Kaseya Community

Malware Bytes scan

  • I looked in the help file and saw the list of command line options but at the bottom it states "Note: Corporate users please contact corporate@malwarebytes.org for additional command line parameters.", I sent an e-mail but have not heard back. Does anyone have this list of parameters?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: akoop
  • Malwarebytes' Anti-Malware Command Line Parameters

    Malware supports a few simple, but important, command line
    parameters. To start the program using command line, simply click the Start Menu, Run, and type the following:

    mbam-setup.exe /parameter
    (where parameter is one or more of the following)

    /SP-: disables the prompt at the beginning of Setup.

    /SILENT, /VERYSILENT: instructs Setup to be silent or very silent. When Setup is silent the wizard and the background window are not displayed but the installation progress window is. When a setup is very silent this installation progress window is not displayed.

    /SUPPRESSMSGBOXES: instructs Setup to suppress message boxes. Only has
    an affect when combined with '/SILENT' and '/VERYSILENT'.

    /LOG: causes Setup to create a log file in the user's temporary directory detailing file installation and \[Run] actions taken during the installation process

    /NOCANCEL: prevents the user from cancelling during the installation process, by disabling the Cancel button and ignoring clicks on the close button. Useful along with '/SILENT' or '/VERYSILENT'.

    Example: mbam-setup.exe /SP- /SILENT /NOCANCEL


    mbam.exe /parameter
    (where parameter is one or more of the following)

    /minimized: allows you to start the program minimized.

    /quickscan: allows you to run a quick scan.

    /quickscanterminate: allows you to run a quick scan. Program terminates if no items found.

    /fullscan: allows you to run a full scan.

    /fullscanterminate: allows you to run a full scan. Program terminates if no items found.

    /runupdate: allows you to update the program without displaying result dialogs.

    /updateshowdialog: allows you to update the program displaying all dialogs.

    /uninstall: unschedules all scheduled tasks and terminates all mbam.exe processes. Prepares for uninstallation.

    /fullauto: scans for malware and removes it silently. Please be sure to reboot after as it is not automatic (1.36+).

    MY NOTES:
    - check the revision history .txt file for addl switches that have been added, as well as the help file. You have to install it to find the revision/readme file. The help file can be accessed by running the program...

    - this company is terribly slow in responding to tech support emails. Even emails for ordering it took forever to get a response Confused

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /logtofile C:\temp\mbam-techlog.txt

    this command changes the location and name of the mbam log, then you can script Kaseya to pull that log. It will append the log each time mbam runs so if you dont want the log getting huge I would recommend having kaseya delete the file after you upload it

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runupdate

    this updates itself. I believe it will download and run new versions but I havent tested it that long

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /fullauto

    This runs a quickscan that autoremoves all found infections. I have not found a way to run a full scan and remove all infections.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jacobcallen
  • I also found that you can change the log destination with these two registry keys:

    HKLM\Software\Malwarebytes' Anti-Malware\Logs (string value with path of your choice)
    HKLM\Software\Malwarebytes' Anti-Malware\LogType (REG_DWORD with value 0x00000002)

    By modifying the keys before running the scan, I avoided the "Malwarebytes already running" problem.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: SMason
  • Here is an updated version of my AutoIT script from the other thread:



    AutoItSetOption("TrayIconHide", "1")



    Run(@ComSpec & " /c " & 'C:\temp\instmb.exe /SP- /VERYSILENT /DIR=C:\MBAM', "", @SW_HIDE)

    ProcessWait("instmb.exe", "5")

    ProcessWaitClose("instmb.exe", "40")



    Run(@ComSpec & " /c " & 'del "C:\Documents and Settings\All Users\Desktop\Malwarebytes'' Anti-Malware.lnk" /s /f /q', "", @SW_HIDE)

    Run(@ComSpec & " /c " & 'reg add "HKLM\Software\Malwarebytes'' Anti-Malware" /v Logs /d c:\temp\mbam-log.txt', "", @SW_HIDE)

    Run(@ComSpec & " /c " & 'reg add "HKLM\Software\Malwarebytes'' Anti-Malware" /v LogType /t REG_DWORD /d 00000002', "", @SW_HIDE)

    Run(@ComSpec & " /c " & 'reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce /v "Malwarebytes'' Anti-Malware" /f', "", @SW_HIDE)



    Run(@ComSpec & " /c " & 'ren C:\MBAM\mbam.exe favor.exe', "", @SW_HIDE)

    Run(@ComSpec & " /c " & 'C:\MBAM\favor.exe /runupdate', "", @SW_HIDE)

    Run(@ComSpec & " /c " & 'del C:\temp\mbam-log.txt /s /f /q', "", @SW_HIDE)

    ProcessWait("favor.exe", "5")

    ProcessWaitClose("favor.exe", "40")



    Run(@ComSpec & " /c " & 'C:\MBAM\favor.exe /fullauto', "", @SW_HIDE)

    ProcessWait("favor.exe", "5")

    ProcessWaitClose("favor.exe", "1800")

    ProcessClose("cmd.exe")

    ProcessClose("reg.exe")




    Both the installer and the MBAM executable are renamed to circumvent infections that look for those names. I also added timeouts to the ProcessWaits to ensure nothing overlaps.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: SMason
  • There's also a command line switch to specify the location of the log file (see the Changes.rtf file). At least there is in the Technician's License version...

    SMason
    I also found that you can change the log destination with these two registry keys:

    HKLM\Software\Malwarebytes' Anti-Malware\Logs (string value with path of your choice)
    HKLM\Software\Malwarebytes' Anti-Malware\LogType (REG_DWORD with value 0x00000002)

    By modifying the keys before running the scan, I avoided the "Malwarebytes already running" problem.


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • jacobcallen

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /fullauto

    This runs a quickscan that autoremoves all found infections. I have not found a way to run a full scan and remove all infections.


    Does this actually work in the free version? Or just the corporate one? Thanks

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: brian.mock
  • I'm a bit confused as well. I was under the assumption that the Tech license supported all of the command line switches, but was only supposed to be used on one PC then uninstalled.

    I just received this from them today:

    "Thank you for contacting the Malwarebytes Corporation.

    The Technician's license would allow a single technician to install, scan, detect and remove malware
    from any of your customer and internal computers one at a time and uninstall when complete.
    We also include access to an offline updater to support remote office or non-networked installations.

    This license does not provide the real-time protection module, scheduled scanning or scheduled updates.

    The pricing breakout is $100 USD per technician per year and discounts apply on purchases of 25 or more
    of these licenses.

    Please note, we do not support the scripted use of this product. It is intended for one technician per license
    on one computer at a time."


    Does this mean no command line switches are supported or just that they don;t offer any support if you are trying to use them???

    I would ask in an email, but it took me two weeks to get this from them Roll Eyes

    Jeff

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JMF
  • The line you bolded is new - as they never said scripting wasn't "supported". I take it to mean scripting isn't supported *if* it results in MBAM running on multiple PCs concurrently. My MBAM script is usually only run on one PC at a time - then uninstalled. If I were to do it on multiple PCs, I'd stagger it so as to not violate the license.

    MB is a terribly unresponsive company, so it would be near impossible to get them to clarify their license terms. It took me weeks to get them to SELL me the Technician's License. They are way understaffed - or lazy Sad

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • brian.mock
    Does this actually work in the free version? Or just the corporate one? Thanks


    All of the command line switches seem to work in the free version as well as the full.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • This is realy a nice script Jon. We will be looking forward for updates to this with time.
    Thanks for posting.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rajeevsharma
  • MBAM_Technicians_EULA_rev1.4.pdf
    I've attached the latest EULA from Malwarebytes regarding the Technician's license

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GXR
  • Few issues over here automating MBAM. I'm having a bit of trouble running a /fullauto as a full scan. The log shows the results as quick scan.
    I tried using the command mbam.exe /fullauto /fullscan /minimized - the outcome was the same. Anyone have any suggestions?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: luisc
  • No such document existed when I purchased the Technician's License. They are changing the licensing rules on the fly Confused

    What are they trying to convey in the following sentence from this document?

    "No external programs or Scripts are used, which makes automated and unattended installation by command line possible is supported"

    What idiot composed that verbiage? This company is so clueless and disorganized. But I will continue to use their product on one machine at a time, scripted or not Smile

    GXR
    I've attached the latest EULA from Malwarebytes regarding the Technician's license


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • After re-reading that sentence several times, it started to make sense Smile I think they forgot to put a comma near the end which would make it much easier to understand. Again though, they never sent any such license terms to me when I purchased. I even explained I wanted to do scripting in emails to their corporate people - and they were happy to sell me the Technician's License.

    This is probably what they should have written:
    "No external programs or Scripts are used, which makes automated and unattended installation by command line possible, are supported"

    Better yet, I would have written:
    "No external programs or Scripts (which make automated and unattended installation by command line possible) may be used."

    ReedMikel
    No such document existed when I purchased the Technician's License. They are changing the licensing rules on the fly Confused

    What are they trying to convey in the following sentence from this document?

    "No external programs or Scripts are used, which makes automated and unattended installation by command line possible is supported"

    What idiot composed that verbiage? This company is so clueless and disorganized. But I will continue to use their product on one machine at a time, scripted or not Smile


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel