magic Missile

    Magic Missile Registered Member

    Joined:
    Sep 20, 2013
    Posts:
    20
    For me it's been running fine on two different computers. Other than occasionally switching itself off, there have been no problems, so it definitely hasn't been disruptive. One of the computers has a brand new install of Windows, and MBARW didn't cause any problems through any install process or anything, in either beta5 or beta6. Plenty of people are reporting issues on MB's forum, but most of the reported issues aren't serious, and of course feedback there is going to be disproportionately weighted to those for whom it isn't working speaking up, probably a lot of people like me have it running without any significant problems and are just not saying anything - because that's how we all like our security softs, unnoticeable!
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, thanks for the info. :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.