Swiss Army

[alicez]

I have the MBAM on my Vista Premium.

When I ran the Defender scan, the following file was found in the Defender History Area (Description: This program has potentially unwanted behavior.):

C:\Windows\system32\drivers\mbamswissarmy.sys

MBAM Swiss Army

Is this a safe file? The Swiss Army is confusing me.

Please advise as I do not want anything to corrupt my new Vista.

[exile360]

The file is one of Malwarebytes' drivers and Windows Defender flagging it is a known issue. Don't worry, the file is safe.

[RedDawn]

Hi Alicez,

Yes, Swiss Army is safe, it is part of MBAM, a Driver if I'm not mistaken.

To configure Windows Defender to ignore it:

Open Windows Defender

click Tools > options scroll down to Advanced Options and under Do not scan these files or locations click add, navigate to mbamswissarmy and click OK.

The path should be C:\Windows\system32\drivers\mbamswissarmy.sys

You should now stop seeing the warning from WD.

[alicez]

Thank you both.

Alice

[catscomputer]

Hi Alicez,

Yes, Swiss Army is safe, it is part of MBAM, a Driver if I'm not mistaken.

To configure Windows Defender to ignore it:

Open Windows Defender

click Tools > options scroll down to Advanced Options and under Do not scan these files or locations click add, navigate to mbamswissarmy and click OK.

The path should be C:\Windows\system32\drivers\mbamswissarmy.sys

You should now stop seeing the warning from WD.

Thanks so much for this information. Since I got the update to MBAM version 1.37 I have been getting a warning show up in my Defender history for this file path every time I run a MBAM scan. Defender says it has potentially unwanted behaviour. Why would this be?

I find it curious to note that this post is dated Dec 2008, as I didn't have this issue with version 1.35 or 1.36. Thanks again for the work-around

[exile360]

Greetings and welcome .

The change is most likely due to the fact that the program and the drivers it uses were changed dramatically in the current release so its behavior is quite different. I use MBAM alongside Windows Defender without issue with the exception of those entries. WD by default will only block anything it positively identifies as malware, those entries are just warnings about the hidden driver MBAM uses (which is necessary for it to subvert nasty threats like rootkits and remove them).

[maluser]

I get the same reply from Kaspersky, it's because it is a hidden driver. It's not bad it's just not run as a service or constant so it is installed hidden instead. I tried playing around with the file and in doing so it seems to have something to do with loading Malwarebytes antimalware database I believe.

That's just my two cents anyhow

[catscomputer]

Greetings and welcome .

The change is most likely due to the fact that the program and the drivers it uses were changed dramatically in the current release so its behavior is quite different. I use MBAM alongside Windows Defender without issue with the exception of those entries. WD by default will only block anything it positively identifies as malware, those entries are just warnings about the hidden driver MBAM uses (which is necessary for it to subvert nasty threats like rootkits and remove them).

Ahh. Yes, that makes sense re the hidden driver and how it works. Thanks for the explanation.

I've been watching this forum since my computer fix-it person put me on to MBAM and I'd like to say that I'm so impressed with this product, and with the excellent support here in the forums and the helpdesk. Thanks heaps!

[YoKenny1]

I like the warning from Windows Defender about mbamswissarmy as it lets me know that MBAM was updated and run at the scheduled time.

By the way Windows Defender updates itself slowly so I visit its portal daily to update it manually:

http://www.microsoft.com/security/portal <== v1.59.496.0 is current update