• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

I submitted a SUPPORT REQUEST to Malwarebytes support. I asked if there were any known conflicts between MBAM Pro (the paid version) and Norton Security Suite version 21.6.0.32  I have a lifetime license for MBAM Pro version 2.0.4,1028 and have used it for several years. I requested support because,

I had a strange thing happen. Norton Security Suite notified me that MBAM was blocked from accessing Norton Security Suite.

When I checked NSS & MBAM logs it seems to me that no active MBAM scan was running at the time Norton notified me.

I received the following email reply and want to share it with the Norton Community.

Mike P., Feb 9, 1:07 AM: 
Hi David. Welcome to Malwarebytes support, my name is Mike and I'll be assisting you today.
We are sorry for your issues. As malware and viruses becomes more aggressive antivirus software development company make their security products also more and more aggressive. We would strongly recommend that you add following processes to be excluded from the Norton checks:


 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


Hope this helps. If not please let us know.

Replies

Kudos3 Stats

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Hi,
I'll start with your MBAM helper's reply.
"As malware and viruses becomes more aggressive antivirus software development company make their security products also more and more aggressive."
I will explain it a bit more:
Norton security products have a setting called 'Norton Product Tamper Protection', which is by default turned ON. The duty of this setting is to make sure everything external to Norton (including the malicious programs trying to disable protection as well as malwarebytes [ legit access] trying to do silent scanning/monitoring of those files ) are denied access from doing read/write/delete/modify actions to Norton product's process, threads, files etc. That caused the 'unauthorised access blocked' log entry in security history.

A couple of users (incl me) use the premium version of MBAM along with Norton product, without issues except this log entries. There is nothing to be concerned of that particular entries.

Hope your mind is set ease...
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

So far my Norton and MBAM have seemed to work well together.  Do YOU think there is any harm in adding the exclusions MBAM support suggests?

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

One word answer : No. No harm.

MBAM is designed to coexist with majority of other security products like Norton, bitdefender, kaspersky etc.
Excluding the executables from scans (which I havent done) needed to be done only in the case of conflicts and false positives. But in your case, both can be ruled out.
If you wish to add the exclusions (which ofcourse is a good practice) , thats upto you because I dont think there is any issue between Norton and Malwarebytes in your machine..
May be others have a different view.
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos1 Stats

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Hi David241,

This has been the subject of in depth discussion in the past and there are as many opinions as users commenting.  So say OK - run Pro, others say no Pro only the Free (using the only one product running in real time). and others even have the same opinion as I do.

You received your answer from MBAM, the company that makes and sells the product, so of course they want you to purchase the Pro.  I don't like the idea that they tell folks : "We would strongly recommend that you add following processes to be excluded from the Norton checks"  If they are strongly recommending it is obvious they made that decision based on occurrences they have encountered with their product in the past.

Don't misunderstand, I do not have the lifetime license, nor any desire to purchase it and make changes to my NSBU, so I will stick with the Free version as an on demand scanner.

Users have to know what plays nicely together on their systems and also what they feel comfortable using, even if exclusions within their antivirus protection is strongly recommended by the malware prevention products maker.

Just my 2¢.

Kudos1 Stats

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

I'm running MBAM Premium and have made no changes to either Norton or MBAM.

Windows 10 x64 1903
Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

As I understand the MBAM recommendations (please correct me if I am wrong) adding these exclusions, simply removes a few files from Norton scans. Adding these exclusions does not weaken the Norton Product Tamper Protection feature.

In other words the exclusions DO NOT GIVE MBAM additional access to Norton.

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

If you feel you need to add exclusions check here  -  https://forums.malwarebytes.org/index.php?/topic/99155-can-i-run-malware...

As I mentioned above, I have not made these exclusions.

Windows 10 x64 1903
Kudos1 Stats

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Yes, right, but.....If someone succeeds in replacing the excluded MBAM modules with malicious software, then you will have a vulnerability at hand after adding these modules to exceptions..

Conclusion : Do not add the MBAM modules to exceptions and let the Tamper Protection msgs be the Tamper Protection msgs. They do no harm, as said before.

W10 1809 and 1903 / W10 Insider / IE11 and FF 67, TB 60.7, NS 22.17, (Android 7 with NMS)
Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

How about adding Norton modules (your word) to MBAM exclusions. 
 

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Hi Krusty13,

I do not mean to be critical but the link you posted  { https://forums.malwarebytes.org/index.php?/topic/99155-can-i-run-malware... }   goes back to November 2011.  I think the file names and locations posted at the top of this thread are more accurate than those listed in the link you posted.

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

David241:

Hi Krusty13,

I do not mean to be critical but the link you posted  { https://forums.malwarebytes.org/index.php?/topic/99155-can-i-run-malware... }   goes back to November 2011.  I think the file names and locations posted at the top of this thread are more accurate than those listed in the link you posted.

No problem David, but I agree with Hugo  -   https://community.norton.com/en/comment/6205461#comment-6205461

Windows 10 x64 1903
Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

I do not mind trying MBAM supports suggestion. I do not think there is a major difference between installing and not installing the exclusions. If I am not correct I am the one that will have to deal with the consequences.

In this comment  https://forums.malwarebytes.org/index.php?/topic/99155-can-i-run-malwarebyes-real-time-with-norton-anti-virus/#entry491750

there is a link that does not function. Here is the correct link to  the five simulation tests on the Anti-Malware Testing Standards Organization (AMTSO) site.  http://www.amtso.org/check-desktop    (Am I the only one checking these links?)

I ran the five tests and Norton detected 4 of the 5 tests. Google Chrome blocked the last test. I guess I have another real time scanner in Chrome. 

Thanks to everyone for your comments, I guess I am asking a question that has been asked many times before, if that is true I apologize.

Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

Yeah, David, the exclusion is indeed your own responsibility, but the tests you ran do not represent my statement.

Overwriting of modules can also happen in other ways, for example through email attachments or a malicious install program, which does not necessarily need to be recognised as malicious.

For the rest : Up to you to enter the exclusions..

Regards, Hugo

W10 1809 and 1903 / W10 Insider / IE11 and FF 67, TB 60.7, NS 22.17, (Android 7 with NMS)
Kudos0

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

hvgsel  wrote - "the tests you ran do not represent my statement."

 I did not mean to imply that they did. Once I found the right link I found the tests interesting, and Chrome blocking the last test, very interesting.

I should have stated that over the years I have submitted a few support requests to MBAM.  Over time and with the past results I have built up a level of trust in their replies.

I am not disagreeing with anyone. No one else has posted that they are willing to try adding the exclusions.

I own a $320 laptop and plan to buy a much nicer desktop in July with a larger monitor. My budget is approximately $650 so now seems as good a time as any to check the results of installing the exclusions.

Kudos3 Stats

Re: MBAM version 2.0.4.1028 Premium - MBAM SUPPORT RECOMMENDATIONS

hvgsel:

If someone succeeds in replacing the excluded MBAM modules with malicious software, then you will have a vulnerability at hand after adding these modules to exceptions..

MBAM Premium users can enable MBAM's self-protection module at Settings  | Advanced Settings | Enable self-protection module, which is MBAM's version of Norton Product Tamper Protection.  MBAM's self-protection module is currently disabled by default because changes cannot be made to any MBAM file when this module is enabled (e.g., even the desktop shortcut icon for MBAM cannot be deleted) and users will sometimes forget this - see AdvancedSetup's FAQ Common Questions, Issues, and their Solutions for an explanation of why MBAM decided to leave this option disabled.  More information on this feature is available in the online MBAM User Guide.

The Chameleon emergency recovery tool bundled with MBAM can also be run if active malware ever stops MBAM from installing or running.  

David241:

Norton Security Suite notified me that MBAM was blocked from accessing Norton Security Suite.

Further to Nikhil_CV's comments < here >, I used to receive these Norton Product Tamper Protection (NPTP) warnings for mbam.exe and mbamservice.exe in my Norton security history all the time when I used NIS v. 20.x (2013).  I recently upgraded to NIS v. 21.x (2014) and haven't seen any lately but that might be because I created real-time exclusions for both these MBAM executables in Norton.  I agree with Nikhil_CV that these NPTP "Unauthorized Access Blocked" messages are nothing to worry about - I even get these warnings when I analyze my hard drive with CCleaner (ccleaner.exe) or defrag with Vista's Windows Disk Defragmenter (dfrgntfs.exe).  See my post < here > in the Product Suggestion board about these medium severity warnings.

-------------
32-bit Vista Home Premium SP2 * Firefox 35.0.1 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

This thread is closed from further comment. Please visit the forum to start a new thread.