Jump to content

Why no option to quarantine?


Recommended Posts

I just ran a scan on my Toshiba laptop, which has a small amount of hours on it. There were PUPs found, which is fine. But why am I not given an option to quarantine them so that if something is removed that shouldn't have been I can go in and put it back in place?

post-22338-0-85729700-1377900128_thumb.j

Link to post
Share on other sites

Hi, Nikilet: :)

 

PUP = Potentially Unwanted Program -- they are not malicious, per se. That's why they are not automatically checked for quarantine.

This KB topic explains what they are AND how to decide whether to delete them or keep/ignore them: What are the 'PUP' detections, are they threats and should they be deleted?
Malwarebytes Anti-Malware recently adopted a more stringent policy towards these sorts of detections: Malwarebytes Adopts Aggressive PUP Policy and PUP.Optional listings and disputes

To summarize: The default action for PUP detections is 'Show in results list and do not check for removal."

If you want Malwarebytes Anti-Malware to remove all of these PUP detections reported after a scan, each item must be checked.

  • To do so quickly, you can highlight one of the detections by left clicking on it.
  • Then, right click on the highlighted detection, and select 'Check All Items'.
  • Next, click 'Remove Selected'. That should address the PUP entries.

If you want to keep/ignore the PUP detections, because they are familiar to you and you use them, you can add them to the Ignore List. (But please see MysteryFCM's recommendation in his earlier reply.)

If you want to edit the way PUP detections are reported, you can edit the MBAM settings, as described below:

  • Open Malwarebytes Anti-Malware, click the 'Settings' tab.
  • Click the 'Scanner Settings' tab
  • Click the menu bar for each and select one of the following options: "Do not show results in list", "Show in results list and check for removal", or "Show in results list and do not check for removal".
  • When done, click the 'Exit' button

>>Having said all that, if you are not sure what to keep/ignore and what to remove, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified malware analyst will guide you through the cleanup process.

 

Hope this helps,

 

daledoc1

Link to post
Share on other sites

It was really nice of you to go to so much trouble and time in explaining this to me. I am one who is glad MBAM adopted their more stringent policy with regard to these PUPs because although you said they are not malicioius per se, I would call what many of these items can do to the workings of one's computer pretty malicioius.

 

In any event, my question is why I can't select the items and then have an option to quarantine them, rather than to remove them. The only option I am presented with is "Remove Selected."

 

I think these all seem to have something to do with something called Crossrider, which I do not recognize. I Googled it but what I read still doesn't make it very clear to me. If I could place the items in quarantine and then discovered I do need them for some reason, or any one of them, I could go into quarantine and restore it. But once I remove it, it's gone. In the past when PUPs were found I was given the option to put the items in quarantine. 

Link to post
Share on other sites

Hi:

 

You are most welcome. :)

 

I could be wrong (and the staff/experts will correct me if I am), but when you "remove" items, they are put in quarantine, no?

 

EDIT: This link is supposed to be to a video explaining how to restore from quarantine -- I am not seeing anything when I try the link, though: How to restore items from Quarantine The page is there, but there is no video link, for some reason.

Does the link work for you?

 

We'll see what the more expert folks have to say. ;)

 

Cheers,

 

daledoc1

Link to post
Share on other sites

FYI:

 

When I click the link for that video tutorial in Fx 23.0.1, I see this, even though I have Javascript temporarily enabled and all privacy extensions temporarily disabled.

YLGmpZO.png

 

The same page DOES show the video content in IE9, so it must be something with Fx or with my profile (extensions, etc).

I will test out some of the other video tutorial links and send a PM to the forum admin team if it's reproducible.

 

Does the video display for you in Firefox????

Link to post
Share on other sites

Thank you. I will rescan and carry through. I didn't last time because I feared removing the items and then finding out I had goofed. Yes to your question on the link showing how to restore from quarantine. The video link was there.

 

So I will retry this and hopefully I won't have to come back and bug you any more.

 

Thanks so much for your patience and help.

Link to post
Share on other sites

  • Root Admin

Generally speaking (as far as I'm concerned with my own computer) unless it is an obvious False Positive then any PUP found on my computer is going to get removed period as I feel ALL of them are junk.

Now what you might find is that we don't remove enough of them and in that case you may need to seek further assistance as DaleDoc1 has pointed out.

Thank you again

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.