Powershell Powershell - Check if Malwarebytes is running as a free or paid version Updated June 04 2026
Run this as an Administrator to get accurate results.

Copy to Clipboard #Requires -Version 5.1 [CmdletBinding()] param() # --------------------------------------------------------------------------- # Helpers # --------------------------------------------------------------------------- function Write-Status { param([string]$Label, [string]$Value, [string]$Color = 'Cyan') Write-Host (" {0,-34} " -f "${Label}:") -NoNewline Write-Host $Value -ForegroundColor $Color } function Get-IsElevated { $id = [System.Security.Principal.WindowsIdentity]::GetCurrent() $p = New-Object System.Security.Principal.WindowsPrincipal($id) return $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) } # --------------------------------------------------------------------------- # 1. Is Malwarebytes installed? # --------------------------------------------------------------------------- $mbInstalled = $false $mbVersion = $null $mbInstallDir = $null $uninstallPaths = @( 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*', 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' ) foreach ($path in $uninstallPaths) { $allKeys = Get-ItemProperty $path -ErrorAction SilentlyContinue foreach ($key in $allKeys) { $dn = $key.PSObject.Properties['DisplayName'] if ($dn -and $dn.Value -like 'Malwarebytes*') { $mbInstalled = $true $dvProp = $key.PSObject.Properties['DisplayVersion'] $ilProp = $key.PSObject.Properties['InstallLocation'] $mbVersion = if ($dvProp) { $dvProp.Value } else { 'Unknown' } $mbInstallDir = if ($ilProp) { $ilProp.Value -replace '\\$', '' } else { '' } break } } if ($mbInstalled) { break } } if (-not $mbInstalled) { Write-Host "`n[!] Malwarebytes does not appear to be installed on this machine.`n" -ForegroundColor Yellow exit 1 } Write-Host "`n=== Malwarebytes Status Check ===" -ForegroundColor White Write-Status "Version" $mbVersion Write-Status "Install directory" $mbInstallDir Write-Host "" # --------------------------------------------------------------------------- # 2. Windows Security Center check (most reliable Premium indicator) # WSC WMI requires elevation; skip gracefully if not elevated. # --------------------------------------------------------------------------- $wscPremiumSignal = $false $wscStatus = 'Skipped (run as Administrator for WSC check)' $wscProductName = $null if (Get-IsElevated) { try { # productState encoding (3-byte value): # Byte 1 (bits 16-23): definition status # Byte 2 (bits 8-15): real-time protection state 0x10 = ON, 0x00 = OFF # Byte 3 (bits 0- 7): product enabled state 0x00 = enabled $wscProducts = Get-CimInstance -Namespace 'root\SecurityCenter2' ` -ClassName 'AntiVirusProduct' ` -ErrorAction Stop | Where-Object { $_.displayName -like '*Malwarebytes*' } if (-not $wscProducts) { # Also check AntiSpywareProduct $wscProducts = Get-CimInstance -Namespace 'root\SecurityCenter2' ` -ClassName 'AntiSpywareProduct' ` -ErrorAction Stop | Where-Object { $_.displayName -like '*Malwarebytes*' } } if ($wscProducts) { foreach ($prod in $wscProducts) { $wscProductName = $prod.displayName $state = [int]$prod.productState # Extract real-time protection byte $rtByte = ($state -shr 12) -band 0xF if ($rtByte -eq 1) { $wscPremiumSignal = $true $wscStatus = "Registered + real-time ON ($wscProductName)" } else { $wscStatus = "Registered but real-time OFF ($wscProductName)" } } } else { $wscStatus = 'Not registered with Windows Security Center' } } catch { $wscStatus = "WSC query failed: $($_.Exception.Message)" } } # --------------------------------------------------------------------------- # 3. Service and process checks # --------------------------------------------------------------------------- $mbService = Get-Service -Name 'MBAMService' -ErrorAction SilentlyContinue $mbAgentSvc = Get-Service -Name 'MBAMAgent' -ErrorAction SilentlyContinue # Premium helper # Processes associated with real-time protection layers $rtProcessNames = @('mbamtray', 'MBAMAgent', 'mbampt', 'mbam_protection') $rtProcs = @(Get-Process -Name $rtProcessNames -ErrorAction SilentlyContinue) $rtProcessSignal = ($rtProcs.Count -gt 0) $mbServiceStr = if ($mbService) { "$($mbService.Status)" } else { 'Not found' } $mbAgentStr = if ($mbAgentSvc) { "$($mbAgentSvc.Status)" } else { 'Not found' } $rtProcStr = if ($rtProcs) { ($rtProcs | ForEach-Object { "$($_.Name) (PID $($_.Id))" }) -join ', ' } else { 'None detected' } # --------------------------------------------------------------------------- # 4. Check for Premium-only executables on disk # --------------------------------------------------------------------------- $premiumExes = @( "$mbInstallDir\mbamtray.exe", "$mbInstallDir\MBAMAgent.exe", "$mbInstallDir\mbam_protection.exe" ) $premiumFileSignal = $false foreach ($exe in $premiumExes) { if (Test-Path $exe) { $premiumFileSignal = $true; break } } # --------------------------------------------------------------------------- # 5. Verdict # --------------------------------------------------------------------------- # Premium = WSC registered with real-time ON -OR- # real-time protection processes running # (WSC is authoritative if elevation is available) $isPremium = $wscPremiumSignal -or $rtProcessSignal if (Get-IsElevated) { # When elevated, WSC result is authoritative $isPremium = $wscPremiumSignal } $verdictText = if ($isPremium) { 'PREMIUM / PAID (real-time protection active)' } else { 'FREE (on-demand scans only, no real-time protection)' } $verdictColor = if ($isPremium) { 'Green' } else { 'Red' } # --------------------------------------------------------------------------- # 6. Output # --------------------------------------------------------------------------- Write-Host "--- Windows Security Center ---" -ForegroundColor DarkGray Write-Status "WSC registration" $wscStatus Write-Host "" Write-Host "--- Services ---" -ForegroundColor DarkGray Write-Status "MBAMService" $mbServiceStr Write-Status "MBAMAgent" $mbAgentStr Write-Host "" Write-Host "--- Real-Time Protection Processes ---" -ForegroundColor DarkGray Write-Status "RT protection processes" $rtProcStr Write-Host "" Write-Host "--- Disk ---" -ForegroundColor DarkGray $diskStr = if ($premiumFileSignal) { 'Premium executable(s) found' } else { 'No Premium executables found' } Write-Status "Premium exe present" $diskStr $elev = if (Get-IsElevated) { 'Yes (WSC check active)' } else { 'No (run elevated for authoritative check)' } Write-Status "Running elevated" $elev Write-Host "" Write-Host "+------------------------------------------+" -ForegroundColor White Write-Host ("| Status : {0,-33}|" -f $verdictText) -ForegroundColor $verdictColor Write-Host "+------------------------------------------+" -ForegroundColor White if (-not $isPremium -and -not (Get-IsElevated)) { Write-Host "" Write-Host " [!] Result may be inaccurate - script was not run as Administrator." -ForegroundColor Yellow Write-Host " The WSC check (most reliable indicator) requires elevation." -ForegroundColor Yellow Write-Host " Re-run from an elevated PowerShell prompt for a definitive result." -ForegroundColor Yellow } Write-Host ""



©2024 - Some portions of this website are Copyrighted.
Your IP: 216.73.217.32     Referring URL:
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Terms and Conditions, Privacy Policy, and Security Policy