The “new” XP patch KB 982316 is a dud, but the new MSRT is for real

Topic

New Reply

Yesterday, I wrote about the mysterious “new” Windows XP patch KB 982316. There’s speculation all over the web that Microsoft is now patching Windows
[See the full post at: The “new” XP patch KB 982316 is a dud, but the new MSRT is for real]

2 users thanked author for this post.

Morty, 280park

Reply | Quote

Replies

So just to be sure, its ok to install this new removal tool  right? It doesnt break anything does it?

Reply | Quote

It’s supposed to remove WannaCry. Sounds like a good reason to install it.

1 user thanked author for this post.

TheSuffering

Reply | Quote

Just want to make sure it doesnt break anything, I will install it tonight, if something bad happens I’ll report it here

Reply | Quote

Installed it this morning. No bad effects with Office 2010, Win7Pro-64_SP1, any of my image editing programs, Steam, etc. All WU settings remain as set, etc.

Go for it.

1 user thanked author for this post.

TheSuffering

Reply | Quote

I like the name WannaCry because it makes you ‘Wanna cry’ if you get it!

Reply | Quote

Is there a new incremental patch/addon to MSRT? I installed KB 890830 with the other important updates and it shows in WU history. I just did a quick check for updates and it is listed as important again with the exact same kb #. I can’t tell if it is larger but it says it is 9.2 mb. it doesn’t make sense that a new patch would have the same #.

-firemind

 

Reply | Quote

It was released yesterday (new). Supposedly removes WannaCry. You should go ahead ans install it.

Reply | Quote

I ran the MSRT about an hour ago. Selected a deep scan, which only took 35 minutes. The bottom line is why I remain in Group B. During the scan, the pop-up window said it found two infected files; however, the final report (a feature normally not available in the monthly MSRT), which listed all the names of malware being searched for in the scan, said no infections were found. I have never seen a malware scan that shows infections found during the scan but then says “no infections found” in the final report. Typically, at the end of a scan,  anti-malware programs issue a report on possible infections and then ask whether you want to quarantine or remove. Did MS actually find two infected files and remove them? If so, I was not advised. The experience struck me as less than professional, certainly out-of-pattern for professional malware removal programs, and even out-of-pattern for how MS describes the method in which MSRT operates when it finds an infection.

Reply | Quote

I’ve noticed this as well. I can only guess at why it does this but I think in my case its because I have  WirelessNetView and WirelessInfoView on my system, which are a couple of programs that let you take a deeper look at all the wireless networks around you. Apparently a lot of antivirus type software at least flag these two tools as “potentially unwanted programs” Since MSRT started doing this only after I installed these programs, I think that’s whats doing it at least in my case.

Reply | Quote

Any lingering doubts about the efficacy of the “latest & greatest” MSRT patch may be put to rest by a little look at the article below.
https://www.theguardian.com/technology/2017/may/22/wannacry-hackers-ransomware-attack-kill-switch-windows-xp-7-nhs-accidental-hero-marcus-hutchins
So in this case rather than taking the view its “like bolting the stable door after the horse has bolted” it may be worth a few seconds of your time for a bit of extra insurance 🙂

Reply | Quote

Many thanks for the hot tip. I just turned my WU back on, installed the update, and then turned it off again. Sounds like a must-have.

Reply | Quote

Windows 7 sp1 64bit  Group A
Every month, when given the go ahead, I download and install the MSRT.  I see in the update history it has been successful.
KB890830 is the MSRT that I downloaded with the other May updates on May 21.  I went ahead and did it again just now.  Both sucessful.
But when I go to installed updates I cannot find it listed.  I have search for it using the Start menu and searched the C: drive.  I can’t find any MSRT’s.  Where does it go and how do I run it?

Thank you in advance.
MPW

Edit to remove HTML

Reply | Quote

Type mrt in the search box (Windows+S) on Start menu or taskbar, and press Enter to open Malicious Software Removal Tool.

1 user thanked author for this post.

Morty

Reply | Quote

Thank you very much.  I never knew how to do that and never saw anything about it in any instructions.  I did a quick scan and nothing was found.  It proceeds and looks a lot like the scan done by Microsoft Security Essentials which is my antivirus program.

Thank you again.

MPW

Reply | Quote

My understanding at least in respect of Windows 7 is that if you download MSRT through Windows Updates then it automatically runs in the background as soon as it is downloaded. I assume if it finds something amiss it will tell you, but otherwise it simply reports that it was successful. Alternatively, you can custom run it from the start menu. You can also save and/or run it manually outside of Windows Update.

Hopefully someone will correct me if my understanding is wrong, or if the arrangements are different for other Windows versions.

Reply | Quote

One more try…I tried THREE times to post this earlier today, NONE of them succeeded, hope this one does:

Just downloaded the latest version of the MSRT that can be run manually.

Ran it in quick scan mode, watched it for awhile and it showed 1 object detected. I left the room for 5 minutes and when I came back it was done scanning and said no infections found, as “grayslady” has mentioned.

I then did a search for any files that were created/modified ‘today’ and found a file named MRT.log located in the C:\Windows\debug folder.

That log file showed no infections found.

I’ve included the MRT.log file, see below.

So, it’s still questionable what the latest MSRT (at least the manually run version) is finding and removing.

Found in C:\Windows\debug folder:

—————————————————————————————
Microsoft Windows Malicious Software Removal Tool v5.48, May 2017 (build 5.48.13801.0)
Started On Wed May 24 10:04:41 2017

Engine: 1.1.13701.0
Signatures: 1.241.491.0
Run Mode: Interactive Graphical Mode

Results Summary:
—————-
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 24 10:09:39 2017

Return code: 0 (0x0)

Reply | Quote

So far as your failed tries to post are concerned, I suspect that you edited the initial post and both then and when it failed to appear you hit the “submit” button too quickly for the anti-spam process to allow the post to appear. Doubtless one of the admins can confirm, but that’s my suspicion based on personal experience. We have to pause between “submits” apparently in order to avoid this problem arising.

1 user thanked author for this post.

PKCano

Reply | Quote

? says:

You are good, SkipH, that is how the log looks. I personally turn off the “Heartbeat”, report because I don’t like to phone home to the mother-ship. You can choose whether to run a quick or full scan depending on how much time you want to spend and if you have run MSRT before or not. You probably have a good anti virus\malware program anyway, so the benefit of running MSRT with the added WannaCry signature would work either way.

Cheers!

Reply | Quote

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001

And there will be peace :)

Reply | Quote

One of the most stupid pieces of software of all times — and I’ve seen a lot.
Downloaded and ran despite having cut all links with Microsoft. Scan took a full day and a half — 36 hours and 30 minutes. For 384 GB of data. I never experienced such a long antivirus scan. Longest I encountered was 6 to 8 hours with dreadful Avast. And this Microsoft dump of code says it’s not even a proper anti-virus…
Then there’s the problem that you have to run it under admin. I don’t work under admin, following Microsoft’s own advice. Problem is, the scanning window shows only in the admin account. So during a whole day and a half, I had to switch constantly between my regular account and my admin user account, in order to check the advancement of operations. The rest of the time, I had to rely on Process Explorer to make sure the scan was still going on.

The last time I checked the scan window, it had run for 34 hours and 15 minutes, scanning 19 million files and finding 252 infected files. A stunning figure, since my Avast (or Malware) scans almost never bring up infections, at worst 3 or 4 PUPs in software executables. The progress bar had stopped moving a long time ago : it was stuck at 100%, but the scan went on all the same.
Oh, of course, no way to pause the scan. Either you go through with it from beginning to end, or you cancel it and (I suppose) you have to start from the beginning all over again.
When finally the scan ended and I returned to the program, it displayed a new window with… absolutely none of the information it showed while scanning. No way to know how many files had been scanned, how long it took, when it ended or what volumes had been checked. This, despite the promise displayed at the previous stage, that it would show a detailed report at the end. Only showing was a list of malware (those the program checks against), and each of them had next to it the mention… not infected.
So, 252 infected files “detected” while scanning during a whole day and a half… and a clean bill of health given at the end of the scan. Which am I to believe?
Then I read the list of malware it was supposed to detect. Wanna Crypt was not in it. So was all that rigmarole for nothing ? Is it there under another name? No way to know.
I looked up the report which Microsoft hides in the location mentioned by SkipH — of course the program does not tell you it writes a report there. That would be too much work for MS poor souls. Any freeware developed by a kid dumps a lot of information in such log files — not mighty Microsoft. The information  did not even include the paltry information given during the scan. Only the time it was started.
However, it did say I had consented to such and such snooping telemetry program and that the data was dutifully uploaded — which of course I had not.

3 users thanked author for this post.

HiFlyer, JDeC, SueW

Reply | Quote

MSRT is one of the most bizarre pieces of software I’ve ever come across. MS has clearly skimped on its display due to the fact most people will never even lay eyes on it and even if they do they probably wont pay much attention to it. For the longest time I wasn’t even aware of its existence. Eventually, I got the news about what was really going on during one of those many times Windows Update seemed to be installing new updates for forever without telling me exactly what it was doing. You’ve really got to love the fact you cant even see the thing if you aren’t under your admin account. The lesson you learn from using it is if you already have a competent and working antivirus you don’t even really need to bother with it; especially if you have a huge hard drive or you’ve had problems with it in the past. After all, its just a “scanner” and really isn’t anywhere close to being a antivirus. At best its a somewhat acceptable second opinion that probably wont conflict with any antivirus you might be using. At worst its just a plain nuisance that barely detects anything. Sometimes it also says it detects stuff during scans that doesn’t even show up in its “report” after its done. I assume these detections are actually false positives that its been told not to display, but anyone’s guess is as good as mine.

2 users thanked author for this post.

JDeC, Clairvaux

Reply | Quote

Michael Horowitz sheds some light on the issue :

http://www.computerworld.com/article/3198652/windows-pcs/the-windows-malicious-software-removal-tool-has-been-updated-for-wannacry.html

http://www.computerworld.com/article/3197674/cybercrime-hacking/windows-defender-does-not-defend-windows-7-against-wannacry.html

Apparently, there are two versions of MSRT beginning with the number 5.48, and only the last one detects Wanna Crypt. For some reason, Microsoft kept the older one online after the official release date of the revised version, and that’s the one I got after reading Woody’s alert :

The May 9th release was version 5.48.13801, the May 22nd edition is version 5.48.13803. The May 9th edition is 149MB (156,335,152 bytes), the May 22nd version is 126MB (132,223,576 bytes).

What changed? Initially, Microsoft didn’t say, the home page for MSRT, had not been updated as of the 25th.

However, when asked, a company representative said that the May 22nd update was “to detect and remove WannaCrypt malware.” WannaCrypt is another name for WannaCry.

Incidentally, the size of the download I got is nowhere near either of the two figures given by Michael Horowitz. Another mystery I won’t invest much time into solving. Microsoft anti-virus tools are a horrible mess, that much is clear through Horowitz’ posts :

MSRT is very limited in scope. Only two strains were added in all of 2017.

When Microsoft touts Windows Defender as protecting against WannaCry/WannaCrypt, how does that apply to Windows 7 users ? Not at all.

The term “Windows Defender” has two meanings. When dealing with Windows 8.1 and 10, it refers to a program that defends against all types of malicious software. When dealing with Windows 7, it refers to software that only protects against spyware.

And so on and so forth.

2 users thanked author for this post.

HiFlyer, SueW

Reply | Quote

Will this latest MSRT (MRT.exe) run on Win XP SP3 that has been kept updated using the POS hack (POSREady 2009 or XP EMbedded)?

Does anyone know?  Thanks.

Reply | Quote

I had an old version of mrt.exe on my POS Ready. I double clicked on it. Box poped up and said it was out of date, gave me a link to the MS download Center (using Firefox). Clicked on the MSRT section, it tole me it wouldn’t run on my XP – downloaded it anyway. It ran.

KB890830, 32-bit, File ver5.48.13803.0, 5/18/2017, 40.6MB

Reply | Quote

PKCano – VERY interesting.  How did you run it – quick or full?  Thanks.

Reply | Quote

I did a quick scan b/c the VM was in my way and I couldn’t see the full screen! LOL 🙂

Reply | Quote

PKCano – You are lucky.  I and a buddy on MSFN only get an error message that it’s not a valid Win32 program.  It won’t install on our XP – POSReady machines.

Did you do anything special?

1 user thanked author for this post.

Reply | Quote

Just saved it to the desktop and double clicked on it.
Thats MSRT now, not MSE

Reply | Quote

PKCano – still no luck.  Could you upload a copy of your file here?  If not possible, maybe to me?  Thanks.

Reply | Quote

The file is too big to upload. But here is the link to the download Center

Mark 32-bit then Next

Then Normal download

1 user thanked author for this post.

Morty

Reply | Quote

PKC – You’ve done something good with mrt (MSRT) that many of us cannot duplicate.  See our struggles at LINK TO MSFN THREAD

Is there anything in your XP that we should know?  Thanks.

Reply | Quote

Other than it’s running in a Parallels VM, as far as I know it’s a standard install.

Reply | Quote

This may be the problem, yours is standard, while everyone else has done tweaks which may have an impact, tweaks like the one allowing XP to be seen as embedded.
Perhaps we should move on from XP…

Reply | Quote

I missed installing MSRT for my XP machine when this posted. Then Woody went to DEFCON-1. Now that we’re at DEFCON-2, is it safe to go back and download this for XP?

Thanks,

Morty

Reply | Quote

So many people misunderstand the DEFCON system.

The low DEFCON number applies to the patches that are issued on or after the date that the DEFCON number was lowered until it is again raised. For example, Woody lowered the DEFCON number to 1 on June 1st. So any patch issued after that (i.e., release date 6/1/2017 or after) is on hold until it is again raised..

If a patch was included prior to the lowering of the DEFCON number (i.e.when the DEFCON number was 3-5) it is deemed OK to install. (providing it has not been designated problematic). In other words, any non- problematic patch released prior to June 1st is OK, no matter where the DEFCON number is.

DEFCON 1 or 2 doesn’t mean “do not install ANY patch.”
DEFCON 1 or 2 means “the patches released between this date and the next DEFCON 3-5 have not been tested, so hold off.”
Any non-problematic patch included during DEFCON 3-5 is OK to install any time.

3 users thanked author for this post.

HiFlyer, ch100, Morty

Reply | Quote

That’s not all I don’t understand!

So I have to compare the dates when I check for available updates? (Windows update stopped working long ago for XP, but for Win 7 it would be good to know.)

Thanks for the clarification.

Morty

Reply | Quote

The problem here is that a lot of people do not update regularly, otherwise they would not have any issue in understanding MS-DEFCON.
I see questions from people asking about patches of 2-3 years ago which were avoided because of a certain article in InfoWorld at that time raising issues which are no longer relevant.

1 user thanked author for this post.

BrianL

Reply | Quote

Morty – As PKCano can explain in greater detail, that MSRT will not work on XP.  It might have run briefly once on PKCano’s virtual XP machine, but that was apparently a fluke, and since then all of us have been getting an error message (which is what we had expected).

But if you also get a fluke run, please take note of exactly what you did and let us know.

2 users thanked author for this post.

Morty, PKCano

Reply | Quote

@glnz is correct. I could not get MSRT to run a second time.
I suggested Avast Free if you ned anti-virus. It still runs on XP.

1 user thanked author for this post.

Morty

Reply | Quote

I decided not to fish for fluke. I’m convinced I won’t catch any. Thanks.

Reply | Quote

PKCano wrote:

@glnz is correct. I could not get MSRT to run a second time. I suggested Avast Free if you ned anti-virus. It still runs on XP.

Thanks again to you and glnz.

After MSE wouldn’t run on XP, I went back to my old standard–AVG. But one day it took over Firefox and Chrome. So I removed it and installed Panda. But that got unwieldy and I switched to Avast. Then everything started slowing down.

Now I have Avira. I only use it as a safety net, though. I scan with Malwarebytes and I installed their Malware Anti-Exploit.

I know I should put the old XP machine to rest, but soon they’ll be telling me the same thing about this Win 7 box. I already caved in and went to Group-A, but our days are numbered.
Morty

Reply | Quote

I run XP in a virtual machine so that I can run older applications that will not install/run correctly on Win 10.

I try to stay off the net with it, but feel better running with some protection.

I have had good luck with Avast Free on this XP setup.  It also comes with the Avast SafeZone browser, which is based on the Chrome rendering engine.  Opera also works well on XP, and is based on the Chrome rendering engine as well.

It seems that Google has pulled the support plug for Chrome on XP, and Firefox is ending support.  https://support.mozilla.org/en-US/kb/end-support-windows-xp-and-vista

On XP, I also run Malwarebytes 3.0 Free, and Malwarebytes Anti-exploit free beta.

Windows 10 Pro 22H2

1 user thanked author for this post.

Morty

Reply | Quote

I had to stop using Chrome and went back to Firefox on the XP machine. I installed Malwarebytes Anti-exploit when it was still free, before it became part of the premium (or beta) package.

I was going to install it on the Win 7 machine also, but I was told that EMET was good enough. I certainly don’t want them bumping into each other.

Is Avast Safety Zone actually a browser? How does it compare to Opera?

Thanks, Morty

Reply | Quote

Morty wrote:

I had to stop using Chrome and went back to Firefox on the XP machine. I installed Malwarebytes Anti-exploit when it was still free, before it became part of the premium (or beta) package. I was going to install it on the Win 7 machine also, but I was told that EMET was good enough. I certainly don’t want them bumping into each other. Is Avast Safety Zone actually a browser? How does it compare to Opera? Thanks, Morty

You can still get Anti-Exploit free here.  Malwarebytes is going to continue supporting it as a perpetual beta.  Latest build posted May 12th.  https://forums.malwarebytes.com/topic/184939-mbae-109-latest-standalone-beta/

SafeZone is a browser that you can add/remove as an optional component through the Avast installer/uninstaller (change option).  It has a “Banking Mode” that is like a really private zone that is basically locked down that you can enter with one click.

Overall I think I like the Opera technology better, but a Chinese company bought the browser last year, so there are some possible concerns with privacy and such.  YMMV.

Windows 10 Pro 22H2

1 user thanked author for this post.

Morty

Reply | Quote

Thanks. I’ll give SafeZone a try.

I never heard a Chinese Opera. Not sure I want to.

Reply | Quote

I am running Win 7 Pro, basically in Group A.
A while back, posters noticed that MSRT had started sending reports – Heartbeat and MAPS, back to MS, and were concerned about what snooping was being done. At that time, I stopped downloading KB890830 from Windows Update. I started to periodically download and run the MS Safety Scanner instead, which I understood to be the same engine as MSRT, but which did not appear to send back any reports, at least the log file does not say so.
Current comments in this thread imply that MSRT should be run because of WannaCry. Are the snooping reports no longer considered problematical, or just the price to pay for using MSRT? Is MS Safety Scanner an acceptable replacement for MSRT? I do run Norton NIS as my primary AV.

Reply | Quote

Not sure that I would ever depend on any malware removal tool to completely clean anything nasty, and provide assurance that the computer is really clean.  Once compromised, it’s been compromised …

I would recommend nuking your drive (after saving any data that you can) and re-installing the OS, or recovering from a disk image backup if available.

The main use I see for a removal tool would be to enable a user to recover their data, if possible.

Windows 10 Pro 22H2

Reply | Quote

Sorry if my question was misunderstood. I am only asking if MSRT is now considered acceptable to run even though it sends reports back to MS, which initially raised concerns in Woody’s community. Alternatively, is MS Safety Scanner an equivalent to MSRT if MSRT and its reports are still considered suspect. I did not mean to imply that I believe my machine is infected.

Reply | Quote

Anon#120823, thank you for clarifying. I thought that might be the case, you had mentioned being happy with your Norton product, and obviously recognize that Microsoft offers these tools for the benefit of users that do not already make use of their proprietary scanning and removal tools that carry different names.

I am in the same boat as Woody, since I already use the Microsoft Security Essentials/Defender product, I find the MSRT to be a useless redundancy. But you have identified it may have MS Secret Sauce not available to Symantec. And further want to know a recommendation between two limited function scanners.

Is their a lounger who can better split this hair? Without tearing down the drive? Preferably one who uses Norton and has a sensitivity to telemetry, that may be a rather select group.

Reply | Quote

If you were asking if we should trust MS, that is a trick question.  There are many AskWoody loungers that have some diverse opinions on that subject.

In a perfect world, we should be able to trust the vendors of our OS and our AV products without question.

But unfortunately we have entered a brave new world, where there seems to be a price tag on our private data.  Everybody seems to collect something now, so it is actually a difficult question to answer.

Windows 10 Pro 22H2

Reply | Quote

I think anon has a question more along the lines of chocolate sauce, or strawberries?

Not, does this Ice Cream manufacturer still have listeria in all it’s products?

Kind of a sundaes versus operating systems metaphor. I know, analogies are not good for instruction.

Reply | Quote

Cascadian wrote:

I am in the same boat as Woody, since I already use the Microsoft Security Essentials/Defender product, I find the MSRT to be a useless redundancy. But you have identified it may have MS Secret Sauce not available to Symantec. And further want to know a recommendation between two limited function scanners.

Is their a lounger who can better split this hair? Without tearing down the drive? Preferably one who uses Norton and has a sensitivity to telemetry, that may be a rather select group.

No longer have the ability to edit. When I saw this later, it read as though I spoke for Woody, which was not what I wanted to do. Took a while to locate, but this was the comment I had in mind at the time: https://www.askwoody.com/forums/topic/finally-a-fix-for-microsofts-draconian-block-on-win7-updates-for-recent-processors/#post-120673
Where Woody writes, “You can run the MSRT any time it appears. But realize that it almost never does anything. Personally, I don’t worry about it until I install the whole month’s patches.”

There was another comment where he describes that he uses MSE. If I find that I will add reference if appropriate. Also, given the chance I would change ‘their’ to ‘there’.

The Point that I hope may be commented on is three fold:
1/ The various Microsoft protections that use the same engines and definitions are redundant, but provide different logs for reference after the fact, and, or, report to MS in different fashion.
2/ A User who prefers a competitor’s AV and other malware protection does not have the benefit of MS definitions unless they run one of the stand alone scanners provided by MS which are designed to not interfere with real-time protection. This became most important immediately following recent patch methods made necessary by WannaCrypt etc.
3/ Anon’s question, does the MS Safety Scanner still satisfy that need as well as MSRT does?

Reply | Quote

I just ran Malwarebytes on my XP machine and it said I need to install a new version. The new version came as a free trial of the pro version, with Malwarebytes Anti-Exploit built in.

I don’t know whether it will do the same soon with the Win 7 version. But, if it does, would that create a conflict with MS EMET?

On the XP machine, now that Malwarebytes is running in the background, I removed Avira to prevent them conflicting with each other. (EMET isn’t running on that machine.)

 

Reply | Quote

The free version of Malwarebytes is not a substitute for your virus program.

What you have is the trial version that will expire in xx days. To change it to the free version, Go to Settngs. On the “My Account” tab at the bottom, end the Trial version.
On the “Protections” tab, scroll down and turn off “Start Malwarebytes at Windows startup” if you don’t want it to run in the background.

Reinstall Avira.

1 user thanked author for this post.

Morty

Reply | Quote

Does the trial version of Malwarebytes work as an AV program?

Is the pro version better than Avira? Or should I just wait the 13 days and then reinstall Avira?

I’ve had bad experiences with AVG and Avast, but I’m still trying to hold the fort on the old machine.

Any thoughts on MB Anti-Exploit vs. EMET?

Thanks, Morty

Reply | Quote

You should go ahead and end the trial and reinstall Avira.

1 user thanked author for this post.

Morty

Reply | Quote

Wow! Thanks again!

Reply | Quote

I downloaded only the Free Antivirus, not the Free Security Suite. Should I have gone for the suite?

Thanks again!

Reply | Quote

Everything that says free starts out as a trial. The Security Suite will cost you money after the trial. You should take the free Malwarebytes antimalware one and end the trial.

1 user thanked author for this post.

Morty

Reply | Quote

Thanks again!

Much appreciated.

Reply | Quote

I think his question was in regards to the Avira suite.  To the best of my knowledge, Malwarebytes does not offer a suite.  The free version of Avira is free, and fully functional, without support.

But you answer stands correct regarding the free vs. trial of Malwarebytes.

I am just chipping in here because I use both products daily!

Windows 10 Pro 22H2

Reply | Quote

The free Avira Antivirus is all you really need.  I stopped being a fan of any “security suites” years ago, too bloated with features for my needs, and buy my products a la carte.  Assembled in a best of breed manner.

If you want to step up from Avira free, the Avira Pro would be the way to go.  I did that, but only for the support provided with the Pro license.  Same AV protection as the free version, but they do include web and mail protection with Pro, which I disabled, as I have no need for that.

So I essentially run Pro in the free mode, using only the real-time AV module, same as the free version.

So free is good!!!

Windows 10 Pro 22H2

1 user thanked author for this post.

Morty

Reply | Quote

Thank you!

I learned years ago that two of the original AV biggies were much better at fighting each other than at fighting viruses. But too many of the favorites went rogue or just rushed out faulty versions. Meanwhile, the bad guys are getting badder….

Reply | Quote

Malwarebytes is not an antivirus.  An AV such as Avira provides a signature based detection for malware.

Even with the full version of Malwarebytes, I would still keep Avira.  Malwarebytes marketing may claim that it “could” replace your AV, but I wouldn’t take a chance on that.  Even on their forums, when pressed for clarification, their staff even admits that they never stated that it was an antivirus.

But as the other recommendations here stated, I run Malwarebytes set to the free on-demand scanner only.  Good second opinion scanner, and can be set to look for rootkits also.

I use Avira too, which in addition to the AV scanner (protection from malware, viruses, Trojans, worms, etc.) now has the real-time protection cloud (scans unknown files in real time for malware and exploits), and ransomware protection.

IMHO, a good layered defense starts with a good AV, and then other products which can add additional measures that hopefully don’t overlap in too many ways (potential for conflicts).

 

Windows 10 Pro 22H2

2 users thanked author for this post.

Morty, Purg2

Reply | Quote

That’s basically what I’ve been doing. But the upgrade/update had me fooled. Thank Heaven for Woody’s crew!

Reply | Quote

Just this weekend I ran into that with a friend of mine.  MBAM free updated to the premium trial, with real-time protection amongst some other things.

Apparently it will automatically revert to the standard free version after the 14 day period has elapsed, so we just figured we’d let it do that.

https://forums.malwarebytes.com/topic/191809-no-longer-will-there-be-a-free-version/?do=findComment&comment=1078262

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote