Kaseya Community

Malware Bytes scan

  • Not sure who all would be interested. but I am attaching a script for Malware Bytes. It will download the latest version, install it, check for updates, and then start a scan. The only user interaction is to remove infections, have not found a way to automatically remove and that seems like a good thing to me.

    Legacy Forum Name: Malware Bytes scan,
    Legacy Posted By Username: JonJohnston
  • MalwareBytes install-scan.zip
    JonJohnston
    Not sure who all would be interested. but I am attaching a script for Malware Bytes. It will download the latest version, install it, check for updates, and then start a scan. The only user interaction is to remove infections, have not found a way to automatically remove and that seems like a good thing to me.


    Might be good if I attach the file. Save it. then import the .asp into Kaseya scripts.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • Looks good. Will that URL change as later versions come available? Also I found when a newer version was available, you could script the uninstall of 1.33 but 1.34 would not install until the system had a reboot.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: carey-pccare
  • JonJohnston
    have not found a way to automatically remove and that seems like a good thing to me.


    I'm on the other side of the fence. I'd rather it removed things automagically. Spybot does, antivirus clients do, why not MB?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: sequoya
  • I have not tested the url change. It seems very possible that it would change slightly, but only time will tell unfortunately. This is just one of the things I sat down and wrote out quickly to make my life a little simpler, I haven't fully tested the url change and what not. I did notice that it an over-the-top install seemed to work fine, without a reboot as mentioned.
    One thing I considered doing was an if statement, if file exists, C:\Program Files\...mbam.exe, then just have it update and scan but ran into the issue of an user prompt when updating the program.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • sequoya
    I'm on the other side of the fence. I'd rather it removed things automagically. Spybot does, antivirus clients do, why not MB?


    It's just me but I like knowing what is going to be removed from my or client machines. I agree it can be a hinderance, run the script at night, have to remember to get in the machine and remove stuff hoping the user hasn't closed the program or anything.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • [QUOTE=carey-pccare;38601]Looks good. Will that URL change as later versions come available? Also I found when a newer version was available, you could script the uninstall of 1.33 but 1.34 would not install until the system had a reboot.[/QUOTE]

    I just checked and yes the URL has changed. I am going to have to find a way to get the url as it changes. I will post back if find a solution.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • JonJohnston
    I just checked and yes the URL has changed. I am going to have to find a way to get the url as it changes. I will post back if find a solution.


    I found it was just easier to put the current version in the Managed Files on the Kaseya server. Since I run the script on my machine daily, I know when a new version is out. Either way is ok I guess, because your going to have to have interaction with the initial install, and when MWB updates the app.

    Once the file is pushed out just leave it there, the script checks if it is already installed and runs the /update flag. So either way your covered on a current version.

    my 2 cents.

    Great script btw, its nice to be able to schedule daily updates of the defs, and/or scans to my liking.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Techdawg
  • That is what we did at first, have most current version on our Kserver, pushed it out and did the rest manually. I sat down and in about 10 minutes wrote the script out to download the most current from internet, install, update, and scan without even considering possible drawbacks, such as the url becoming invalid.
    Two thoughts here: Either figure out how to have the script automatically find the new url (possibly get url, check variable for MBAM, etc., takes more thinking) or once a week download the newest version to the Kserver and do a write file, the install, update, scan. That seems like the best alternative at this point.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • Guys, anyone make headway with getting the results of the scans?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: boudj
  • IIRC, it creates a .txt file - couldnt you pull that file upon completion of the scan via a 2 part script?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jm-ctaccess
  • Getting the results is pointless because at this point, or at least from what I have been able to do, the infections must be manually removed. I have not been able to get a scan to run and automatically remove. If somebody knows how to get automatic removal please let me know, as then a simple get file step will grab the scan/result log

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • The results is not pointless, if I am running the scan remotely because I suspect an infection, I'd want to see the results of the scan before I take the next step.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: boudj
  • Unless you know a way to remove the infections through a script then you would have to remote into the machine to remove them and you would be able to see the results. When MalwareBytes finishes a scan it shwos the reults and a log file on the screen. So when you go in to remove infections it would be there.
    I think you are wanting the log file sent to you so you know if you need to waste time remoting into the machine. If that is the case then do a get file using something like the following: C:\Documents and Settings\%Username%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Also, if you do the mbam.exe /fullscanterminate the program will close if no infections are found. In that case you could look at the script and see if it ran successfully or is still going. If it is still running hours later could assume it found infections, remote in and remove them.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • JonJohnston
    If it is still running hours later could assume it found infections, remote in and remove them.


    Except, unfortunately, if the script is still running... how are you going to remote in?

    (I've been waiting for a Kaseya agent that lets us interrupt scripts and/or run a separate remote-control script since my first day on the job.)

    The only problem with MBAM is that it's "designed" to require user interaction. I understand where they're coming from ideologically but it doesn't make my job any easier...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GreyDuck