Andy Ful's Software + Microsoft Defender + Malwarebytes Antimalware... How my PC Responds.

[annaegorov]

Over the weekend I felt like playing a bit with some software.

I have a license for MWBAMW.

And Andy's tools are highly recommended.

I have a fresh, clean install image. I will work from that.

I chose to do this in segments, using Andy's recommended settings, test all my software, if everything runs, then make a new incremental image. Steps are 1, 2, and 3 below.

1). Simple Windows Hardening... No problems all software works. Make Image BU
2). Configure Defender... " "
3). Hard Configurator... 2 software's have a problem. " "

Now after a reboot, I install version 4 of MWBAMW, change settings as per *Shadowra (From testing post here at MWT).. *You can combine it with MS Defender, and it won't slow down your system. However, you will need to disable registration in the Security Center, as this will disable MS Defender.

Lastly, I add exclusions into MWBAMW to the 3 Windows Defender Folders. Then I add the following exclusions into Windows Defender for MWBAMW folders and processes:

Add to Malwarebytes Exclusions the following folders.

C:\Program Files\Windows Defender
C:\Program Files (x86)\Windows Defender
C:\ProgramData\Microsoft\Windows Defender (Enable hidden files to add this one.)

For Win 10 PRO only also add these Folders.
C:\Program Files\Windows Defender Advanced Threat Protection
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection (Enable hidden files to add this one.)

For Windows Defender
Add these to FILE Exclusions

C:\Windows\System32\drivers\mbae64.sys
C:\Windows\System32\drivers\mbam.sys

C:\Windows\System32\drivers\MbamElam.sys
C:\Windows\System32\drivers\MBAMChameleon.sys
C:\Windows\System32\drivers\MBAMSwissArmy.sys
C:\Windows\system32\Drivers\farflt.sys

Add to Process exclusions the following files. (copy and paste work best on these)

C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Folders
Also the MB folder in Program Files and the one in Program Data (it is hidden by default)

C:\Program Files\Malwarebytes
C:\ProgramData\Malwarebytes (Enable hidden files to add this one.)


EVERYTHING running fast, no hiccups at all.

 

[Sorrento]

Let us know how its goes over time Plz

 

[LinuxFan58]

@annaegorov

Can you post a picture of Hard Configurator settings you use?

 

[Jonny Quest]

I would also be curious, as far as with so many files, folders, and processes being added into Exclusions, of will they actually stay honored? And if there is a glitch or two, if it can be tracked down to which ones may not have been held in Exclusions, and if that was really the issue (if it occurs)?

 

[annaegorov]

@annaegorov

Can you post a picture of Hard Configurator settings you use?

I just went with the default settings he recommended when you install it, it gives directions as to what settings to use, go with the ones he recommends. it was EZ

 

[annaegorov]

Let us know how its goes over time Plz

OK

 

[annaegorov]

I would also be curious, as far as with so many files, folders, and processes being added into Exclusions, of will they actually stay honored? And if there is a glitch or two, if it can be tracked down to which ones may not have been held in Exclusions, and if that was really the issue (if it occurs)?

Honored in MD or in MWBAMW or both?

 

[Jonny Quest]

Honored in MD or in MWBAMW or both?

Both, as how would you know which one was or wasn't without using Process Explorer or other tools? (how ever that can be figured out).

I used to run a software where I had to add folders into exclusions, BD Total could never honor them, F-Secure did. And I took a screenshot of the folders to make sure I included the same ones. With BD, when I opened up the CAD order form, I could tell right away it wasn't honoring the exclusion, there would be typing lag as well as CAD lag while going through those steps. It didn't happen with F-Secure or WD by itself.

edit: I even tried BD AV+ with the same results.

 

[rashmi]

1). Simple Windows Hardening
3). Hard Configurator

Are you using both Simple Windows Hardening and Hard Configurator?

3). Hard Configurator... 2 software's have a problem. " "

Which two applications are experiencing issues, and are they installed or portable?

 

[LinuxFan58]

I just went with the default settings he recommended when you install it, it gives directions as to what settings to use, go with the ones he recommends. it was EZ

OK, thanks, so wth these default settings H_C replaced SWH, so you are effectively running H_C plus CD

 

[oldschool]

Are you using both Simple Windows Hardening and Hard Configurator?

That was my question when I saw both.

 

[annaegorov]

Are you using both Simple Windows Hardening and Hard Configurator?


Which two applications are experiencing issues, and are they installed or portable?

Uhh are they the same or similar, I thought they had two different purposes. I can just go with Simple, if they are not both needed.

Also yea both apps were portable one was a red colored desktop clock, and the other was a mp4 extractor. I just went ahead and removed both.

 

[annaegorov]

That was my question when I saw both.

Yes... I am assuming you guys are asking, as if both are not needed. I thought they were different, I can go with simple, I guess, if they are not both needed.

 

[rashmi]

Uhh are they the same or similar, I thought they had two different purposes. I can just go with Simple, if they are not both needed.

Also yea both apps were portable one was a red colored desktop clock, and the other was a mp4 extractor. I just went ahead and removed both.

Both SWH and HC configure SRP and other hardenings. I suggest using the HC suite: HC, CD, and FH with recommended settings.

HC blocks/restricts portable apps if they are not running from system folders like Program Files, etc., if I remember correctly. You should whitelist your portable apps folder in HC.

You MUST read the help files or docs before using @Andy Ful's tools.

 

[oldschool]

@annaegorov - SWH offers slightly less protection but is easier to use for most folks, e.g. fewer settings, easy to use GUI. It just depends on your preference.

You've got very strong protection without any OS hardening.

 

[oldschool]

You MUST read the help files or docs before using @Andy Ful's tools.

Definitely.

 

[LinuxFan58]

@annaegorov

As @oldschool points SWH is the easiest to use (little less protection, but with right click run as admin you can circumvent its protection).

As @Shadowra tests often show that MBAM's only weakpoint is script protection. This is exactly the protection SWH offers (so an ideal combo to use is SWH + MBAM).

 

[annaegorov]

@annaegorov

As @oldschool points SWH is the easiest to use (little less protection, but with right click run as admin you can circumvent its protection).

As @Shadowra tests often show that MBAM's only weakpoint is script protection. This is exactly the protection SWH offers (so an ideal combo to use is SWH + MBAM).

Thanks to everyone for all the tips and info. I am going with Simple, and config defender, plus MWBAMW.

 

[devjitdutta2025]

Thanks to everyone for all the tips and info. I am going with Simple, and config defender, plus MWBAMW.

For your setup, I’ll suggest you go with Configure Defender set to Max, Windows Firewall Hardening tool to block lolbins and simple windows hardening to block windows script host and disable elevation of unsigned executables.

 

[Sorrento]

I wanted to use a script today for Brave, however I've disabled scripts some time ago trying to remember where & how I did it (duh)