MBAM is not a typical custom app, and is actually controlled by internal d7 logic. A lot of this logic is old news, some recent news, and some of it is hot off the presses.
The MBAM process starts off by detecting whether or not MBAM is already installed on the PC, and whether or not it is the Professional paid for version, or the free edition. If it is the free edition, you are prompted if you wish to uninstall it first – it may be a dated copy or possibly was damaged by malware on the system. If it were the Pro version, it would mean other different actions later on. If it doesn’t exist at all, then of course it is downloaded (if necessary) and installed. The registry settings for MBAM are deleted prior to every installation.
The next step is always registering several .dll files that sometimes aren’t registered properly either by MBAM install issue or some other unknown reason, but the problem is a known issue with the registering of these .dlls as it is presented as a solution by an admin in their forums. This can enable broken installs of MBAM to update and scan whereas they may not have been able to as it was.
Next is the MBAM update process. First d7 checks for backup MBAM definitions (copied from a previously successful update, in the 3rd Party Tools MBAM_Defs directory) and should you have them, it installs them into the appropriate locations. Also if you have a custom “exclusions.dat” file for MBAM that exists in the Config 3rd Party Configs directory, it will be copied to the appropriate location. After all that, the updater for MBAM is executed with a fully automated parameter for the Pro version, and the somewhat automated parameter for the Free version (which forces an ‘OK’ prompt after successful update.) After the updater finishes if you didn’t have backup definitions, then you are prompted on whether or not the update succeeded (if so the updated definitions are copied to the backup location, 3pt MBAM_Defs as mentioned above. If not, you are then prompted on whether or not you wish to cancel the scan.) If you did previously have backup definitions from a previous scan, then when the updater finishes the process is entirely automated, d7 proceeds regardless, however you are shown a quick timed message box stating whether the update succeeded or failed; d7 know s this by the comparing the file hashes on the definitions between their backup location and the installed locations. Should the update have succeeded, of course d7 then automatically backs up the updated definitions.
Next is a check to determine if d7 had installed MBAM or not – if it had, you are asked if you wish to uninstall it on the next reboot. This question is located here because if you installed it, then it stands to reason it is the free version, and with that you have the updater which just prompted you to continue – so you’ll need to be in front of the system for the other prompt anyway.
Next the command line parameters are chosen for MBAM. This will depend on whether or not it is the free or Pro version, whereas the Pro version can be completely automated from start to finish, and the free version if it detects any items will wait for you to remove them. The parameters are as follows:
- Free Quick Scan: /quickscanterminate /errorsilent
- Free Full Scan: /fullscanterminate /errorsilent
- Pro Quick Scan: /scan -quick -log -terminate -remove -reboot /errorsilent
- Pro Full Scan: /scan -full -log -terminate -remove -reboot /errorsilent
Finally after it’s all said and done, MBAM logs are copied to the d7 Reports Malware Logs directory.
Also worthy of note in v10.0.1 which brings you the added automation when backup definitions are found, that the wait time in between all of this logic has been reduced, making the process much faster than before.
Hopefully that gives you a little insight into the MBAM process and why it behaves the way it does, where it may prompt you for something one day and not the next, etc. etc.
Leave a Reply