Jump to content

Scanning W7 Machine With 2 Users


Recommended Posts

I searched for the answer to this but could not find much. If I missed

it, please point me to the right area.

 

Running Windows 7 machine with 2 password protected User logon IDs.

 

Under User A userid, I installed and set MBAM Pro up the following way:

[settings/Scheduler Settings/Perform scheduled scan from system account] is checked.

 

Three tasks were set up:

Update task: Daily, Flash scan after update.

Quick scan: Daily

Full scan: Weekly

 

I then initiated a full scan.  While the full scan is running, I note that

I cannot access parts of the MBAM UI - this is understandable, as it is

busy. I mention this, as when I log into User B, I _can_ access all of

MBAm's UI, leading me to believe MBAM works independently,

and even concurrently from one user ID to the next.  

This points me down the path to believing I need separate scan

tasks per user, but please read on..

 

After I set the above tasks up and initiated the full scan, I switched users

and logged in to User B. In the MBAM UI under Settings/Scheduler Settings,

I see the three tasks listed that I had set up under User A.

 

My question is, do I need to schedule a separate daily Quick* Scan for user B?  

My assumption is (correct me if I'm wrong) the quick scan I originally set

up while logged in under User A's ID only scans system files plus User A's documents folder

(or other user specific folders) and not User B's folders, regardless whether one,

both or neither user(s) are logged in.

Hmm....maybe Quick scan does not scan user owned folders - perhaps it's left up to Full scan?

 

*I am also assuming a Full Scan scans everything on the computer,

regardless whether one, both or neither user(s) are logged in.  

 

In other words, my assumption is all folders and files are scanned on a

Full scan, no matter who owns what. For example, Users\UserA\Documents 

and Users\UserB\Documents are both scanned. Thus, no need for me to worry

about having to schedule a separate weekly Full scan to cover User B's

owned folders under User B's login.

 

I am hoping to hear "One Update/Scan set like you have is all you need." :-)

 

Thanks for your help.

 

Link to post
Share on other sites

Hello neonjoe and :welcome:

 

That's actually a good question and one that many probably don't know the answer to.  It has been discussed a few times before but I don't believe we have it listed in the current FAQ.

 

What happens is that normally during the initial install and setup using an account with local admin rights is that it sets up an administrative scan that has full access to the drive and data.  It will also have full access to the HKEY_LOCAL_MACHINE (HKLM) portion of the Windows Registry that affects all accounts on the computer.  So in 99% of all infections that setup is able to completely remove any known infections.  What it cannot do is open the HKEY_USERS (HKU) keys for all of the accounts on the system.  However since any files found can be removed any real threat would be neutralized by that scan and removal.   What can be left over is reference to items that are only stored in the HKEY_USERS (HKU) key and thus may have no other known existence on the system.   In those rare cases all that is typically done is the use of scare tactics typically by a bogus website entry.  In that case then yes the current user would also need to run their own scan to remove the entries that may be stored in their portion of the registry.  Please note that HKEY_USERS (HKU) entries do not affect other users on the system even if that user is a local admin.  It needs to be stored in the HKEY_LOCAL_MACHINE (HKLM) keys to affect other users.  As said though, in most cases the files are found and removed and what one might see is a user complaining that they get an error when logging on that some file cannot be found.  That is due to the registry having a link to a file that was removed.

 

Hopefully that answers your question but if not please let me know.

 

Thank you

 

 

 

 

 

 

 

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.