Jump to content

I have a doubt


Recommended Posts

Hello,

What is the difference in run mbam as administrator and run as normal user? I did a full scan in administrator mode (right click run as administrator) and also in normal mode, I see that the difference varies only in time, this is normal?

Running as normal user:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Version of the database: v2012.08.12.04

Windows 7 x86 Service Pack 1 NTFS

Internet Explorer 9.0.8112.16421

Zeroes :: ROOT [admin]

8/12/2012 12:12:12 PM

mbam-log-2012-08-12 (12-12-12). txt

Types of Analysis: Full Scan (C: \ | D: \ | E: \ | F: \ | G: \ | H: \ | I: \ | J: \ |)

Analysis options enabled: Memory | Home | Register | File System | Heuristic / Extra | Heuristic / Shuriken | PUP | PUM

Analysis options are disabled: P2P

Objects scanned: 279671

Elapsed time: 1 hour (s), 53 minute (s), 40 second (s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Detected registry keys: 0

(No malicious items detected)

Registry Values ​​Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Detected Folders: 0

(No malicious items detected)

Detected Files: 0

(No malicious items detected)

end)

Running as administrator:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Version of the database: v2012.08.13.03

Windows 7 x86 Service Pack 1 NTFS

Internet Explorer 9.0.8112.16421

Zeroes :: ROOT [admin]

8/13/2012 9:22:42 AM

mbam-log-2012-08-13 (09-22-42). txt

Types of Analysis: Full Scan (C: \ | D: \ | E: \ | F: \ | G: \ | H: \ | I: \ | J: \ |)

Analysis options enabled: Memory | Home | Register | File System | Heuristic / Extra | Heuristic / Shuriken | PUP | PUM

Analysis options are disabled: P2P

Objects scanned: 279734

Time elapsed: 19 minute (s), 25 second (s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Detected registry keys: 0

(No malicious items detected)

Registry Values ​​Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Detected Folders: 0

(No malicious items detected)

Detected Files: 0

(No malicious items detected)

end)

What is the proper way to run mbam?

thanks :D

Link to post
Share on other sites

:welcome:

It's the same. When you run Malwarebytes' it requests administrative rights regardless if you right click or not. You will always get a UAC popup asking for permission.

Edit: Correction if you are running a limited user account you will not get a UAC popup as it runs as the current user without administrative permissions.

Link to post
Share on other sites

Hello and :welcome:

Just to add....

The difference in scan times is due to the cache in windows. If you do multiple scans without restarting the computer, the scan times will be quicker. If you were to restart, the scan time will once again take longer, any subsequent scans would be quicker until you reboot once again.

Link to post
Share on other sites

It's the same. When you run Malwarebytes' it requests administrative rights regardless if you right click or not. You will always get a UAC popup asking for permission.

That's not what happens for me. Running as a limited user on Win 7, if I open Malwarebytes either from the tray icon or the menu and select a scan, I don't get a UAC prompt and it appears to run under my logged in account. If I right click on the menu and "run as administrator", then select a scan, it runs the scan under elevated privileges. Note the difference in the number of files scanned with a flash scan selected via each method:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

phil :: HOME [limited]

Protection: Enabled

15/08/2012 16:27:38

mbam-log-2012-08-15 (16-27-38).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 119404

Time elapsed: 10 second(s)

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

admin :: HOME [administrator]

Protection: Enabled

15/08/2012 16:28:20

mbam-log-2012-08-15 (16-28-20).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 200938

Time elapsed: 8 second(s)

Link to post
Share on other sites

  • Staff

Running on a limited user account and not right-clicking and choosing 'Run as administrator' will result in Malwarebytes Anti-Malware opening without administrative privileges which will result in different permissions and thus frequently different scan results.

Keep in mind that if you are logged in as an administrator, there is no difference between launching the application normally and right-clicking the icon and choosing 'Run as administrator'.

Link to post
Share on other sites

  • Staff

it requests administrative rights regardless if you right click or not. You will always get a UAC popup asking for permission. g.gif

That's only true in an administrative user account. If you are logged in as a limited user, there will be no UAC prompt and it will run with limited privileges/permissions using the same limited credentials as the limited user account.
Link to post
Share on other sites

  • Staff

It's safer to make your primary account a Standard user and the Admin account should be separate, right? I heard this may reduce the damage of a malware attack, should one ever take place.

Yes, it's a good practice, however, because of User Account Control, a lot of malware these days deliberately installs and functions in such a way that it does not require administrative privileges, meaning user account control and even Standard (i.e. Limited) user accounts don't do any good against it.
Link to post
Share on other sites

I'm not aware of any sandbox that protects the entire drive(other then a virtual state program like Returnil). Depending on the type of sandbox usually unknown programs(if the sandbox program is included with a security suite) or programs that you choose. Sandboxie for example just isolates programs that you choose such as web browsers and if you have the paid version you can automatically force a browser to be sandoxed all the time.

Link to post
Share on other sites

  • 3 weeks later...

Hi all, sorry for the delay.The account I have is only the administrator and from there I ran mbam, true is the same if I right click or double-click mbam will always appear audit accounts, but what say the time difference? this is normal? What is the correct way to run mbam?

thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.