Jump to content

What does Protection protect against?


Recommended Posts

Hello,

When the protection module of MBAM is running, is it supposed to protect against everything MBAM detects or is it supposed to do something else? I have a system that scans clean and protection module is enabled. Today, during a scheduled scan, two infected keys were found (and cleaned). I was surprised. I thought the protection module would do just that - protect. Here is the MBAM log from the scheduled scan:

Malwarebytes' Anti-Malware 1.33

Database version: 1714

Windows 5.1.2600 Service Pack 3

2/2/2009 2:02:46 PM

mbam-log-2009-02-02 (14-02-46).txt

Scan type: Quick Scan

Objects scanned: 54732

Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

The protection module protects against things installing. It does not detect things that are running in real time like an anti-virus does, and it does not detect registry settings that have been changed by an already running application, unless that application is trying to install something that MBAM protects against.

The registry entries that your log contains are just settings that were changed, and are not big issues. They can effect the way certain things work though, so MBAM fixes them. The ones in your log show that script files will open in notepad instead of running, and that registry exports will open in notepad instead of regedit. These make malware removal hard for experts (we often have users run scripts and sometimes use registry exports to fix registry issues), and they can break a few things, but they do not actually cause harm.

Link to post
Share on other sites

It does not detect things that are running in real time like an anti-virus does...

I wasn't aware of that. So basically, if I have say, a trojan not yet detected by MBAM, I update MBAM and detection for that trojan is added, it won't be caught running in memory and will require running a scan to be detected?

Link to post
Share on other sites

I wasn't aware of that. So basically, if I have say, a trojan not yet detected by MBAM, I update MBAM and detection for that trojan is added, it won't be caught running in memory and will require running a scan to be detected?

Quite correct. That's why there is the ability to schedule daily scans.

Link to post
Share on other sites

I wasn't aware of that. So basically, if I have say, a trojan not yet detected by MBAM, I update MBAM and detection for that trojan is added, it won't be caught running in memory and will require running a scan to be detected?

I think most antiviruses will have the same problem. You certainly don't want it to scan your system fully every single time you update, on the off chance you might have something new in memory. That would be very taxing on system resources. So we have to make tradeoffs!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.