Kaseya Community

MalwareBytes Versions

  • From my understanding, there is a retail, tech & MSP versions of MalwareBytes. Has anyone purchased the MSP version? I am curious on how it has worked out on alerts & command line options.

    I see that the FULLSCAN scans local and network drives. Does the MSP version have more commandline options for drive selections so it does not scan network drives?

    Legacy Forum Name: MalwareBytes Versions,
    Legacy Posted By Username: shickey
  • We are running the MSP version of Malwarebytes. There really aren't any more command line switches than in any other version (even the paid version).

    The "FullAuto" switch is actually misleading as it does a Quick Scan w/ Automatic Removal, not a Full Scan as the name seems to imply.

    We love the product and it has reduced our malware infection rate to almost 0 for our managed clients. The only trouble is there is no Administrator console for the product, so it has to be individually managed on each PC with K scripts. I have about 10 scripts now that check everything from registration key, service installation, process running and memory utilization plus the add/remove/scan aspects. It was a pain to setup at first, but it's now pretty much administering itself with scripts and alerts.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Do you care to share any of those scripts?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ryan@cct247.com
  • Sounds like they are just selling the same product under a different "version" name and have not really addressed the needs of the MSP.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • CCDave
    We are running the MSP version of Malwarebytes. There really aren't any more command line switches than in any other version (even the paid version).

    The "FullAuto" switch is actually misleading as it does a Quick Scan w/ Automatic Removal, not a Full Scan as the name seems to imply.

    We love the product and it has reduced our malware infection rate to almost 0 for our managed clients. The only trouble is there is no Administrator console for the product, so it has to be individually managed on each PC with K scripts. I have about 10 scripts now that check everything from registration key, service installation, process running and memory utilization plus the add/remove/scan aspects. It was a pain to setup at first, but it's now pretty much administering itself with scripts and alerts.


    If you are monitoring the process for malwarebytes on workstations, how do you deal with the alerts when the workstations are turned off?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GDRBrian
  • MBAM.xml
    ryan@cct247.com
    Do you care to share any of those scripts?


    Sure. Care to send me money? Big Smile

    I've attached the folder with some of my scripts. I have removed the license key (sorry) and some steps that call my other maintenance scripts.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • GDRBrian
    If you are monitoring the process for malwarebytes on workstations, how do you deal with the alerts when the workstations are turned off?


    I was monitoring the service and/or process on workstations. I wasn't "alerting" on such conditions, I'm just running my MBAM scripts when the conditions are met.

    Currently I'm running a script daily to check for the running process. This seems to be enough. I created a view based on whether the script succeeds (MBAM running) or fails (MBAM not running).

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Hey CCDAVE,

    Can you monitor the MB log file for a change? I wonder if it detects an infection if it updates the log file, thus an alert maybe possible, or, does it update the log file with each scan?

    Just looking for some form of alert on the detection of a threat. Do you think MB is capable of some trigger method for alerting?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • shickey
    Hey CCDAVE,

    Can you monitor the MB log file for a change? I wonder if it detects an infection if it updates the log file, thus an alert maybe possible, or, does it update the log file with each scan?

    Just looking for some form of alert on the detection of a threat. Do you think MB is capable of some trigger method for alerting?


    You can set the Log Monitoring through Kaseya to monitor the log file, however there is a problem. Malwarebytes directories all have apostrophies (') in their directory name. Kaseya doesn't like this and appends additional apostrophies around the original ('''). Then, each time you save the log parser, it appends additional apostrophies (''''''). I haven't figured a way around it and I'm trying to lean hard on the Malwarebytes guys to write to the event log again (which they did many revisions ago).

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Oh ya, logging to the event log would be nice, if, it would log threat notices only, not scan notices.

    Also, does the MSP flavor allow you do select which drives gets scanned instead of all drives during a full scan? In the freebie, I see it scans network drives....grrrr

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • shickey
    Oh ya, logging to the event log would be nice, if, it would log threat notices only, not scan notices.

    Also, does the MSP flavor allow you do select which drives gets scanned instead of all drives during a full scan? In the freebie, I see it scans network drives....grrrr


    I'll have to check. I only do the Quick Scan (command line "fullauto") on my workstations. Quick Scan is usually enough to take care of most things. Full Scans really bog down machines for a while.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Ya, I've done the quickies too, but surprisingly, the full scans has found stuff buried in old files on systems & attached storage devices, like USB drives. I don't mess with it enough to see the differences. I usually schedule the scans for around 1:00am.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • Yeah, the Quick Scan doesn't do anything with System Restore and System Volume Information folders that the Full Scan does take care of. However, there is no command line for "Full Scan and Clean" at the moment. I believe it is on their roadmap, but nothing yet.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave