Malwarebytes Endpoint Security logs

Document created by drossler Employee on May 11, 2017Last modified by jgolomb on Nov 20, 2018
Version 20Show Document
  • View in full screen mode

The Malwarebytes Management Console and Managed Client collect logs which helps with administration and diagnostics. Business Support may request these logs in order to isolate and troubleshoot issues with Malwarebytes Endpoint Security. This article explains the different log types and details.

 

Malwarebytes Managed Client logs

The Managed Client logs contain information on Managed Client activity, server communications, and installation.

 

SCCOMM log

The SCCOMM log contains information on what the Managed Client is doing, as well as communication with the server. This log includes the following information:

  • Managed Client and endpoint client versions
  • Policy configurations and their results
  • Database updates
  • Manual commands sent from the console
  • Registration and server information
  • Any errors related to the above

 

SCCOMM log location:

  • C:\ProgramData\sccomm\sccomm.txt (Management Console version 1.6 or earlier)
  • C:\ProgramData\sccomm\Logs\sccomm.txt (Management Console version 1.7 or later)

 

Inno Setup log

The Inno Setup log details installation and setup of Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware, independent of SCCOMM logs. This log includes the following information:

  • Copying of files to their proper directory
  • Registering of DLLs
  • Creation of registry keys
  • And any errors related to the above

 

Inno Setup log location: 

  • C:\Windows\Temp\MSIxxxxx.LOG (Managed Client)
  • C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt (Unmanaged Client)

 

 

Malwarebytes Anti-Malware logs

The Anti-Malware logs detail the protection plugin events on the endpoint, and the scan results for Malwarebytes Anti-Malware. The  archived-  prefix indicates logs that have been submitted to the Management Console from the Managed Client.

 

Malwarebytes Anti-Malware log location:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Protection log

The Protection log contains information on various functions of Malwarebytes Anti-Malware. 

  • Database updates
  • Protection Module refresh
  • Scheduled items occurring and finishing

 

Protection log filename formats:

  • protection-log-yyyy-mm-dd.txt
  • archived-protection-log-yyyy-mm-dd.txt 

 

Scan log

The Scan log contains results of both manual and scheduled scans.

 

Scan log filename formats:

  • mbam-log-yyyy-mm-dd.txt
  • archived-mbam-log-yyyy-mm-dd.txt

 

 

Malwarebytes Anti-Exploit logs

The Anti-Exploit logs detail the current version of Malwarebytes Anti-Exploit and it's operation and detection events.

 

Malwarebytes Anti-Exploit log location:

  • C:\ProgramData\Malwarebytes Anti-Exploit\Logs  (Managed Client)
  • C:\ProgramData\Malwarebytes Anti-Exploit\  (Unmanaged Client)

 

Service log

The Service log contains information on the status of the Malwarebytes Anti-Exploit service, as well as the version of Anti-Exploit.

 

Service log filename formats:

  • mbae-service.txt
  • archived-mbae-service.txt

 

Alert log

The Alert log contains information on any blocks reported by Anti-Exploit.

 

Alert log filename formats:

  • mbae-alert.log
  • archived-mbae-alert.log

 

Default log

The Default log contains detailed information on Anti-Exploit and its interactions during protection events. This log is encrypted and can only be viewed by Anti-Exploit specialists.

 

Default log location:

C:\ProgramData\Malwarebytes Anti-Exploit\mbae-default.txt

 

 

Malwarebytes Anti-Ransomware logs

The Anti-Ransomware logs detail Anti-Ransomware events on the endpoint.

 

Service log

The Service log contains information on various functions of Malwarebytes Anti-Ransomware.

  • Database updates
  • Program revision updates
  • Block events

 

Malwarebytes Anti-Ransomware Service log location:

C:\ProgramData\Malwarebytes\MB3Service\logs\MBAMSERVICE.LOG

 

Installation log

The installation log contains information on the installation event of Malwarebytes Anti-Ransomware.

 

Anti-Ransomware managed and unmanaged installation log location:

C:\Users\username\AppData\Local\Temp\Setup Log yyyy-mm-dd #xxx.txt

Attachments

    Outcomes