Malwarebytes Anti-Malware 2.0.X releases

I noticed the MBAM slide since the Q2-2015 Assessment, but it took a real nose dive in Q1-2016.

I have two legacy licenses bought in 2010 and after six years on several systems, I contemplated dumping it late last year when I went with BDIS on my desktop and laptop. Even though I don't believe MBAM Premium adds any value to current top-tier Suites, old habits die hard and stayed with it.

But the project-zero Issue 714 report clinched it for me and I uninstalled in February. Malwarebytes' "advisory" did not convince.

I run MBAE Premium (which coincidentally I'm auto-renewing tomorrow), ZAL Premium and WinAntiRansom and an a heavy set of privacy/security extensions in Cyberfox Intel 64. Flash and Java aren't permitted within 500 meters of any system I own or consult on.

I hereby declare my systems qualify for the Krusty13 Otherwise Well Protected Machine Certification.

 

Is BDIS as effective as MBAM at blocking/removing PUPs? I work on computers with many different Antivirus/Suites installed (not BDIS of late) and they all sit there doing nothing while the computer is infested and malfunctioning because of PUPs. It's not uncommon for MBAM to find and remove 1000+ items (files, auto-start entries, registry entries, etc). In the worst cases I'll use HitmanPro along with it, but most of the time MBAM gets the job done. So, when you talk about MBAM "sliding" it doesn't jive with my experience. I recommend it to ordinary users as a second layer regardless of what primary AV is installed because it's light on resources and rarely throws false positives.

 

As a long time user of BDAP I can tell you it does NOT catch nearly as many pups as MBAM.

 

The sliding was within the context of the scores in the the MRG Effitas reports I cited in my post #251 and Krusty13's inclusion of the Has MalwareBytes Anti-Malware Pro Ever saved you from an infection? link in post #250. (MBAM Premium is often referred to as Pro.)

I've been running BDIS 2016 for only about six months (prior was BD Free for a few years); all of what's been snagged so far haven't been PUP/PUA. IMHO, BD is effective at everything. I've been hands-on with it since its late Softwin AVX days. (Avast, G-Data and Lavasoft got in the way here and there, though.)

I never install software in "express" mode, the primary vector for PUP/PUAs. And even dismissing that, in the past 15 or so years, I've never had to deal with a PUP/PUA infection and MBAM Premium in my six-years use never alerted to one.

"It's not uncommon for MBAM to find and remove 1000+ items..." sounds to me as via MBAM's (aka Free) on-demand scanning.

MBAM Premium's real time Malware Protection is a different dog.

So when you recommend it to ordinary users, is "it" Free or Premium? Because with reference to your question about blocking/removing PUPs, MBAM Free doesn't block anything. So in that case BDIS is 100% more effective at blocking.

For me, end of discussion.

And for the amusement for all, a typical day in the life of a desktop support tech...

~ Off Topic Image Removed As Per Policy ~

 

Yes, the huge number of detected objects is the result of an "on demand" scan immediately after installation on systems that have up to date AV with no PUP protection. The vector is typically bundleware where the customers don't understand that they need to opt out of the unwanted toolbars, etc. I'm not in a situation where I can observe MBAM Pro over time to see the extent to which it blocks PUPs. Even if it's not good at blocking there are a number of advantages to the Pro version, such as regular updating, scheduled scans and the Hyper Scan option. Of course not everyone needs automation and can make use of the free version.

 

It has been my experience too that MBAM still offers excellent detection rates. When dealing with a system that is infected, or has PUPs, I always start by installing Zemana AntiMalware and running a scan, as it also has excellent detection rates, and scans much faster than MBAM does. Next, I'll often run AdwCleaner (I don't always use it due to the terrible user inteface which makes it it a hassle to use if you actually want to keep some of the detected items). But after that I'll aways install and run MBAM. None of them will detect everything, so I find it best to use multiple progams, and they usually all will detect things. On systems where a lot of theats/PUPs were detected, then I'll run HitmanPro after I'm done with MBAM.

I've never used MBAM's realtime protection, so I can't comment on that.

 

BTW, a bit OT but seems like Malwarebytes is making quite a lot of money, I really like their office:

https://officesnapshots.com/2016/04/04/malwarebytes-headquarters-santa-clara/

 

Fuels creativity.

 

"BTW, a bit OT but seems like Malwarebytes is making quite a lot of money, I really like their office:"

I think the office is amazing!!!

This is another story of where a mans heart went. If you read his biography.

One man band turned into a huge corporation. I don't see one thing wrong with that.

 

BDAP??

PUP/PUA is a model without a standard to measure against and subject to the developer's interpretation.

The concept of "potential" demonstrates:
potentially unwanted = potentially wanted

One man's PUP/PUA is an atrocity and another man's ideal.

The best rationale, a paraphrase of Justice Stewart's concurrence in SCOTUS Jacobellis v. Ohio: "I shall not attempt to define PUP/PUA, but I know one when I see one." How does one code that?

 

Bitdefender Antivirus Plus

 

BDAP=Bitdefender Anti virus plus

Right I understand what a pup is just stating MBAM catches more.

 

Ah, got it. I'm used to BDAV - I forgot it's a "Plus" now.

MBAM has a its own "know one when I see one" model. A net with different mesh, nothing more.

 

I would argue that what defines a PUP is not its' perceived functionality, but the delivery method. A program may be quite useful, for instance Drop Box, but if it is delivered in a bundle and not actually wanted then its a PUP. In my experience it's extremely rare that someone actually wants the toolbars, search engines, driver updaters, backup apps, etc, that are included in bundleware , aka sneakware. People don't know how the stuff gets on their computers, and they don't know how to take it off. MBAM is one of the few scanners that aggressively identifies and removes PUPs. Many AV vendors actually include PUPs in their installers, which explains why they don't detect/remove them.

Here's a good read on the subject:

http://blog.emsisoft.com/2015/01/17/has-the-antivirus-industry-gone-mad/

 

Introducing the Brand New Malwarebytes Labs
https://forums.malwarebytes.org/topic/184538-introducing-the-brand-new-malwarebytes-labs/

 

i have MBAM Premium 2.2.1.1043 installed. Last month & this month when I ran an incremental backup i got this information message repeated over 100 times or more ...

mbamchameleon failed to obtain file name information - c01c0005​

The messages do not stop until I stop MBAM service and the MBAM exec task from running.

The MBAM forum is showing threads on this going way back to 2013 with the usual suggestion to run every scan under the sun. I think that it is obvious by now that this is not an infection and more likely a design problem. No fix offered.

On Bleeping Computer they recommend clear-uninstall/reinstall of MBAM. I decided to take this route. I added some MBAM files to the exclusion list in MSE for good measure (but I do not think the AV is the problem). I have no exclusions listed in MBAM itself.

Also I decided to leave the self-protection module disabled. I have not been getting these non-stop messages return having done this. Not sure if this is the answer but I'd like to know if anybody else is getting this message and if they found a solution.

Edit: Just wanted to add that the message gives the impression that your system is under attack by an infection (like a rootkit or ransomware behaves). The messages attach themselves to several system and application files saying they can not be found, so it looks like these files are being erased or locked - just one after the other in quick succession. All OK - it just looks scary.

 

I had the same problem as emmjay. A clean uninstall and re-install fixed it for me as well.

 

I have MBAM installed on three machines, 2 Premium licences on machines also running Norton where MBAM does not start with Windows so is used on-demand only, and the free version installed on a machine with Windows Defender and none of them are updating. I won't bother posting on their site because they will want logs but I find it hard to believe there could be a problem with all three machines.

I tried to ping data-cdn.mbamupdates.com = between 25% and 100% loss of packets.

It sounds to me like a server problem. Anyone else experiencing anything like this?

 

For a long time now, on the one computer I have it installed on, MBAM has always taken a long time to search for updates.

 

Yeah, it still takes ages to check for updates here too but it isn't finding any. This machines database is 2016.9.4.1, which is last Sunday and the last time I opened MBAM.

 

http://www.downforeveryoneorjustme.com/data-cdn.mbamupdates.com

 

I saw this thread earlier... but, I hadn't used MBAM for awhile. ...And, I got the latest database just over an hour ago.

 

Hmm. Thanks Tarnak.

After I read your post completed a complete clean uninstall / reinstall and all that accomplished was now my definitions are even older and MBAM still won't update.

 

Hello Krusty13:

A few moments ago, I directed my VPN to connect one of my test systems through its portals in Sydney and then Melbourne long enough for a default/simple "ping data-cdn.mbamupdates.com" test, and although the time results were in the 500ms vicinity, both tests did not experience any loss of packets.

I realize my testing is woefully inadequate for your present situation, it did, however, show that the CDN was certainly reachable in those two brief instances.

Good luck and best wishes to you in getting to the source of your system's connectivity issue.

 

Hi 1PW,

I don't know what that means then. The free version on my Windows Defender machine happily updated last night my time but won't now. I've just changed my DNS settings and power cycled my machines and router but there is no difference. Speed test is fine and I haven't had any issues connecting to any other sites.

Quite baffling!