Kaseya Community

Malewarebytes Auto Clean infected files - in the works

  • ReedMikel
    I can tell you their handling of command line switches is anything but intuitive.


    They are so unintuitive that the /fullauto does not run a full scan, it is a quick scan. You would think they would have used /quickauto instead.

    Vernon Southmayd
    Creative Computing

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: vernon@midmich.net
  • Ahhh, you are so right! Just checked one of my log files and indeed using the /fullscan switch resulted in a "Scan type: Quick Scan" appearing in the log Confused Maybe if we used /quickscan it would do a full scan? Big Smile

    How could they write software that detects/dinsinfects so well, but screwed up the command line so badly? Plus, their documentation is lacking and scattered all over the place. Oh - and sales and support are soooo slow. Well, at least they do something right Smile

    I only bought this software because it does indeed disinfect machines that other AVAS packages fail to clean (even KES/AVG misses a good bit).

    vernon@midmich.net
    They are so unintuitive that the /fullauto does not run a full scan, it is a quick scan. You would think they would have used /quickauto instead.

    Vernon Southmayd
    Creative Computing


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • saputo444
    ReedMikel have you tested your script on Windows 7?


    That script works on Win 7 Ultimate, but you need to disable the Interactive Services Detection service first.

    On another note, with the free version of MBAM, when the app does receive an update, there is a pop-up that states it updated and the script fails (unless someone selects OK in the time frame before it issues the scan command). If MBAM is already fully updated, it runs smoothly.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: gdanner
  • You can also simply remove the messages from the script there really isnt any need for them since it is completely silent anyway.

    My own testing has confirmed that it works great on Windows 7.

    I am now in the process of replacing the send email function of the script with a script that creates specific error log entries depending on the results. This will allow me to schedule the script weekly and monitor the results through the group alarms. I like to keep all my alerts in one place and watching the error log for malwarebytes alerts is much easier.

    On that note does anyone no how to stop Windows 7 from prompting the user when I try to delete the mbamlog.txt using the kaseya script? I need to recreate the log so that I am not parsing old log info.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: saputo444
  • Has anyone received formal communication from Malware Bytes that the technician license can be used for scripting?

    From what I can tell, they don't understand what we are trying to use their product for, such as scripted installs and execution.

    They keep pointing me to purchase a corporate license for each desktop the product might used on.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: smbtechnology
  • This is about a month old:

    Thank you for contacting the Malwarebytes Corporation. I apologize for the delay in response.

    The Technician's license would allow a single technician to install, scan, detect and remove malware
    from any of your customer and internal computers one at a time and uninstall when complete.
    We also include access to an offline updater to support remote office or non-networked installations.

    This license does not provide the real-time protection module, scheduled scanning or scheduled updates.

    The pricing breakout is $100 USD per technician per year and discounts apply on purchases of 25 or more
    of these licenses.

    Please note, we do not support the scripted use of this product. It is intended for one technician per license
    on one computer at a time.

    Should you decide to take advantage of this pricing, let me know exactly how many technicians and
    I will provide you with a custom purchase link with the quoted price.

    Of course for any additional questions, please feel free to contact me.

    Best regards,
    -Pete

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: saputo444
  • If you wish to legally use Malwarebytes in an MSP application you will need to use the Corporate version. See below:

    Thank you for contacting the Malwarebytes Corporation.
    The paid MSP licensed product provides proactive protection from malware infections. These versions are scriptable and work within the Kaseya, N-Able, LPI, etc management framework and scanning, detecting, logging and removals can be automated and are supported by us.
    The license begins at 100 seats, and for 100 MSP corporate licenses, the price is $8.35 USD per license per year.If you would like to take advantage of this pricing, please let me know, and I will have a formal quote and purchaselink generated for you. Of course for any additional questions, please feel free to contact me.
    Best regards,
    -Pete
    Pete Nguyen
    Malwarebytes Corporation
    Email: pete@malwarebytes.org
    www.malwarebytes.org

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: saputo444
  • Here is the first part of my query into MB.

    ---------------------
    Thank you for contacting Malwarebytes Corporation.

    Please provide me with a little more information to help me determine the best licensing fit for your needs.

    * Is your company interested in preventative, real-time malware protection for your business or clients?
    * Do you provide for a managed service offering for your customers?
    * How many IT administrators/technicians would exclusively use our product as a malware removal tool?

    Once I have this information, I can make the appropriate licensing and pricing recommendations.

    Best regards
    - Pete

    ---------------------------
    Followed by this email
    _______________________

    I apologize for the delay in response. As you are an MSP, the MSP corporate license will be most appropriate for you.
    Basically, the paid MSP licensed product provides proactive protection from malware infections. These versions are scriptable
    and work within the Kaseya, N-Able, LPI, etc management framework and scanning, detecting, logging and removals can be
    automated and are supported by us.

    The licenses begin at 100 seats, and for 100 MSP corporate licenses, the price is $8.35 USD per license per year.

    If you would like to take advantage of this pricing please let me know and I will have a formal quote and purchase link
    generated for you. Of course, if you have additional questions, please do not hesitate to contact me.

    Best Regards,
    -Pete

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • MalwareBytes is so clueless about themselves Sad I was told back in May that I could purchase a single Technician's license and script it. There is nothing in the license that states otherwise - unless they have revamped it. They are one of the oddest companies I have ever encountered. It sounds like they are now getting greedy - changing the rules as they go...

    The only good thing is that their product detects/disinfects better than AVG. So I will continue to purchase one Technician's license each year and script the hell out of it Smile Until their license states otherwise...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • I think they figure that MSPs will buy a ton of licenses from them so their product can perform a single function. Not going to happen in my checkbook.

    We have been primarly Symantec Endpoint, but during our testing, most all failed (Mcafee the worse) except the CA ITM cought almost everything.

    The MB comes in handy once and a while, but definetly not worth the $8.xx per license. I can buy more VSA licenses at that rate.

    DIRMS licenses were $1.00 each. That works. $8.xx a license does not.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: shickey
  • Just a quick comment on the license prices that have been posted here. The $8.35 rate is the starting rate for a 100 license pack. We contacted them, and eventually purchased, a 400 license pack for our initial rollout and received a $7.35 rate. Breaking this down this comes out to be $0.62 per license per month. For the great ongoing protection that the Malwarebytes' product gives, I feel $0.62 is a small price to pay (and pass on to clients).

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Hi Dave - are you using MB as a true AVAS solution with realtime protection, scheduled scans etc? If so, are you using KES/AVg too? Or maybe you use MB just for fixing infected machines? Thanks - Mike

    CCDave
    Just a quick comment on the license prices that have been posted here. The $8.35 rate is the starting rate for a 100 license pack. We contacted them, and eventually purchased, a 400 license pack for our initial rollout and received a $7.35 rate. Breaking this down this comes out to be $0.62 per license per month. For the great ongoing protection that the Malwarebytes' product gives, I feel $0.62 is a small price to pay (and pass on to clients).


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • ReedMikel
    Hi Dave - are you using MB as a true AVAS solution with realtime protection, scheduled scans etc? If so, are you using KES/AVg too? Or maybe you use MB just for fixing infected machines? Thanks - Mike


    We have been using the free version of MBAM for cleaning up spyware infected computers for a few years now. Now I'm going to be using MBAM as a second layer of defense with the AV client that's already installed (Symantec Endpoint in most of my cases). I've tested it in my lab and it past with flying colors against just SEP alone (even with TruScan) and against Webroot SpySweeper which was a previously recommended solution. The only drawback right now to the MBAM solution is there is no administration console for management. I'm doing all installs, updates, log reads, etc. using the Kaseya scripting engine.

    I don't fully trust it as a AVAS solution on it's own, but paired with a good AV solution I think it is a win/win solution.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave
  • Interesting approach. Assuming the MBAM version you'll be using includes realtime protection, I'd be worried about the resources two AVAS products will consume. I have some nonprofit companies that do not have the latest and greatest hardware, so memory footprint and resource consumption is a concern to me. But I agree that no single AVAS product protects one against all threats, so your idea makes sense. Hopefully it won't impact your clients too much - but only time will tell...

    CCDave
    Now I'm going to be using MBAM as a second layer of defense with the AV client that's already installed (Symantec Endpoint in most of my cases). The only drawback right now to the MBAM solution is there is no administration console for management. I'm doing all installs, updates, log reads, etc. using the Kaseya scripting engine.

    I don't fully trust it as a AVAS solution on it's own, but paired with a good AV solution I think it is a win/win solution.


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: ReedMikel
  • ReedMikel
    Interesting approach. Assuming the MBAM version you'll be using includes realtime protection, I'd be worried about the resources two AVAS products will consume. I have some nonprofit companies that do not have the latest and greatest hardware, so memory footprint and resource consumption is a concern to me. But I agree that no single AVAS product protects one against all threats, so your idea makes sense. Hopefully it won't impact your clients too much - but only time will tell...


    Yeah, the MSP version that we purchased does include the real-time protection and an IP blocker that blocks access to "bad" web sites. (I tested with with malwaredomainlist.com. Great site, but be very careful with it!)

    In my lab I tested both XP and Vista machines with 512MB RAM running Office 2007. All-in-all MBAM consumed about 30-40MB of RAM during its real-time protection phase. I did not run any scans during my testing, but I will be soon. (To be fair, I did my testing with VMs on a Hyper-V server, but limited them to 1 CPU and 512MB RAM.)

    Most of my testing was on scripting the deployment and updating, so I wasn't very actively stress testing the workstations. However, even with SEP and MBAM running, the VMs were snappy and there was no conflicts between them.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CCDave