6 replies to this topic

[gsgsgs]

Windows Defender has requested I send information on 'mbamswissarmy', which I have never heard of. Searching online it appears to be part of a driver in system 32 signed to Malwarebytes. I do use malwarebytes anti-malware, has anyone else had this, is this genuinely part of the software or it is something I need to worry about?

[Tigger93]

It is part of Malwarebytes.

[melboy]

For Windows defender to ignore this:

Open Windows Defender

click Tools > settings click options scroll down to Advanced Options and under Do not scan these files or locations click add and navigate to mbamswissarmy click OK. You should stop seeing the warning from WD.

The path typically (in XP) is C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[JeanInMontana]

It's not malware at all and maybe if you send it MS will get it's act together and stop pegging it. melboy has good advice too.

[zomalaja]

I am getting this multiple times in my events:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys

Scandisk shows no errors on the drive and neither does the factory Diagnostic disk.

[Roadkil]

mbamswissarmy.sys is a driver for MBAM just add it to the exceptions so it doesn't get scanned.

[GT500]

zomalaja said:

I am getting this multiple times in my events:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

In addition to adding exclusions for that file to your anti-virus software, you may want to turn off your anti-virus software, reinstall Malwarebytes' Anti-Malware, and then turn your anti-virus back on.