• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Malware Bytes tech support wants me to alter NIS to fix their problem.

Last weeky, my computer just hangs there during start up and I can't go any further. So, I run system restore and find that Malware bytes is the issue.

I emailed Malwarebytes tech support and he has me try reloading the program, which doesn't solve the proble. 

Now he wants me to add Malwarebytes exeutable filesin the smart firewall section within the rules folder.

I've had NIS for almost 2 years with no problems, and MWB for only three months. I'm very leery about altering anything in NIS to accomodate shortcomings in Malwarebytes.

Any thoughts or opinions would be appreciated.

Here's the full text of his solution:

Hi,  let's try one more thing with Norton

Thanks, try these system tweaks on your Norton Internet Security(NIS)
Open NIS 
Click the 'Network Settings' option 
Scroll down to the 'Smart Firewall' section and click 'Program Control' 
Click 'Configure' 
Click the 'Add' button, then add all the executable files in the Malwarebytes folder
If you click the 'File Type' section to 'All Files' you can add other files in the \system32\drivers folder and the rules.ref folder as well:
For 64 bit versions of Windows Vista or Windows 7:

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys

Then reboot and see if the issue is resolved

Replies

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Last weeky, my computer just hangs there during start up and I can't go any further. So, I run system restore and find that Malware bytes is the issue.

I emailed Malwarebytes tech support and he has me try reloading the program, which doesn't solve the proble. 

Now he wants me to add Malwarebytes exeutable filesin the smart firewall section within the rules folder.

I've had NIS for almost 2 years with no problems, and MWB for only three months. I'm very leery about altering anything in NIS to accomodate shortcomings in Malwarebytes.

Any thoughts or opinions would be appreciated.

Here's the full text of his solution:

Hi,  let's try one more thing with Norton

Thanks, try these system tweaks on your Norton Internet Security(NIS)
Open NIS 
Click the 'Network Settings' option 
Scroll down to the 'Smart Firewall' section and click 'Program Control' 
Click 'Configure' 
Click the 'Add' button, then add all the executable files in the Malwarebytes folder
If you click the 'File Type' section to 'All Files' you can add other files in the \system32\drivers folder and the rules.ref folder as well:
For 64 bit versions of Windows Vista or Windows 7:

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys

Then reboot and see if the issue is resolved

Accepted Solution
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Hello, I run both NIS and MBAM Pro and I always have them ignore each other. It helps ensure that there are no conflicts between the programs because they do similiar things. Follow the instructions that were given and also add the following Norton directories to Malwarebytes ignore list:

C:\Program Files (x86)\Norton Internet Security

C:\ProgramData\Norton

*Note, the first directory is for 64-bit Windows. If you are using 32-bit Windows then add "C:\Program Files\Norton Internet Security" to the exclusion list.

*EDIT* - I just noticed that he had said to add the exclusions to Norton's Smart Firewall. Was it the Antivirus Auto-Protect that he wanted to you add exclusions to, or the Firewall? I have never excluded these files from the firewall. He may want you to try this as a diagnostic to see if it fixes the problem.

Win10Pro | NS | MBAM | Spybot S&D | SpywareBlaster | Acronis Ransomware Protection | KeyScrambler Prem | Ghostery | MAXA Cookie Manager | HostsMan | OpenDNS | NordVPN | CCleaner | JV16 PowerTools | PerfectDisk Pro~ www.needGod.com
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Thanks!

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

SecurePC and beancounter

Your running two security programs with real time scanners is actually not as safe as one at a time. All security software companies recommend fully removing any other security software with the appropriate removal utility.

Check this informative post by Queen-Evie from BleepingComputer

http://www.bleepingcomputer.com/forums/topic186533.html

You can run the free on demand scanners such as Malwarebytes Free as a second opinion.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

peterweb,

Thanks for your comments and normally I would agree with you about not running more than one resident antivirus / antimalware scanner. In the past I have used the free version of Malwarebytes and didn't want to have the Pro version running as a resident scanner. I just wanted NIS to take care of the resident protection as my first line of defense, and then use other programs such as Malwarebytes and Spybot S&D for manual scans to pick up what NIS missed.

However, after further studying the issue and the fact that Malwarebytes seemed to have a high detection rate of new threats that Norton frequently missed, I decided to give Malwarebytes Pro a try, primarily to set up the auto-updating and scheduled scans, not so much for the auto-protect. Initially I decided not to use it because I had some problem with the update not working, but later was fixed by a reinstall.

Your statement about "all security software companies recommend fully removing any other security software," while generally true, is not stricly always true because Malwarebytes is designed to work with other security software.  Malwarebytes has explicitly stated that it's purpose is not to replace traditional antivirus software but to work in conjuction with it as a second layer of defense. From the Malwarebytes website:

"Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complementary but essential program which detects and removes zero-day malware and "Malware in the Wild". This includes malicious programs and files, such as viruses, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance."

And if someone thinks that the website blocking is acting like a firewall and thus should not be used, here is Malwarebytes response:

"Malwarebytes Anti-Malware should never block your antivirus from connecting to the internet or downloading updates, however you may sometimes see a notification that Malwarebytes Anti-Malware has blocked access to a potentially malicious website and the name of the process is that of your antivirus application.

This occurs because many antivirus software will intercept all inbound and outbound traffic to and from your PC.  This behavior makes Windows believe that, regardless of the process accessing the internet, that the communication is being established by your antivirus’ process, thus Malwarebytes Anti-Malware will believe the same.

An example would be Avast! Antivirus or Kaspersky Anti-Virus.  Both of these products intercept all traffic to scan for infections.  This means that if you browse to a website using your internet browser and that website is blocked by Malwarebytes Anti-Malware, that the process which will be displayed as being blocked will not be that of your browser, but instead will be that of your antivirus."

Personally, I have the website blocking of Malwarebytes turned off because I prefer to just let Norton handle those. If someone tries the trial version of Malwarebytes out and find it conflicts with their standard security software even after adding the appropriate exclusions, then they should stop using it. However, I personally have been using it for some time and have not experienced the problems associated with installing multiple AVs/Firewalls. I know what some of those problems look like because I've played around with multiple security programs simultaneously on occasion (for experimentation purposes), but Malwarebytes and NIS have not exhibited those same problems in my experience.

For someone who does want the protection of Malwarebytes alongside of Norton, but either has problems with the two working together, or simply does not believe they should be running together, one can either (1) use the free version of Malwarebytes, or (2) Use Malwarebytes Pro but disable the Filesystem Protection and the Website Blocking, but set it up for scheduled updates and scans. I have mine to update hourly, flash scan daily, quick scan weekly, and full scan monthly.

Here's an interesting interview with Malwarebytes' founder about the history and purpose of Malwarebytes:

http://www.techspot.com/article/581-malwarebytes-marcin-kleczynski-interview/

http://www.techspot.com/article/581-malwarebytes-marcin-kleczynski-interview/page2.html

References:

http://helpdesk.malwarebytes.org/entries/20818081-does-malwarebytes-anti-malware-replace-antivirus-software

http://helpdesk.malwarebytes.org/entries/21195921-why-is-malwarebytes-anti-malware-blocking-my-antivirus

Win10Pro | NS | MBAM | Spybot S&D | SpywareBlaster | Acronis Ransomware Protection | KeyScrambler Prem | Ghostery | MAXA Cookie Manager | HostsMan | OpenDNS | NordVPN | CCleaner | JV16 PowerTools | PerfectDisk Pro~ www.needGod.com
Kudos1 Stats

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

FWIW, personally, if one has to change settings in any program, so that it can play nicely with another program then it is not for me. 

It may all play nicely together today with the changes/exceptions - but what happens if a change (update) in either program occurs tomorrow and stops them from playing nicely? 

The answerr for me is not to wait until one or the other decides which settings you have to change in order for them to go back to playing nicely.

If the default settings do not play nicely - I'll skip the combination - because the less tech savy will be lost and there are far more of those than the tech savy!

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.


yank said:

FWIW, personally, if one has to change settings in any program, so that it can play nicely with another program then it is not for me. 


Then it's not for you.


It may all play nicely together today with the changes/exceptions - but what happens if a change (update) in either program occurs tomorrow and stops them from playing nicely? 

The answerr for me is not to wait until one or the other decides which settings you have to change in order for them to go back to playing nicely.


That's a useful point to consider, but here is something else to consider: You could just as easily say that the answer is not to wait until some new malware comes out that one security solution would detect but the other one wouldn't, and thus risk getting an infection that could either compromise your personal data or crash your computer, when you could have two security solutions which update frequently working together which would have a greater chance of catching the malware. I see it posted very frequently on these forums that no antivirus program catches all computer viruses. Malwarebytes is a rare exception to being able to running multiple antimalware solutions simultaneously and thus mitigate this problem.


If the default settings do not play nicely - I'll skip the combination - because the less tech savy will be lost and there are far more of those than the tech savy!


That is quite likely, however, how much more lost would they be if they were infected with viruses that their single security software didn't pick up?

Win10Pro | NS | MBAM | Spybot S&D | SpywareBlaster | Acronis Ransomware Protection | KeyScrambler Prem | Ghostery | MAXA Cookie Manager | HostsMan | OpenDNS | NordVPN | CCleaner | JV16 PowerTools | PerfectDisk Pro~ www.needGod.com
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Hi SecurePC,

You missed my point, I use MBAM Free as a second opinion on demand scanner and have for years.  I also use SuperAntiSpyware Free as an on demand scanner.  There is nothing wrong with the addtional layers of protection - provided they do not conflict with my main Anti-Virus program, and I do not have to adjust settings in either to use them.

Neither of the two I mentioned above are AV programs (as Norton is), so the less tech savy are not any safer against virus by having MBAM or SAS. 

I will admit MBAM has come to my rescue once or twice - but we were talking ransomware or PUPs, not a virus.

This has all been discussed in the past here and most other tech forums - reminds me of the PC/ MAC, IE/FF/Chrome, and of course the Free AV/Paid AV (and which product) discussions.

To each their own.

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Hi yank,

If your point is about using the free versions of on-demand scanners such as Malwarebytes Free, then yes I do understand that point very well. I even stated that that was my approach for a long time before switching to the Pro version, and it is normally my recommendation for others. I am simply trying to clarify that MBAM does work well with NIS, it is meant to work well with NIS (and other security software), and does not exhibit the problems of having multiple AVs installed that most other programs normally have. Now if someone experiences the contrary then they can choose either to stay with the free version or use the Pro version for scheduled updates and scans and disable the Filesystem Protection and the Website Blocking.

You made some good points in your last post, but I do I think there are other good points to consider as well. It is up to each user to decide whether they want the Pro version or just the free version or not to bother with MBAM at all.

The analogy of the PC vs. Mac or which web browser to use is not parallel to what I am saying. I am not arguing for MBAM over NIS. Nor am I arguing NIS over MBAM. Granted, if I had to choose only one as my resident protection I would choose NIS because it is more comprehensive as a security suite and they have a much larger AV database. But in this case I do not have to choose only one, and I do not have to wait until NIS misses something, my computer becomes infected with malware, and potentially does the damage before I run MBAM Free. Instead, they can both work side by side fine.

Your comment about having to change settings I think I disagree. If you don't want to, then don't. But according to MBAM the exclusions added are just to ensure there are no problems. According to the site the exclusions only need to be added in rare instances. NIS already by default ignores files during scans to improve performance. In this case it is ignoring the MBAM files (which the user would hopefully be able to trust) from the Auto-Protect. So even NIS should be scanning the MBAM folders during scans (excepting NIS includes MBAM in it's trust profiles), just not those files with the auto-protect. One is simply telling NIS to ignore MBAM. One is not changing crucial settings to NIS (such as turning off the auto-protect, or turning off the firewall, or turning off some setting that ensures the computer remains secure such as the boot-time scanning or some other feature).

Win10Pro | NS | MBAM | Spybot S&D | SpywareBlaster | Acronis Ransomware Protection | KeyScrambler Prem | Ghostery | MAXA Cookie Manager | HostsMan | OpenDNS | NordVPN | CCleaner | JV16 PowerTools | PerfectDisk Pro~ www.needGod.com
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.


yank wrote:

It may all play nicely together today with the changes/exceptions - but what happens if a change (update) in either program occurs tomorrow and stops them from playing nicely? 


I have to agree with Yank.

As the security companies do not recommend running multiple security programs, they are not about to check for interoperability when they produce an update. This can lead to an undetected reduction in protection.

Bottom line is it is up to the user to do what they feel right, but the majority seems to recommend one at a time.

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.


peterweb said:

As the security companies do not recommend running multiple security programs, they are not about to check for interoperability when they produce an update. This can lead to an undetected reduction in protection.


I am not trying to argue against your own personal choice here, but this statement missed the point entirely. Regardless of my previous point about it not being strictly true that security companies always recommend against multiple security programs, it is also not true that one cannot run multiple security programs in general. What I mean is this: the terminology of "security program" encompasses a broad range of solutions, not all of them do exactly the same thing and not all of them inherently conflict with each other. For example, NIS and NSM are both "security programs" but they work on different levels and do different things. Furthermore, outside of the Symantec line of products, TrueCrypt, KeyScrambler, and Secunia PSI are all also "security programs" yet they can all function together just fine.

Now, no doubt you are using the words "security programs" with antivirus programs in particular, but the above point helps illustrate why MBAM Pro and NIS can coexist. MBAM is intended to work as an additional layer of protection. It is intended to work with other antivirus programs. It is not intended to do the exact same thing that the antivirus is doing. Thus it is better to view MBAM Pro as a layered defense rather than conflicting defense.

Saying that security companies are not going to check the interoperability between their security program and another is like saying that they are not going to check to make sure that an update does not conflict with other layers of security such as the programs listed above. They make an update, there is a problem between the two, someone needs to release a patch to fix the bug causing the problem. On the other hand, if a security suite like NIS includes an update in the future which does interfere with the way MBAM works, then either MBAM will have to be updated to further compatiblity, or one will have to make the choice you are suggesting. But at this time this conflict is (to my knowledge) non-existent.

Malwarebytes has stated that they do thoroughly test numerous security solutions with Malwarebytes to ensure compatiblity. This is their intent and purpose: to provide an additional layer of security to work in conjunction with already existing antivirus solutions, not to replace them. Specifically, it is intended to increase security against Zero-Day threats. If you believe they fail at this, then do not use their products, but simply stating that old "never install multiple antivirus programs" misses the purpose of Malwarebytes entirely.

Win10Pro | NS | MBAM | Spybot S&D | SpywareBlaster | Acronis Ransomware Protection | KeyScrambler Prem | Ghostery | MAXA Cookie Manager | HostsMan | OpenDNS | NordVPN | CCleaner | JV16 PowerTools | PerfectDisk Pro~ www.needGod.com
Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Nice write-up SecurePC. I have been running NIS 2012 and Malwarebytes Pro with full protection turned on with no problems. When ever it updates the definitions it does a Flash Scan which only takes a few seconds.

Jim

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Hi, SecurePC.  My take on the situation:

1. I concur with your conclusion that the combination of MBAM Pro and NIS 2012 would provide more comprehensive security than a standalone installation of NIS.

2. However, due to the inherent design of MBAM, it is always "playing catchup" with the various AV/FW packages it is designed to coexist with.  Thus, there may be times when a "gotcha" rears its ugly head - and things go awry.  That this gets resolved quickly (usually within 24 hours) - does not completely mitigate the issue.

3. For technically competent users, item 2 is not a big deal.  This happens so frequently amongst other programs - such as MS updates "breaking things" - that technically competent users can usually resolve stuff like this quite quickly.  (Eg: Reaching for their Ghost Restore CD, restoring their latest backup, and then performing the required "detective work" to figure out where the conflict is coming from.)

4. For the average run-of-the-mill user - stuff like compatibility "gotchas" when running complementary AV/FW/AMW products isa major problem.  This class of user doesn't have the skills to be able to resolve compatibility issues quickly - and thus return to a productive environment without a lot of fuss.

Consequent to the above, my recommendations are as follows:

1. For users who frequently visit the class of site where they get "bitten" (Eg: Porn, Gambling, Pirateware and so on) - the dual-product solution is probably a good idea - as long as that user is competent to resolve unexpected compatibility glitches.  And yes, this includes the ability to Restore the appropriate Image Backup using something like Ghost or TrueImage - along with the ability and dedication required to keep those Image Backups up-to-date in the first place.

2. For users who do not have the above level of competence - or who are unwilling to invest in the expense of a functional Image Backup utility and the required External Storage to "bulletproof" their Windows installation - running complementary active-scanning is probably an invitation to be visited by Mr. Murphy - and thus should be avoided.

3. For users who do not frequently visit the class of site where "drive by malware" is common - a single-class AV/FW product is probably sufficient.  Note this does not mean "absolutely bulletproof".

 4. AV/FW Software where the 'engine" for that software is in an active state of development - and thus the product is evolving quickly - creates an absolute minefield of possible compatibility glitches between a pair of "supposedly compatible" products.  Consequently, I would tend to avoid the use of complementary active-scanning products in that circumstance - as the risk of "explosions" is simply too great.  Please note: I consider the current situation with NIS 2013 as an example of this.

5. For those users willing to take the risk of doing active-scanning using quickly-evolving AV/FW software along with a complementary MW-detection product - I consider the use of Imaging Software with a scheduled Backup Routine as mandatory.

There.  My $0.02 on the topic...  

Kudos0

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Having more than one realtime product installed together, all I can say is.

Don't complain if Norton / Symantec is not running correctly or their is a bug, As the problem could be more han likely user created,  From Firewall, Facebook problems, scanning, slow startup or a detection.

Quads

Kudos1 Stats

Re: Malware Bytes tech support wants me to alter NIS to fix their problem.

Even if running Malwarebytes' in conjunction with an antivirus did not pose a risk of the two programs interferring with each other (which might not even be apparent until a threat has to be dealt with), it is still, at best, simply a waste of system resources.  True protection comes from security in layers, of which a software solution is merely one component.  If the proper security best practices are already in place, doubling up on running more security software is not going to provide any meaningful increase in protection - clearly not enough to outweigh the performance hit and uncertainties about how the two programs will interact when the computer encounters a serious threat.  Conversely, if you are not already using a layered approach to security, but are instead relying solely on software products for all of your protection, your PC is going to be at risk anyway, no matter how many anti-malware programs you install.  There are just so many more useful things that PC owners could be doing that would actually increase their online safety, than to pursue the mistaken notion that they will be more secure by adding more of exactly the same kind of protection that they already have.

This thread is closed from further comment. Please visit the forum to start a new thread.