What Is Malwarebytes Anti-malware

[Raelene Heersink]

Disseminatedvia infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system. It spread so quickly that most cybersecurity experts consider it the first large-scale computer virus outbreak in history. Another early problem was the Morris worm back in 1988, but that was a computer worm rather than a computer virus.

Early viruses like Elk Cloner were mostly designed as pranks. Their creators were in it for notoriety and bragging rights. However, by the early 1990s, adolescent mischief had evolved into harmful intent. PC users experienced an onslaught of viruses designed to destroy data, slow down system resources, and log keystrokes (also known as a keylogger). The need for countermeasures led to the development of the first antivirus software programs.

Those using antiviruses online had to regularly download an ever-growing database file consisting of hundreds of thousands of signatures. Even so, new viruses that got out ahead of database updates left a significant percentage of devices unprotected. The result was a constant race to keep up with the evolving landscape of threats as new viruses were created and released into the wild.

Some anti-malware products can also run the suspected malware in a sandbox, which is a controlled environment in which the security software can determine whether a program is safe to deploy or not. Running malware in a sandbox lets the anti-malware look at what the software does, the actions it performs, and whether it tries to hide itself or compromise your computer.

Two relatively new forms of malware have helped drive the advancement of signature-less detection methods: exploits and ransomware. Though these threats are similar to others in many ways, they can be much harder to detect. Furthermore, once your computer is infected, these threats can be almost impossible to remove.

Exploits get their name because they literally exploit vulnerabilities in a system, software, or web browser in order to install malicious code in a variety of ways. Anti-exploit measures were developed as a shield against this method of attack, protecting against Flash exploits and browser weaknesses, including new exploits that have not been identified or vulnerabilities for which patches have not yet been created.

Ransomware emerged on the malware scene to spectacular effect in 2013. Ransomware made a name for itself by hijacking and encrypting computer data, and then extorting payments as it held the data hostage. and even threatened to erase it if a deadline passed without payment. Originally, both these threats resulted in the development of dedicated anti-exploit and anti-ransomware products.

In December 2016, Malwarebytes folded anti-exploit and malicious website antivirus protection into the premium version of Malwarebytes for Windows. We have since added anti-ransomware for even more advanced anti-malware protection.

Put another way, AI focuses on building smart machines, while ML uses algorithms that allow the machines to learn from experience. Both these technologies are a perfect fit for cybersecurity, especially since the number and variety of threats coming in every day are too overwhelming for signature-based methods or other manual measures.

In the case of business IT professionals with multiple endpoints to secure, the heuristic approach is especially important. New malware threats emerge regularly, so heuristics play an important role in Malwarebytes Endpoint Protection, as does AI and ML. Together, they create multiple layers of antivirus protection that address all stages of the attack chain for both known and unknown threats.

Whether you use Android or iOS, mobile devices face online threats too. As mobile operating systems go, Android is more open in a number of ways than iOS, and so protection for each is different. Antivirus for Android, for instance, often includes some app scanning capability, as the Google Play Store tends to have much less stringent requirement for apps to make into the store than the iOS App Store. On iOS devices, scam websites can be a bigger concern than rogue apps, for instance. Malwarebytes offers protection for both Android and iOS:

Industry watchers have cited Malwarebytes for Windows for its role in a layered antivirus protection approach, providing one of the best antivirus programs without degrading system performance. It removes all traces of malware, blocks the latest threats, and is a fast virus scanner.

For antivirus with online privacy protection too, check out our antivirus with VPN. Regardless of the cybersecurity software you choose, your first line of defense is education. Stay up to date on the latest online threats and antivirus protection by making the Malwarebytes Labs blog a regular read.

Recently my organization had to implement Anti-Malware software on Windows Servers and it has had some detrimental results where processes such as building/rebuilding address locators with suggestions (memory hog) no longer work. As such, I was wondering if other organizations ran across similar issues and had to re-configure their Anti-Malware software (e.g. white-listing exes and dlls) and/or modifying server architecture (e.g. increase RAM, CPU).

This issue looked like it was resolved by white-listing a file, but now the anti-malware software is preventing any new data from being published up to AGOL from ArcMap (Data that is already up in AGOL can be successfully overwritten though).

I am just adding specific information about an Anti-Malware software exception that I needed to add to my environment in order for address locators with suggestions to be able to be successfully built/rebuilt (I increased both CPU and memory but these changes did not solve the problem - they most likely helped to keep CPU or memory use from spiking).

I don't have anything specific in response to your post but I'm beginning to suspect the installation and use of Malwarebytes to be the cause of many ArcGIS Server problems that we've been having recently. And that's exactly how it started in our environment - address locators started failing to provide a suggestion list and were no longer rebuild-able. Also, our servers have been failing periodically (services no longer rendered even though the server resource monitor was still showing plenty of resources available, remote control interface was VERY slow, rebooting yesterday afternoon and this morning took FOREVER for everything to come back up, etc...) and I noticed that Malwarebytes was consuming a very high percentage of processor resources on a reboot this morning, which held up the start of ESRI's Java services and the gazillion arcsoc.exe processes that needed to crank back up. And I'm talking a 15-20 minute wait time before everything ArcGIS Server-wise came back up. If there are any ESRI staff out there, please chime in on this issue. Especially if there's any malware current testing being done for ArcGIS Enterprise environments. It's making our GIS services environment unreliable.

In my environment I thought the anti-malware software was just preventing the address locator from being rebuilt, but after finding the dll to whitelist in the anti-malware software for that component, I'm also finding the anti-malware software is not allowing python to stop the geocode service. As such, I need to research what file (dll most likely) I will need to whitelist in the anti-malware software for python to be able to stop (and subsequently start) the geocode service.

Are you the person at your org responsible for administering the anti-malware software or is that a different IT person? At my org, one of the anti-malware admins needed to scour the anti-malware logs to discover the file that was being blocked.

Before you ran into this problem, did you have an automated solution to updating your geocode service? I ask because I have 3 python scripts that are called from a bat file (stop geocode service, rebuild address locator, start geocode service). I thought the anti-malware software was just blocking the python script to rebuild the address locator, but it is also blocking the stop and start geocode service python scripts as well so I still need to find out what dll to whitelist for those scripts.

This has been quite a pain staking experience to determine the root cause of this issue and I wish ESRI had some general guidelines (There are many anti-malware software packages) or a white paper to help GIS admins setup anti-malware software rules that will work with ESRI's software.

"Cisco AMP (Anti Malware Protection) barred ArcMap from writing service definition files to the C drive. This would explain why the customer was able to publish when the staging folder was on a network drive. The user disabled Cisco AMP and was able to publish."

Anti-Malware software is in place to protect an organization's assets, so disabling this software is a security risk that many organizations would not agree to so this would not be a practical solution.

3a8082e126