Kaseya Community

Latest Version Of MalwareBytes Corporate Breaks Log Parser

  • I just found that the latest version (1.61.0.1400) writes a logfile in a different fomat than the previous version resulting in a broken log parser. While some of the changes to the new format can be accounted for in a modified log parser another part of the changes can't. Please be aware of this if you're using log parsers to read and act on MalwareBytes' log files. I'm going to open a support ticket with MalwareBytes Support to see if there's any way to get them to change the format of the log file back since the new format isn't an improvement - just a change to the way the file is formatted. Here's a portion of the old file format:

     

     

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    (No malicious items detected)

     

    Registry Keys Infected:

    (No malicious items detected)

     

    Here's a portion of the new format showing the changes that break the log parser:

     

    Memory Processes Detected: 0

    (No malicious items detected)

     

    Memory Modules Detected: 0

    (No malicious items detected)

     

    Registry Keys Detected: 0

    (No malicious items detected)

     

    Registry Values Detected: 0

    (No malicious items detected)

     

    Registry Data Items Detected: 0

    (No malicious items detected)

     

    Folders Detected: 0

    (No malicious items detected)

     

    Files Detected: 0

    (No malicious items detected)

  • I've been down this road already. I manage my own MBAM scripts outside of KAM. I'm not sure if it helps you or not, but you can change a file's encoding with the "type" command in DOS. Here is an example of what I use... note I also remove the "protection disabled" bit because I don't want clients asking about it.

    type C:\mbam-full.txt | find /v "Protection: Disabled" >> C:\newFile.txt

    You can output the results to a file or just use the "Execute Shell Command - Get Results to Variable" step in Kaseya.



    [edited by: SMason at 1:05 PM (GMT -7) on 4-10-2012] Added more info.
  • Thanks, SMason - I also do not use KAM - I purchased the Corporate Version of the MalwareBytes Software from MalwareBytes. However, I do use the Kaseya Log Parser to monitor the log files generated when I run a MalwareBytes scan (also triggered by a Kaseya Procedure). However, it's now looking like I got the wrong version of the software when I downloaded the new version. My log files now show "Malwarebytes Anti-Malware (PRO) 1.61.0.1400" when they should be showing the Corporate version so I'm doing another download of the (I hope) correct version and will test again.

  • So, after checking with MalwareBytes support log parsing with Kaseya's Log Parser is now definitely broken with their new log file format. Crud! Looks like I'll need to write my own log parser.

  • Give the "type" command a try and send the output to a new file. Then try the log parser on your new file.

  • Thanks, SMason. It's not an issue with Unicode or ASCII it's that the format of the log file has changed in the latest version of MalwareBytes Corporate and the Kaseya Log Parser cannot deal with the changes. It's simply too limited in what it can do. However, I've resolved the situation to my satisfaction by creating my own log parser in VBScript to deal with the MalwareBytes log file. I use a Kaseya Procedure to periodically start a MalwareBytes scan. The procedure also starts my VBScript which monitors the folder for changes that the scan will write the log file to and, when the log file is written after the scan, the VBScript checks it to see if anything was found. If the scan found anything the script emails a copy of the log file to me for further checking. Works great and so much simpler than the Kaseya Log Parser.