Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Sorry for the delay on my reply, didn't have time yet to investigate it further. Will do some more thorough investigation on what the process is doing when Crashplan is running. I wanted to investigate further already this week when I saw CPU usage spiking but that was during the scheduled daily full scan which in any case uses a lot of CPU. I changed the scheduled scans to weekly for now to limit the stress on my system's resources during the work week and to have timeframes in which I am sure there is no scheduled scan happening and where the CPU of the malwarebytes client goes up due to another process running. Will keep you updated
  2. treed, thanks for the feedback the more info in this thread appears, the more I understand how this malware detection client works and how it differs from more traditional av solutions the case I now have is with Crashplan (online backup). I overgeneralized my wondering of similar impact to other backup solutions I do wonder what the impact will be on other cloud backup solutions which generate internet traffic (Google Backup and Sync, Arq, restic over ssh, ...) from alvarnell's comments above I understand that backup client with local actions probably won't be affected by backup/sync solutions with internet connections do get investigated by Malwarebytes ?
  3. Your answers and clarifications are much appreciated, thanks! Have a nice night! (Belgium here, almost noon)
  4. And you also have a valid point, if for instance the checksum of a previously scanned file has not changed, it should not be scanned again when being read over and over. I hope the RT protection works like this for Malwarebytes. Today I do see that during my crashplan backup, both processes take high CPU (also the RTProtectionDaemon), so they are seemingly interacting. I could dig deeper and loop over lsof to see if point processes access the same files at the same time, have not invested that much time in it. Maybe RT protection doesn't look for all files / folders on the entire drive but I suspect scheduled scans will. In such case, it is useful to be able to exclude Files / Folders. For instance VM disks since they can be huge and can have frequent changes for running VMs, it is pointless for an AV to spend time scanning them. In general I would only have a very limited amount of files and folders I would exclude. So I am looking more for exclusions based on application / process. But an AV also needs to make sure malware doesn't play with such feature so that it can easily bypass detection. I would for example exclude (in RT protection) the rsync binary (the one under CCC since the sync processes are mainly just rsyncs), restic binary, crashplan backup daemon, time machine, ... It all depends on how RT protection works on this AV. I am a fairly new customer, bought the premium a few weeks ago after having tested many other solutions in the past years. Bitdefender is for instance rated quite good (although I do not agree completely, support was unprofessional) but with time machine protection for instance on (recommended), it also blocks correct usage of tmutil which I script to cleanup backups older than X time. So all AVs so far have good points but also bad points hence my search continues. It is not easy to find a solution with good protection, low footprint on the system and more advanced config possibilities which normal home users won't often use or need. Maybe I need to look in another segment Do you have any idea if the Malwarebytes Endpoint Protection does have more controls as the home user mac client ?
  5. sorry, seems a mistaken key combo posted my unfinished reply, continuing ... The only feature I would surely find useful today already (without really looking into what is possible on the Windows client) is the Exclusions setting: File or Folder, Previously Detected Exploit but also Application / Process I would find quite useful The brand / type of backup application does not really matter that much in my opinion. Being time machine, crashplan (in my current case) or restic (or even rsync cloning), if files get touched / read / written with realtime protection, the AV client will try to scan them. And with a large amounts of files, it will require any AV to take the needed resources of the system to be able to complete the task. From AV to AV it can still vary how many resources it needs but for large backups / syncs any AV client will take considerable resources. It would be useful to be able to exclude the data flows which I consider thrustworthy so that the system keeps running smooth and the AV can take the resources it wants and needs to do scans of the areas I want it to concentrate on.
  6. Thanks for your feedback. I am indeed aware of the different attack vectors due to it being totally different operating systems.I was kind of general in my wondering of settings on the Windows client being ported to the Mac client. The only one I would surely find useful today
  7. Using the latest beta Mac client at the moment (Premium license) I am wondering when the Exclusions option will be added to the Mac client as it is seemingly present on the Windows client (https://support.malwarebytes.com/docs/DOC-1130) My backup software is making the RTProtectionDaemon using high CPU in normal conditions, probably even worse during a scheduled scan. Looking at the settings window in above document for the Windows version of the client, we are missing quite some options and settings on the Mac version. Will the Mac version be extended to match the possibilities of the Windows client at some point? Or will it always be more limited? I am looking for a good AV / malware client on Mac for a long time already, one with enough advanced tweaking so that I can limit its presence in CPU load while letting it scan specifically the areas I want to be monitored.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.