Malwarebytes Anti-Ransomware FAQ

Document created by dshull Employee on May 11, 2017Last modified by rsullinger on Aug 28, 2017
Version 5Show Document
  • View in full screen mode

What is Malwarebytes Anti-Ransomware?

The anti-ransomware client is an agent that performs system-wide behavior monitoring and blocking of ransomware activity. It is a proactive and real-time protection which does not rely on signatures. It is hereby made available to Malwarebytes Endpoint Security customers that wish to deploy an additional layer of protection to their endpoints.
There are a few caveats to take into consideration before choosing to deploy Malwarebytes Anti-Ransomware in your environment:

    1. The anti-ransomware client is an un-managed client. It cannot be deployed or configured from the Malwarebytes Management Console.
    2. The anti-ransomware client does not offer centralized reporting into the Malwarebytes Management Console .
    3. The anti-ransomware client requires Windows 7 or above. It cannot be installed on machines running Windows XP or Vista and is not recommended to install it on server operating systems.
    4. The anti-ransomware client is only available for Malwarebytes Endpoint Security customers. If you are a customer of another Malwarebytes product, please contact sales for details on how to upgrade to Malwarebytes Endpoint Security.
    5. The anti-ransomware client is not sold separately.

 

How can I download the anti-ransomware client?

In order to access the anti-ransomware client please re-download your Malwarebytes Endpoint Security package. You will find the download link in your purchase confirmation email. Within the package you will find the anti-ransomware client in the \Unmanaged\Windows\ directory under the names MBARW_Business_Setup.exe and MBARW_Business_Setup.msi.

 

 

How can I deploy the anti-ransomware client?

The anti-ransomware client comes in both EXE and MSI installer formats, which can be installed directly onto an endpoint. The MSI installer can be deployed silently to endpoints via Active Directory GPO using the following command:
misexec /i MBARW_Business_Setup.msi /quiet

The EXE installer can be deployed via any other Endpoint Management Platform such as Microsoft SCCM, Tanium, McAfee ePO, ForeScout, etc. The installation can be deployed silently using the  following command:
MBARW_Business_Setup.exe /SP- /verysilent /supressmsgboxes
 

How to manage the anti-ransomware client

The anti-ransomware client can be managed from the endpoint’s User Interface (UI). In addition the anti-ransomware client exposes basic functionality configuration via Command-Line Interface (CLI) so that it can be managed remotely over the network using customers’ existing Endpoint Management Platforms (SCCM, Tanium, etc.). The basic CLI configuration set consists of starting and stopping protection, adding exclusions, and restoring quarantined items. Please refer to the Malwarebytes Endpoint Security \Unmanaged\Windows\Documentation\Malwarebytes Anti-Ransomware User Guide for details.

 

How can I report an issue or false positive with the Anti-Ransomware client?

Before contacting our Business Support team, please create a ZIP archive with the entire contents of the folder listed below and have it readily available to submit alongside your ticket.

 

  • C:\ProgramData\Malwarebytes\MB3Service

 

Older versions the files can be found here:

 

  • C:\ProgramData\MalwarebytesARW\

Attachments

    Outcomes