Command Line Parameters

Malwarebytes' Anti-Malware supports a variety of command line parameters, which can be used from either a command prompt, batch file or script. (Note: some of these parameters are available in the PRO version only.)

mbam.exe <parameters>

(where parameters is one or more of the following)

• /errorsilent: suppresses all critical errors and writes the last error to <root-drive>\mbam-error.txt where <root-drive> is the hard drive where Windows is installed, also known as the System Drive.
  
  Example:
  
  mbam.exe /errorsilent will suppress all errors when the program is running.
• /proxy <required server> <optional port> <optional username> <optional password>: allows the user to update through a proxy server. Leave blank to remove any proxy settings previously set.
  
  Examples:
  • mbam.exe /proxy will remove the proxy settings.
  • mbam.exe /proxy proxy.com 80 will use proxy.com on port 80 with no credentials.
  • mbam.exe /proxy proxy.com 80 admin password will use proxy.com with the specified credentials.
• /logtofolder <optional path>: allows the user to save all log files to the specified folder. If this folder does not exist, Malwarebytes' Anti-Malware attempts to create it. If the path is blank, changes are reverted to default settings. These logs do not show up on the Logs tab.
  
  Example:
  
  mbam.exe /logtofolder C:\mbam_log_files will save all future log files to the location C:\mbam_log_files.
  
  Note: Protection logs created by the protection module will always be saved to the same location
• /logtofile <optional path>: allows the user to save all log files to the specified file. If this file does not exist, Malwarebytes' Anti-Malware attempts to create it. Newest entries are appended to top of the file. If the path is blank, changes are reverted to default settings. This log does not show up on the Logs tab.
  
  Example:
  
  mbam.exe /logtofile C:\mbam_log_files\mbam-log.txt will save all future log files to the location C:\mbam_log_files\mbam-log.txt.
  
  Limitations: The path, in the above case C:\mbam_log_files, must exist. This option will not create folders if they donÆt exist, only the log file.
  
  Note: Protection logs created by the protection module will always be saved to the same location
• /debug <optional -silent>: allows the user to collect information to send as a bug report.
  
  Examples:
  • mbam.exe /debug will bring up a prompt to save the debug file.
  • mbam.exe /debug -silent will save debug file silently to <root-drive>\mbam-info.txt where <root-drive> is the hard drive where Windows is installed, also known as the System Drive.
• /register: allows the user to register the program without displaying the main dialog box.
  
  Examples:
  
  mbam.exe /register 12345-67890 AAAA-BBBB-CCCC-DDDD will register the product using the license key passed in the parameters.
  
  Limitations: Protection must be enabled using the program user interface if it is to be enabled before the system restarts.
• /developer: this command line parameter is used to execute the program in developer mode and will create a log with encrypted information on items detected in a scan. It is used for reporting false positives and allows the researchers to determine why an item is being detected. Example: mbam.exe /developer will start the program with detailed detection information.
  
  Note: When reporting a false positive, please be sure to use the /developer switch and provide the resulting log to the researchers.
• /update <optional -silent>: allows the user to update the product and database.
  
  Examples:
  • mbam.exe /update will attempt to update the database or program, depending on settings.
  • mbam.exe /update -silent will attempt to update the database or program silently.
• /scan <optional -quick or -full or -flash> <optional -silent> <optional -remove> < optional -terminate> <optional -reboot> <optional -log>: initiates a scan with the selected options.
  
  Parameters:
  
  • -quick: initiates a quick scan.
  • -full: initiates a full scan using saved drives in the registry.
  • -flash: initiates a flash scan of memory and heuristics only.
  • -terminate: closes the program after a scan completes and no threats were found (cannot be used with -silent). If an item is detected, the program remains open so that the user can decide whether or not to remove the detected threat(s).
  • -log: overrides the save log checkmark on the settings tab. If the Automatically save log after scan completes option is unchecked, a log file will still be saved when the ûlog parameter is used.
  • -silent: hides the GUI while scanning (does not need to be used with ûterminate).
  • -reboot: reboots the computer if necessary, only valid if -silent is used.
  • -remove: automatically removes threats and saves a log file. Unless -silent is specified, GUI stays open.
  Examples:
  
  • mbam.exe /scan will run a default scan.
  • mbam.exe /scan -full will run a full scan.
  • mbam.exe /scan -flash -terminate will run a flash scan and terminate if no objects are detected.
  • mbam.exe /scan -quick -log -silent -remove -reboot will run a quick scan silently, save logs, automatically remove threats, and reboot if necessary.
  Limitations:
  
  • -terminate parameter cannot be used with the -silent parameter since the program will automatically terminate when the -silent parameter is used.
  • -reboot parameter is only valid if used with the -silent parameter.
• /schedule <optional /update or /scan -quick or /scan -full or /scan ûflash> <optional /realtime or /hourly or /daily or /weekly or /monthly or /once or /onreboot>: these items allow the user to choose the frequency for the scheduled update or scan to occur:
  
  • <optional /starting mm/dd/yyyy hh:mm:ss>: this item allows the user to set the time for the scheduled scan or update to start.
  • For /realtime omit this - the current time is assumed.
  • For /random - this item selects a random time to set the scheduled scan or update to occur. /random may only be used with /hourly or /daily and randomizes the Hour and Minute or Hour and Minute and Second respectively
  • <optional /every X where X is a number for the frequency of the scan or update to occur> <optional /recover X where X is the number of hours for the scan or update to attempt to run again if the computer was unavailable during the scheduled time>
  • <optional /wakefromsleep>: may be used with a scan or an update. Malwarebytes' Anti-Malware will attempt to wake the computer from sleep to perform the scheduled scan or update.
    
    Limitations: Not supported with /onreboot for scans or /realtime or /onreboot for updates.
  • <optional /flash executes a Flash Scan after a successful update
    
    Note: only used with /update>
  Examples:
  
  • /schedule /scan -quick -remove -terminate -log /daily /starting 08/10/2010 23:00:00 /every 1 /silent /wakefromsleep will schedule silent daily Quick Scan starting on August 10th, 2010 at 11:00PM that will repeat every 1 day, remove threats, reboot if necessary, force the creation of a scan log and will attempt to wake the computer from sleep to perform the scan.
  • /schedule /update /flash /realtime /every 5 will schedule an update to occur in real-time once every 5 minutes and set a Flash Scan to occur after each successful update.
• /unschedule <optional /all or /all ûupdate or /all ûscan>.
  Note: You can remove individual scans or updates by not including the /all switch and specifying the exact switches used to create the scan or update
  
  • /all removes all scheduled scans and updates.
  • /all ûupdate removes all scheduled updates.
  • /all ûscan removes all scheduled scans.
  Examples:
  
  • /unschedule /scan -quick -remove -terminate -log /daily /starting 08/10/2010 23:00:00 /every 1 /silent will delete a scheduled silent daily Quick Scan that was set to start on August 10th, 2010 at 11:00PM that was set to repeat every 1 day, remove threats, reboot if necessary, and force the creation of a scan log.
  • /unschedule /update /flash /realtime /every 5 will delete a scheduled update that was to occur in real-time once every 5 minutes and with a Flash Scan set to occur after each successful update.