Malwarebytes Anti-Malware and Microsoft Security Essentials Conflict

Document created by drossler Employee on May 11, 2017Last modified by jyamada on May 15, 2018
Version 3Show Document
  • View in full screen mode

Issue

Malwarebytes Anti-Malware (MBAM) 1.x and Microsoft Security Essentials are causing a lockup after Security Essentials update.

 

Affected Products

  • Malwarebytes Anti-Malware 1.80
  • Malwarebytes Anti-Malware 1.75

 

Affected Microsoft Antivirus Products

  • Microsoft Security Essentials (MSE)
  • Microsoft System Center Endpoint Protection (SCEP)

 

Initial Findings

The lockup was introduced when MSE and SCEP virus definitions were updated to versions 1.233.56.0 and onwards. After this update, MSE seem to lock up when scanning certain system files that is also triggering MBAM to scan the said files.

 

Solution

Add the following files as both Excluded Files and Excluded Processes inside of your affected Microsoft Antivirus Product.

 

Solution Steps

  • If your computer is responsive, complete steps 1-8.
  • If your computer is unresponsive, wait 10-15 minutes for it to become responsive and then complete steps 1-8.
  • If after waiting 10-15 minutes and your computer is still unresponsive, boot to Safe Mode and complete steps 1, 3-6 and then 8.

 

Alternatively, you can immediately boot into Safe Mode and complete steps 1, 3-6 and then 8.

  1. Open MSE/SCEP
  2. Disable Real-Time Protection: Settings > Real-Time Protection
  3. Exclude files: Settings > Excluded files and locations and add all the files in Malwarebytes Endpoint Security exclusions list.
    • Note: Make sure to use the full path to the file
  4. Click Save Changes
  5. Exclude processes: Settings > Excluded processes and add all the files in Malwarebytes Endpoint Security exclusions list.
    • Note: Make sure to use the full path to the file
  6. Click Save Changes
  7. Re-Enable Real-Time Protection: Settings > Real-Time Protection
  8. Reboot computer into Normal Mode

 

It is best to copy/paste the exclusions when adding them. We have seen issues when using the short filename convention and/or environment variables; %programfiles% mapping to C:\Program Files\ instead of C:\Program Files (x86)\ or vice versa.

 

If you’re copying all exclusions at once, be sure to include the required semicolon after each entry.

Attachments

    Outcomes