Malwarebytes Anti-Ransomware Beta

Will Malwarebytes Anti Ransomware continue to exist as a standalone app after the beta?

 

No...

it will be joined with there flag ship MBAM

 

... along with JRT.

 

Beta or not but such stuff is far away from an alpha product.

And no I not want to make your work by submit every xyz stuff which is false positive, if the algorithm isn't that good to detect generic Chrome builds or other static builds then is just alpha and not even beta. I doubt that this product will ever be good, just concentrate on existent product is more than enough.

After uninstalling it there are leftovers ... this is also something for beginners, why you never look at this? really come on ...

Leftovers:
C:\ProgramData\Malwarebytes
* config
* mbarwind-00.arw
* mbarwind-01.arw
* mbarwind-02.arw
* mbarwind-03.arw
* mbarwind-04.arw

Registry:
HKEY_CLASSES_ROOT\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7} (random)
HKEY_CLASSES_ROOT\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63} (^^)
HKEY_CLASSES_ROOT\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732} (^^)
HKEY_CLASSES_ROOT\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F} (^^)
HKEY_CLASSES_ROOT\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8} (^^)
HKEY_CLASSES_ROOT\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27} (^^)
HKEY_CLASSES_ROOT\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF} (^^)
HKEY_CLASSES_ROOT\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD} (^^)
HKEY_CLASSES_ROOT\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495} (^^)
HKEY_CLASSES_ROOT\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1} (^^)

C:\Windows\System32\drivers
* MBAMSwissArmy.sys
* farflt.sys


C:\Windows\Installer
* random (empty) but folder is still present

 

That's OK, everybody is entitled to an "opinion".

 

I haven't tried the product yet, but what I don't understand is why the quarantine feature is so aggressive, without giving the user an option to cancel it. From what I've read this was the biggest problem. Or has this already been fixed? Perhaps it's an idea to compare MBARW with HMPA and WinAntiRansom.

 

BOOOOOOOOOOO!

"Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security.

http://support.emsisoft.com/topic/19289-compatibility-with-malwarebytes-anti-malware/"

Does MBAR also use a WFP driver to capture network traffic, or does MBAR not work in this manner?"

Been using the Beta with EMIS 11 with no problems that I know of (which means little). Did have one incident where MBAR spotted and quarantined "antiransomeware activity" and quarantined it but my Quarantine was empty.

Thing with running two antimalware programs is that you really do not always know if one is interfering with the other, absent official OK from the creator after their testing.

 

There are absolutely no problems running multiple products that use a WFP driver. The only problem that could cause a conflict is if one product does not chain correctly.

We'll test this internally to see if its a bug on our end or not.

 

Thanks. It would be good to have confirmation of this, as I am currently running MBAM Pro (with RT components off however, just scheduled daily scan alongside EAM, and Adguard).
The Emsisoft forum topic would indicate multiple WFP drivers are a problem, though I have not noticed anything untoward (so far).
Edit: On rereading, I see only EIS has the WFP driver (though EAM may get in future). But then Adguard compatibility question with MBAM remains.

 

Well I hope there is no issue. But note that this year Emisoft has and continues to make it's products more effective against Ransomware. Dunno if that is relevant to the issue. When I hear Fabian W. make the statement that he did (the quoted text) I can not ignore it. Perhaps you might speak with him. I know you guys have a commendable cooperative attitude, but sady were ignored by the Gawds at Kaspersky re: MBAE.

Also to be clear, FW said "Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security." That is far from a definifinitive corporate endorsed official statement that"MBAR IS incompatible with EMIS and using the two together will cause problems."

 

Technically multiple products that rely on WFP can happily co-exist without a problem. In fact MBAM happily co-exists with all AV's out there, and many if not most also use WFP.

 

You people are confusing me. The conversation keeps switching from AE to AM to AR. I have to keep going back up to see what thread I am in LOL

 

We tested MBARW compatibility with Emsisoft and could not replicate the problem.

It could very well be a conflict with some other software.

 

Thanks pbust. Good to hear this

 

BETA 6 (build 0.9.15.416)

https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/

 

Through the kindness of our friend chachaz:

 

So what is the verdict, has it become more mature? I wanted to install it, but I decided not to based on all of the problems with false positives and auto quarantining.

 

There's no change log posted you'll have to start the down loader to see what was fixed you can stop it before it installs at that point, so far so good with my PC's.

they did improve FP's

 

I think I will wait for the final version, thanks for the info.

 

Change log is 2 post above yours

 

Yea missed that,I meant on there web site.

 

Is the "You've been signed in with a temporary profile" bug fixed in beta 6?

 

Post that question here..

https://forums.malwarebytes.org/forum/172-malwarebytes-anti-ransomware-beta/

 

For me it's been running fine on two different computers. Other than occasionally switching itself off, there have been no problems, so it definitely hasn't been disruptive. One of the computers has a brand new install of Windows, and MBARW didn't cause any problems through any install process or anything, in either beta5 or beta6. Plenty of people are reporting issues on MB's forum, but most of the reported issues aren't serious, and of course feedback there is going to be disproportionately weighted to those for whom it isn't working speaking up, probably a lot of people like me have it running without any significant problems and are just not saying anything - because that's how we all like our security softs, unnoticeable!

 

OK, thanks for the info.