Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Malwarebytes 3 Considered An AV?


  • Please log in to reply
8 replies to this topic

#1 Firefoxthebomb

Firefoxthebomb

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA -- Texas
  • Local time:09:22 AM

Posted 10 March 2017 - 05:27 PM

Mod Edit:  Split from https://www.bleepingcomputer.com/forums/t/641391/again-getting-0xc0000005-error-seems-to-be-related-to-antivirus/ - Hamluis.

 

You also mention that you have Malwarebytes installed... what version of Malwarebytes do you have installed? 

 

It could be conflicting with your Avast / AVG causing the errors... especially if its Malwarebytes 3....


Edited by hamluis, 13 March 2017 - 03:16 PM.

firefoxsig-resized.jpg.b57936275b99d45f7

Dell Precision T7810, Win10 64bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon E5-2620v4 CPUs, Dual 8 Core Processors, 32GB Ram,
E5-2620v4 @ 2.10GHz X 2, AMD FirePro W4100 with 4 Screens, 500GB SSD Boot Drive,
Raid-1 Dual 2TB Sata 10000 rpm Hard Drives, DVD Burner, IE11, Opera, MBAM, MBSB, MBAE


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,802 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:22 AM

Posted 10 March 2017 - 05:47 PM

You also mention that you have Malwarebytes installed... what version of Malwarebytes do you have installed? 

 

It could be conflicting with your Avast / AVG causing the errors... especially if its Malwarebytes 3....

IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Credit for this information goes to quietman7.

 

Malwarbytes 3 is an antivirus.  Unlike running two other antivirus or even having two different antivirus installed Malwarbytes 3 can be run with another antivirus.  You are correct, two antivirus such as AVG and Avast even just installed on the same computer without one being used can cause problems.  So I don't see Malwarebytes 3 being a problem even if it is installed.  If it is the 2.2 version there definitely shouldn't be any conflict with an antivirus as this version is only a antimalwarebytes program.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Firefoxthebomb

Firefoxthebomb
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA -- Texas
  • Local time:09:22 AM

Posted 13 March 2017 - 11:22 AM

Malwarbytes 3 is an antivirus.  Unlike running two other antivirus or even having two different antivirus installed Malwarbytes 3 can be run with another antivirus.  You are correct, two antivirus such as AVG and Avast even just installed on the same computer without one being used can cause problems.  So I don't see Malwarebytes 3 being a problem even if it is installed.  If it is the 2.2 version there definitely shouldn't be any conflict with an antivirus as this version is only a antimalwarebytes program.

 

 

The only reason I mentioned AVG / Avast is because the OP had mentioned that he had tried AVG at one point... (I Agree, two antivirus programs should not be installed at the same time)

 

As for Malwarebytes being an antivirus program, I am sorry but Malwarebytes v3 is not an antivirus program, as mentioned in the link below by one of the Malwarebytes employees (exile360).  I know that Malwarebytes version 3 can conflict with some antivirus programs, and the reason I asked what version the OP was using is to find out if s/he was using version 3 so I could provide instructions of what files to exclude to avoid any potential conflicts. 

 

Malwarebytes is not an Antivirus Program -> SEE HERE


firefoxsig-resized.jpg.b57936275b99d45f7

Dell Precision T7810, Win10 64bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon E5-2620v4 CPUs, Dual 8 Core Processors, 32GB Ram,
E5-2620v4 @ 2.10GHz X 2, AMD FirePro W4100 with 4 Screens, 500GB SSD Boot Drive,
Raid-1 Dual 2TB Sata 10000 rpm Hard Drives, DVD Burner, IE11, Opera, MBAM, MBSB, MBAE


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,802 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:22 AM

Posted 13 March 2017 - 11:28 AM

See here.

 

Malwarebytes 3.0 can replace an antivirus.


Edited by dc3, 13 March 2017 - 11:43 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:22 AM

Posted 13 March 2017 - 01:21 PM

If it looks...acts like...is used in lieu of...an AV program...then, functionally, it's an AV program, no matter what rhetoric is used to describe it.  I don't know what type of mind...cannot understand that.  If it has all the chacteristics...and there is no observable, verifiable lack of those characteristics...it's an AV program, at the minimum.

 

This is a lesson that many today do not seem to comprehend.

 

Louis



#6 David H. Lipman

David H. Lipman

    Malware Researcher/Analyst


  • Security Colleague
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore USA
  • Local time:11:22 AM

Posted 13 March 2017 - 02:26 PM

MBAM is not an anti virus application and does not replace an an anti virus application.  MBAM is an adjunct, complimentary, anti malware application.
 
In its role as a adjunct, complimentary, anti malware application it has limitations in aspects that the anti virus application performs in its role.
 
MBAM does not target script files. That means MBAM will not target; JS, JSE, PY, .HTML, HTA, VBS, VBE, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, WSF, etc.
It also does not target document files such as; PDF, DOC, DOCx, DOCm, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.
 
MZ-binary.jpg

MBAM targets mainly non-viral malware.  The exception being a virus dropper ( a malware file that drops a virus and starts a virus infection but is not infected with the virus ) and worms ( such as Internet worms and AutoRun worms ).
 
MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file.  That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code.  An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state.  Which may or may not return the file to its original, non infected, checksum value.
 
A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file.  Once infected, that infected file can further the infection by infecting other legitimate files.
 
On the other hand there are trojans that will prepend, append or cavity inject malicious code into a legitimate file.   However that file can not infect other files.  The infection stops with that targeted file.  These files are either deemed to be "trojanized" or "patched".  Since MBAM can not remove the added malicious code, at best MBAM will try to replace the trojanized file with a legitimate, unaltered, file.
 
Where a traditional anti virus application is weak, MBAM is strong.  Today's malware is much more complex than 10 years ago.  When we saw the Melissa virus ( I-Worm via SMTP  ), Lovsan/Blaster worm (  I-Worm via RPC/RPCSS @ TCP port 135 ) etc, they were distributed for the effect, damage and bragging rights.  Today's malware is more sophisticated in that it is "all about the money".  Malicious actors use malware to profit from.  Either by stealing, distribution affiliation revenue, data exfiltration, personal identification impersonation, etc.  To effect that the malicious actors don't want the victim to know that their system was compromised or they are so blatant about it by generating advertisements,  Yesterday's malware was simple and less obtrusive.  Today's malware is very intrusive and makes numerous modifications to the Operating System.  Those numerous modifications to the Operating System is where the traditional anti virus application does poorly and where MBAM specializes.
 
MBAM is not a historical anti malware solution.  That means it will not target old malware.  It's intent is to target 0-Day malware.  Malware that is infecting computers Today with malware found in-the-wild, Today.  That means that something like the BugBear which infected years ago will not be targeted by MBAM.  Malwarebytes will actually cull their signature database for malware that is no longer seen in-the-wild Today.   This is why Malwarebytes requests samples that are submitted for detection consideration be no older than 3 months old.

 

Malwarebytes rests its new declaration as a replacement upon the shoulders of its anti exploit module.

 
When one talks about an "exploit" there are two basic kinds.
 

  • Exploiting a software vulnerability to gain elevated privileges to effect a compromise
  • Taking advantage of a capability to use in their benefit in an unexpected or unanticipated way.

 
As an example of the first case I'll use the Lovsan/Blaster worm.  It exploited a software vulnerability in the Operating System RPCSS/DCOM which uses TCP port 135.  The Lovsan/Blaster worm would send a specific set or string of characters to TCP port 135 to create a "buffer overflow with an elevation of privileges" condition where if successful, the worm would create a BLASTER.EXE file on the target system and then execute it.  Once the PC was infected it would seek new hosts and the Lovsan/Blaster worm would spread exponentially.
 
As an example of the second  case I'll use the Wimad trojan.  The Wimad trojan takes advantage of the Digital Rights Management (DRM) incorporated in media files such as MP3, WMV and other music and video files.  By taking advantage of the DRM, it would be used in combination of Social Engineering and one's desire for "free music" or a "free movie" to cause the person to download and run some malicious program.
 
Therefore you use an anti exploitation application to thwart the malicious activity of deliberately exploiting a vulnerability to effect a system compromise.
 
One may use a specially crafted...

  • PDF file to exploit a vulnerability in a PDF viewer like Adobe Reader or FoxIt.
  • MOV file to exploit a vulnerability in a Apple's QuickTime renderer.
  • GIF file to exploit a vulnerability in Microsoft's Graphics Device Interface (GDI).
  • DOC, XLS or other MS Office document file to exploit a vulnerability in Microsoft Office or to use a macro to download and execute a file or extract an embedded file and execute it.
  • RMP file to exploit a vulnerability in RealPlayer.

It is for situations as enumerated above where an anti exploit application will be used to monitor and shield a given application, which exhibits vulnerabilities, from attempts using the vulnerability/exploitation attack vector.  It is not for untrusted applications.
 
The intention is to monitor and shield a given application which has a propensity of being exploited.

 

So MBAM may block a Wimad trojan from exploiting Windows DRM but it is incapable of detecting a media file as being a Wimad trojan.  This is something an anti virus application will do.  Now one may not get infected due to a Winmad trojan while using MBAM, but it will not identify these DRM exploitative files.  

 

MBAM is not VIM or MAPI compliant nor does it supply POP Proxy capability.  Therefore email is not scanned for malicious file or malicious content.  MBAM may block a "known" Phishing URL or a HTML.FakeAlert but it is incapable of identifying and quarantining the malicious email.  This is also something an anti virus can do.

 

MBAM may block a "known" Phishing URL or a HTML.FakeAlert site but since it does not target scripted malware it can't preload the HTML and block access to a site using malicious code if is not known by Malwarebytes.  MBAM may handle a software exploit well but due to its inability to scan scripted malware, it will not help in Social Engineering events which is a the Human Exploit.  A traditional anti virus application on the other hand ads that additional capability.  Below is a snapshot of some of the detections a traditional anti virus application can perform that MBAM can not.

 

Spoiler

 

 

With all the things that that MBAM can not do, it is not an anti virus application and it remains an anti malware application which relegates it to its complimentary position.

 




 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,802 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:22 AM

Posted 13 March 2017 - 02:38 PM

While all of this is interesting to a point, this is detracting from the topic and is a disservice to the OP.  I would suggest that you start a separate topic in a suitable forum to discuss this and let the topic continue without disruptions taking it sideways.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Firefoxthebomb

Firefoxthebomb
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA -- Texas
  • Local time:09:22 AM

Posted 13 March 2017 - 04:50 PM

Its OK that you moved it to its own topic and all, but my first post was still valid for the OP, if s/he is running Avast and MB3 adding mutual exclusions could have fixed his/her issue.... :rolleyes:


Edited by Firefoxthebomb, 13 March 2017 - 04:50 PM.

firefoxsig-resized.jpg.b57936275b99d45f7

Dell Precision T7810, Win10 64bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon E5-2620v4 CPUs, Dual 8 Core Processors, 32GB Ram,
E5-2620v4 @ 2.10GHz X 2, AMD FirePro W4100 with 4 Screens, 500GB SSD Boot Drive,
Raid-1 Dual 2TB Sata 10000 rpm Hard Drives, DVD Burner, IE11, Opera, MBAM, MBSB, MBAE


#9 Porthos

Porthos

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 March 2017 - 02:13 PM

Hi David and Firefox"the bomb" :hello: What also needs to be mentioned is Using an AV lets say Defender when you download a piece of malware an AV if in the data base will alert to it and take action. Malwarebytes does not act on a file till one of two things happen.

 

1- You run/execute the file.

2- You scan the file (if in the database) then it is detected.

 

Malwarebytes does this to not "catch" the file the same time as the AV would to avoid conflicts. You would not want more than one program fighting over the same file at the same time.

 

In conclusion depending on the threat (file type, URL or exploit.) The AV or MB will catch it first and mediate. That is called layered security and is what Malwarebytes has been about since the beginning.

 

No ONE solution can catch and mediate every threat. Malwarebytes is there to run alongside your preferred AV solution to catch what the AV might have missed.

 

I for one am a Windows 10 user and advocate as well as a Malwarebytes supporter and reseller and use that combo on all systems I service.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users