How to allow access thru firewall

[flutterby 0]

Hello,

I've just purchased a 3-year sub to ESET Internet Security (ver 13.2.150) for a new computer after having been away from most commercial products for some years. I also run MBAM Premium, which I installed before ESET with no problem. But MBAM wants to update, and can't install the update. The only thing I can think of is that ESET is blocking it. Can someone help me resolve this issue?

 

[Marcos 5,112]

First of all I'd like to remind that it is not recommended to install 2 antivirus solutions at a time. MBAM has a free version without real-time protection and drivers which can be installed together with ESET as a second opinion on-demand scanner. Installing a full version of MBAM is not recommended or its drivers might clash with ESET.

As for blocking network communication, in automatic mode all outbound communication is allowed. Unless you've created a custom blocking rule, the firewall cannot block the outbound communication. Does temporarily pausing the firewall make a difference?

[itman 1,681]

Do you have the firewall set to "Interactive" mode? By default, the firewall is set to "Automatic" mode which allows all outbound traffic unless specifically blocked by an existing default firewall rule. MBAM update activity should not be blocked if firewall is set to Automatic mode.

[flutterby 0]

@Marcos, I am aware of potential conflicts with protection s/w, but I was assured that MBAM and ESET would work together nicely before I made the purchase. Additionally, I Googled the question and found positive responses for MBAM/ESET on same computer. Have I been advised in error?

I am totally unfamiliar with ESET and don't know how to pause the firewall. Is there a user guide?

@itman, after having the MBAM install issue, I did find the interactive mode setting and tried it out, but it was very noisy, and I didn't know what to allow and what not, so I reverted to automatic.

I guess I'll find an MBAM forum and ask there.

Thanks.

 

[itman 1,681]

29 minutes ago, flutterby said:

I am aware of potential conflicts with protection s/w, but I was assured that MBAM and ESET would work together nicely before I made the purchase. Additionally, I Googled the question and found positive responses for MBAM/ESET on same computer. Have I been advised in error?

Only if MBAM real-time protection is disabled.

Even Microsoft advises only one real-time scanner be active at any given time on Win 10. If MalwareBytes is stating otherwise, they are wrong. Also reviewing MBAM Premium features, I see this:

Quote

Protects you from malicious and fraudulent websites

This would imply some type of network filtering capability that could conflict with Eset's Web Access protections.

Edited July 13, 2020 by itman

[flutterby 0]

9 minutes ago, itman said:

Only if MBAM real-time protection is disabled.

Even Microsoft advises only one real-time scanner be active at any given time on Win 10. If MalwareBytes is stating otherwise, they are wrong.

No MBAM hasn't been involved. I've turned off the real time protection, but changed no other settings (see attached). Is this correct?

[itman 1,681]

13 minutes ago, flutterby said:

No MBAM hasn't been involved. I've turned off the real time protection, but changed no other settings (see attached). Is this correct?

I would also disable archive scanning. Eset does an excellent job at that per my testing.

Scatch this. Looks like that setting only applies to off-line scanning.

Edited July 13, 2020 by itman

[itman 1,681]

Do this.

Force an MBAM update. Then open Eset GUI -> Setup -> Network protection -> Troubleshooting wizard. Review blocked connections shown there as to whether any are related to the MBAM update process.

[flutterby 0]

17 minutes ago, itman said:

Do this.

Force an MBAM update. Then open Eset GUI -> Setup -> Network protection -> Troubleshooting wizard. Review blocked connections shown there as to whether any are related to the MBAM update process.

Before I do that (which seems to involve editing the registry), let me ask you this: in your opinion, does ESET cover everything MBAM does? Is there any real value in running both apps?

[flutterby 0]

Sooo, I would still like to know how I can allow an individual app thru the firewall - preferably without going into "interactive" mode.

[itman 1,681]

22 hours ago, flutterby said:

Before I do that (which seems to involve editing the registry), l

By "forcing" a MBAM update, I meant just check for updates manually within the product. No registry editing involved.

22 hours ago, flutterby said:

Is there any real value in running both apps?

You can use MBAM as an off-line second opinion scanner. However, the free version of it does this.

[flutterby 0]

15 hours ago, itman said:

By "forcing" a MBAM update, I meant just check for updates manually within the product. No registry editing involved.

When you said to force an update, this is what I found that involved the registry: https://social.technet.microsoft.com/Forums/Windows/en-US/c55e3f7c-d032-42ea-9171-39a34379e7f5/force-update-to-mbam-server

Quote

You can use MBAM as an off-line second opinion scanner. However, the free version of it does this.

Sounds pretty useless at this point. But in all fairness, MBAM has worked great for me for a very long time, and it's ESET that I'm struggling with and thinking that perhaps I shouldn't have purchased...

I did find a user guide to download.

[Marcos 5,112]

Two real-time scanners should never run at a time. This rule of thumb has been true for years.

The fact that everything works fine does not mean that it will do so in the future, e.g. when you encounter malware that both scanners will attempt to clean at the same time or when an update occurs to either program and it will cause clash with the other driver.

You have the following options:
1, Disable MBAM's real-time protection so that it's real-time protection driver doesn't load and use it as a second opinion on-demand scanner.
2, Ask for a refund and keep only MBAM.
3, Ask for a refund and keep only ESET.

[flutterby 0]

12 minutes ago, Marcos said:

Two real-time scanners should never run at a time. This rule of thumb has been true for years.[/quote]

From the earliest I can recall learning about MBAM, they have always prided themselves on being sufficiently different from other AV products that they can run alongside with no issue and to date I have not had any issue with this. However, point made.

Thank you for your help.

[peteyt 394]

32 minutes ago, flutterby said:

When you said to force an update, this is what I found that involved the registry: https://social.technet.microsoft.com/Forums/Windows/en-US/c55e3f7c-d032-42ea-9171-39a34379e7f5/force-update-to-mbam-server

Sounds pretty useless at this point. But in all fairness, MBAM has worked great for me for a very long time, and it's ESET that I'm struggling with and thinking that perhaps I shouldn't have purchased...

I did find a user guide to download.

What he meant is to just run the update for mbam which may fail but then go into esets firewall troubleshooter and see if there is a blocked bit on there

[itman 1,681]

1 hour ago, flutterby said:

When you said to force an update, this is what I found that involved the registry: https://social.technet.microsoft.com/Forums/Windows/en-US/c55e3f7c-d032-42ea-9171-39a34379e7f5/force-update-to-mbam-server

This relates to creating MBAM exceptions when Windows Bitlocker protection is employed in a corp. network environment.

Edited July 15, 2020 by itman

[itman 1,681]

1 hour ago, flutterby said:

Sounds pretty useless at this point. But in all fairness, MBAM has worked great for me for a very long time, and it's ESET that I'm struggling with and thinking that perhaps I shouldn't have purchased...

MBAM real-time protection is substandard to that provided by Eset as shown consistently in one of the few AV lab tests it participates in: https://www.av-test.org/en/antivirus/home-windows/windows-10/april-2020/malwarebytes-premium-4.1.0-201613/ .

MBAM does have some strong attributes such as detection of entrenched and hidden malware which are detected via off-line scan method.  

[itman 1,681]

1 hour ago, flutterby said:

From the earliest I can recall learning about MBAM, they have always prided themselves on being sufficiently different from other AV products that they can run alongside with no issue and to date

This was true until version 3.0 was released.

In prior MBAM versions, creating exceptions for MBAM in AV product and likewise creating exceptions in MBAM for AV product prevented most conflicts. Additionally with the introduction of Win 10, Microsoft "clamped down" on the use of multiple real-time solutions and only supports one active real-time solution in the Windows Security Center environment.

Edited July 15, 2020 by itman

[Nightowl 206]

If I am not mistaken , also Malwarebytes before wasn't a real-time scanner, but maybe it had some protection from web  access and that's it , and then they introduced the real-time scanner and also changed the naming to AV or beyond AV or unlike traditional AV

[flutterby 0]

55 minutes ago, Nightowl said:

If I am not mistaken , also Malwarebytes before wasn't a real-time scanner, but maybe it had some protection from web  access and that's it , and then they introduced the real-time scanner and also changed the naming to AV or beyond AV or unlike traditional AV

I'm not sure when "before" was, but I've been using the premium version of MBAM for around 10 years give or take and in that time it has always had a real time scanner, which was  the biggest draw of upgrading. 

Per MBAM forum user exile360 who has over 27K posts: "With regards to real-time protection, the protection in Malwarebytes functions differently from a traditional AV like ESET.  It does not use on-access scanning to check files when they are created or accessed on disk; instead, Malwarebytes looks at each process/thread that attempts to enter memory to determine if it is malicious, meaning by the time Malwarebytes starts to look at a file/process, ESET will have already analyzed it (because ESET, like most AVs, uses on-access scanning in real-time) and either not detected it, allowing Malwarebytes to flag and quarantine the file without any interference from ESET, or ESET will quarantine it once it has analyzed the file, preventing Malwarebytes from ever seeing it since the file never attempted to enter memory at that point."

I have been advised that there should be no conflict, but if I wish I can set MBAM exclusions in ESET & ESET exclusions in MBAM, just in case. I think that's a good idea, but haven't quite figured out how to do it yet.

 

21 hours ago, itman said:

In prior MBAM versions, creating exceptions for MBAM in AV product and likewise creating exceptions in MBAM for AV product prevented most conflicts. Additionally with the introduction of Win 10, Microsoft "clamped down" on the use of multiple real-time solutions and only supports one active real-time solution in the Windows Security Center environment.

But doesn't ESET override the security center environment? I used MBAM for some time before upgrading to premium, but have run it in Win 10 for years with no problem and no exclusions - some of those years it ran alongside Norton Internet Security, and some of the years it ran alongside AVG or Windows Defender. I'm not trying to be argumentative, I've just never had a problem with MBAM and it has served me well so I don't want to just abandon it - esp since I have a lifetime license. I don't know what caused the original update problem, but everything seems to be working well now, even with real time monitoring re-enabled.

[Nightowl 206]

As I've said I could have been mistaken , as I used to run MBAM alongside ESET , but once MBAM went to v3 , their engine was an AV and couldn't run alongside another AV because they would conflict trying to read at the same time , I've stopped using MBAM since v3 was released.

even so their latest tests in AV-test.org was bad in comparison to another products.

 

Quote

 

Malwarebytes news | Product updates

Announcing Malwarebytes 3.0, a next-generation antivirus replacement

Posted: December 8, 2016 by Marcin Kleczynski
Last updated: January 7, 2020

I am thrilled to announce the launch of our next-generation product, Malwarebytes 3.0! This product is built to provide comprehensive protection against today’s threat landscape so that you can finally replace your traditional antivirus.

Our engineers have spent the last year building this product from the ground up and have combined our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all into a single product which we simply call “Malwarebytes.” And it scans your computer 4 times faster!

 

It was marketed as a replacement to your traditional AV , so it won't work alongside your AV.

Edited July 16, 2020 by Nightowl

[SlashRose 25]

Of course, MBAM has a real-time scanner, the services continue to run even after the real-time scanner has been switched off, so I can only recommend either uninstalling MBAM or Eset, but under no circumstances would I leave both installed, so errors are inevitable!

[itman 1,681]

38 minutes ago, flutterby said:

It does not use on-access scanning to check files when they are created or accessed on disk; instead, Malwarebytes looks at each process/thread that attempts to enter memory to determine if it is malicious, meaning by the time Malwarebytes starts to look at a file/process, ESET will have already analyzed it (because ESET, like most AVs, uses on-access scanning in real-time) and either not detected it, allowing Malwarebytes to flag and quarantine the file without any interference from ESET, or ESET will quarantine it once it has analyzed the file, preventing Malwarebytes from ever seeing it since the file never attempted to enter memory at that point."

This is rubbish.

Guess he never has used a recent version of Eset.

Eset has Advanced Memory Scanning and Advanced Machine Learning that are both post-execution monitoring. Additionally, Eset monitors process execution via built-in HIPS rules including monitoring for ransomware behavior.

All the above are potential conflict sources with MBAM supposed memory monitoring methods.

What this MBAM forum poster is referring to is Eset's real-time heuristic scanning which is pre-execution sandbox moitoring done at file creation, modification, and execution time.

[Nightowl 206]

30 minutes ago, itman said:

This is rubbish.

Guess he never has used a recent version of Eset.

Eset has Advanced Memory Scanning and Advanced Machine Learning that are both post-execution monitoring. Additionally, Eset monitors process execution via built-in HIPS rules including monitoring for ransomware behavior.

All the above are potential conflict sources with MBAM supposed memory monitoring methods.

What this MBAM forum poster is referring to is Eset's real-time heuristic scanning which is pre-execution sandbox moitoring done at file creation, modification, and execution time.

Anyway MBAM has been scoring bad since the release of v3 , I believe their marketing way is just bad.

[flutterby 0]

Alright, you've convinced me - although I'm still baffled by the contrasting testimony I'm getting between the two forums. Since I bit the bullet and purchased ESET (my 1st commercial product in several years), I'll give it the best chance to perform for me, and will uninstall MBAM - at least for now. 

Thank you all for your help and the time you took to explain things to me.