Malwarebytes Anti-Malware Premium configuration guide
There seem to be two camps of users when it comes to Malwarebytes' Anti-Malware application for the Windows operating system.
Some users swear on it and believe it is one of the best security programs for the operating system currently while others think it is snake oil and not useful at all.
The company itself sees it as a complementary product that should be run next to antivirus solutions, and not something that should be run on its own.
Since I fall into the first camp of users, I'm running a premium version of the program on my main machine.
The guide covers versions 2 and 3 of Malwarebytes currently.
Malwarebytes 3 Guide
Malwarebytes 3 introduced a new interface and several other major changes in the application. This part of the guide walks you through the available configuration of Malwarebytes 3.x.
Application
The Application category opens when you activate the Settings link in the Malwarebytes interface. It offers a huge number of options which means that it takes quite some scrolling to explore the entire page.
Here is what is available:
- Manage application updates -- it is a good idea to keep automatic updates enabled unless you plan on staying at an older version.
- Manage notifications -- Notifications inform you about scan results and other things. If these get on your nerves, turn them off. Premium users may use Play Mode to have notifications disabled automatically when full screen apps and games run on the system.
- Impact of Scans on System -- you can reduce the priority of manual scans to improve system responsiveness.
- Windows Context Menus -- enable or disable the context menu entries in Explorer.
- User Access (Premium) - Limit user access to Malwarebytes features.
- Windows Action Center (Premium) -- Configures the integration of Malwarebytes with Windows Action Center.
- Beta Application Updates (Premium) -- Not recommended for production systems. You may join the beta program to receive beta updates.
- Usage and Threat Statistics -- Malwarebytes sends Telemetry data automatically. You can turn this off here.
Protection
Most settings under Protection are limited to Premium users.
- Real-Time Protections (Premium) -- You may enable or disable all real-time protection modules here or on the frontend. Exploit protection comes with options to protect certain programs so that they run normally.
- Scan Options -- You may enable rootkit scanning here. Doing so scans the system for rootkits but will prolong scans. Archives are scanned by default which you may disable here as well. Last but not least, you may disable the signature-less protection if you notice that it results in too many false positives.
- Potential Threat Protection -- The setting defines how potentially unwanted programs and potentially unwanted modifications are handled. The default is to always detect them. You may change that to "warn only" or "ignore".
- Updates (Premium) -- Premium users may configure automatic update checks here.
- Startup Options (Premium) -- Premium users may disable the automatic start or enable delayed startup using this group of settings. It is additionally possible to enable the self-protect module to make tampering more difficult.
- Automatic Quarantine (Premium) -- Found malware and other problematic items may be quarantined automatically if this feature is enabled.
Scan Schedule
Scan Schedule is only available in the premium version of Malwarebytes. Premium users may schedule scans using the menu.
Exclusions
Exclusions are useful if you notice that legitimate files or programs are flagged as malicious or problematic by Malwarebytes. Add them to the list of exclusions to protect them from being flagged.
Malwarebytes will ignore these during scans.
Malwarebytes Anti-Malware 2 Guide
The following guide provides you with information about the most important configuration options that Malwarebytes Anti-Malware Premium offers. While you will find some of them in the free version as well, some are exclusive.
A click on settings in the program window opens them up. You find several pages worth of settings on the page that let you customize program features and even add new features to the program that are not enabled by default.
Detection and Protection
This is probably the most important preference page of the program. It allows you to turn the program's malware protection and malicious website protection on or off, enable the scanning of rootkits (which is not enabled by default), and define actions when potentially unwanted programs (PUP) and potentially unwanted modifications (PUM) are detected.
- Scan for rootkits - Anti-Malware Premium supports the detection of rootkits. If you want that functionality to be included, you need to enable it here as it is not by default. Anti-Rootkit is available as a standalone (currently beta) program as well.
- PUP and PUM actions - Define how you want these handled. You may treat them like malware, which would quarantine them when detected, display a warning instead, or ignore them altogether.
- Malware Protection - This is the heart of the program and should not be disabled.
- Malicious Website Protection - This blocks websites flagged as malicious from being loaded. You may want to turn this off if you encounter false positives on a regular basis (I usually do as I don't need it).
Malware and Web Exclusions
These two pages provide options to add exclusions to the program which it honors from that moment on. This means basically that anything that you add here is ignored by the program when it scan and checks resources.
- Malware Exclusions - You may add individual files or entire folders to the list of exclusions.
- Web Exclusions - This exclusion list supports IP addresses, domains and processes. If you select a process, all of its "web traffic" will be ignored by Malwarebytes.
Advanced Settings
The settings listed on this page let you customize program behavior, for instance on start of the operating system or how it should handle detected items.
- Automatically quarantine detected items - You may want to disable the preference if you get false positives regularly. If you don't, you may find yourself opening the quarantine regularly to undo these automatic actions.
- Reduce priority of scans to improve multitasking - Enable this option if you notice slow-downs during scans, for instance if videos that stream to the computer stutter suddenly, if programs don't react immediately anymore or if you experience lag in games or real-time communication.
Automated Scheduling
Malwarebytes Anti-Malware Premium is configured to run a system scan once per day and to check for program updates once per hour. Existing tasks can be modified or removed, and new ones added on this page.
You may for for instance switch update checks to real-time instead of once per hour to receive updates as fast as possible. The fastest option checks once per minute for updates.
Depending on your requirements, you may want to use the fastest update check interval. You may need to experiment with various intervals to find the best setting for your needs.
General Settings
The general settings page provides you with options to customize notifications, and to enable or disable the Windows Explorer context menu entry.
You can disable notifications on this page for instance if you don't require them.
Access Policies
Protect certain program features from being accessed by individual users or groups of users. You may for instance block access to the settings.
Now You: Are you a Malwarebytes Anti-Malware user?
What annoying is that MAM scans and found +400 PUP but these comes from three programs that I know and there is nothing wrong with it but that is not the problem. The problem is that I not found any option where I can exclude this +400 with one click so that they not popup the next time. Where are the options to exclude/ignore once? This is not wise to not include these options. It make MAM more annoying then the opposite because this is not practical and why these programs are showing up as PUP’s where I have checked these progs with VirusTotal and there is nothing wrong with it.
I got an excellent deal from an online retailer for a pair of lifetime licenses for around $30. I bought them and now use Malwarebytes Pro on my home computer and my laptop. I wouldn’t have purchased the Pro version if I would be required to pay a monthly or yearly fee. I also run two antivirus programs simultaneously and my PC is faster than ever.
I occasionally run the free version, but doesn’t Avast (pretty much) have the same offerings?
The core engine between the two versions is slightly different to each other. I like to think of the freebie version as MBAM Lite, and the paid version as MBAM Pro. The lite version does not have the active scanner and doesn’t do an in depth search as the paid version does. Or you can think of it this way. On a scale of 1 being minor nuisances, and 10 being nasty life changers, the free version only does 1-5.
For some of you that is all you need because the spectrum of sites you visit are in that range and you’ll never stray to the dark side where some of us have ventured. The rest of us venture into deep dark corners and will often come across sites that try to sneak one across the border. Those of us with the paid version can basically go anywhere we want with full protection.
The pro version includes the active scanner which kicks in on everything we do from web surfing to installing 3rd party software. I often try shareware or freeware software but many come bundled in wrappers or other nasty surprises. I am usually quite safe when it comes to installing 3rd party software and always use the custom options and remove 3rd party options, but there are always the odd time when one gets through. With MBAM Pro, no need to worry. If a wrapper attempts to install a malware during installation or after installation, it will get intercepted and either deleted or quarantined.
The difference being – deleted removed the offending software. Quarantines means it is stopped from activating but it is technically still there. Useful for some programs with wrapper checks. Like a particular video converter… sure it comes bundled with junk and unless you allow the junk to be installed, the actual program won’t run either. So the solution is to quarantine the junk and run the program.
Thanks for the detailed configuration, Martin.
We’ve been running the premium version on both home computers forever, and it has caught some nasty stuff more than once that our AV programs missed. It has proved that a little extra protection can go a long way.
http://www.askvg.com/free-1-year-license-of-malwarebytes-anti-malware-premium-edition/
I’m a premium MBAM user but quite a disgruntled one. I’m almost blind and use several different speech synthesis programs (JAWS, System Access and NVDA) for my day-to-day computer tasks. Version 1.75 of MBAM worked very well with speech software programs, particularly JAWS. Version 2.0 was *totally* inaccessible, and via beta testing, they knew it was going to be but released it anyway. After a number of months, the first update after v2.0 re-introduced some very minor speech software support but to me, it’s still nowhere near as accessible as v1.75.
No, not snake oil. In the 12 years I’ ve run XP – yes it still operates just fine, never falters – I was hit by 3 viruses. It was MBAM – not my anti-virus that found the little buggers and saved me having to do a complete reinstall. I have MBAM installed on both my Win 7 computers and my lovely XP darling.
I fail to see value in the paid version, someone above said it located and stopped an intrusion, but I’ve yet to encounter an intrusion of any sort
Enabling the self-protection module in Advanced Settings will result in Event ID 61703 flooding the Windows System Log in Event Viewer; run eventvwr.msc and go to Windows Logs\System.
@br0adband
You clearly fall into the category sensible users who can spot a suspicious app. But those are a minority. If you go fix a PC of a regular BFU (which I sometimes do) you’ll find it’s riddled with ad/spyware because the user doesn’t know what he/she’s doing. And trust me, MBAM certainly isn’t snake oil in that situation.
I also started out using the free version but lucked into a promotion for a lifetime full version license at a ridiculously low price (I think it was $10 per computer) a few years ago, and have been happily using the full version ever since.
I started out using the free version, but the premium was only $12, so I figured, why not? It has been more than worth the price. The program stopped an intrusion, and halted some websites from even loading.
Thanks Martin.
I had been using the free version for awhile, but several times a couple of years ago Malwarebytes prevented an intrusion during web browsing that my Norton Internet Security didn’t catch. I decided then and there to pay for the premium version. They’ve been consistent with database and program updates and I’ve never noticed any performance hit with it running 24/7. Just another reason to consider my money well spent.
I guess I’m one of those people that believe it’s “snake oil” because right now, after using Microsoft Security Essentials and nothing else except Firefox (pcxFirefox to be specific) + uBlock for months now and no other plugins or addons at all (I used to use ABP + NoScript + other things), I can run Malwarebytes and do a full system scan and it’ll come up with nothing at all. I regularly check – just for the hell of it – my system with Housecall by TrendMicro and the NOD32 Online scanner (both are downloadable clients that auto-update and scan on demand) and neither of them ever finds anything.
For all the crap that MSE gets, it does what it’s supposed to do more than people realize. And don’t even get me started on people who think Malwarebytes is some kind of anti-virus protection program too, my god I get that all the time and it just astonishes me to no end. :)
I’ve used multiple on demand tools to do scans and none of them ever find anything, not even a tracking cookie (I block all third party cookies natively and only allow session cookies).
Sometimes I think the paranoia just goes a wee bit too far.
Would never see myself upgrading from the free edition.
Same here. I don’t like running a resident AV scanner, but I like to run a manual scan now and then.