Jump to content

A couple of suggestions for 2.0


syndreas

Recommended Posts

Hello!

Last night I posted a forum topic here at Malwarebytes forum, because I was confused how the new UI worked in 2.0. Not to repeat myself, here's a link to the topic: https://forums.malwarebytes.org/index.php?showtopic=146896.

 

Long story short I am unhappy how the new version of MBAM works. Mostly because it's greatly different from the 1.x-versions of the same product. I am a "malware victim helper" on a certain Finnish Anti-Virus Portal and what I'm trying to do is create a simple step-by-step instructions on how to install MBAM, scan your computer, remove threats and inform your helper with .txt-files that MBAM creates.

 

Now in MBAM 1.x-versions, the procedure was very simple. You installed MBAM, updated it, scanned with it, removed the threads (usually without quarantine), and after those the program would automatically create a text file that would tell the helper if the threats were removed or not.

 

So let's see how the 2.0 works. Everything goes fine until I've scanned my computer. So after the scan finishes, the program will BY DEFAULT ignore all threats. The action column will actually automatically show "Ignore Once" for every threat the program has found. Seriously, what is this? If the victim presses the "Apply Actions" -button the program will do nothing to the found threats? Why doesn't it "automatically" put those threats to quarantine instead of choosing not to do anything? And better yet, why isn't there a "Remove-all-threads-immediately" -button like 1.x-versions had. Well ok, somewhat I can understand why there isn't that kind of a button, since there can be false positives and such, but, still the program could automatically create a backup for such things, for example.

 

So now I have to press the "Quarantine All" -button. In order to remove the threads, I have to wait until the the computer restarts (although the program said that when I restart, the threats will be removed, but apparently it is not like that (NOT SURE IF THIS IS A BUG OR NOT)) and after that go to the History tab in MBAM and remove them MANUALLY from the list. Don't you guys see the problem here? You guys are purposely making it hard for the victim to use this program to get rid of malware.

 

Then the .txt-files that the programs creates. Apparently there's only 1 .txt-file created through this whole procedure, which I think is odd, considering what the .txt-file contains. What it contains is just information WHAT the program has found, but no indication whether the threats have been removed or not. As a malware removal helper, this makes me wonder whether the victim has been successful in removing the threats. In 1.x-version of the products the .txt-file actually showed if they'd been removed, for example, "Deleted on restart" or something, I can't remember it correctly.

 

So for shorts, the newest version of MBAM:

 

  • BY DEFAULT ignores all threats, only lets you quarantine threats and doesn't let you remove threats immediately.
  • Doesn't remove threats on restart, even though it says so (yet again don't know if this is a bug or not).
  • Makes you manually remove the threats from quarantine to completely remove threats from pc.
  • Doesn't create an informing .txt-file about the removals when the procedure is done.

 

Compared to 1.x-versions:

 

  • By default, removes threats with restart if necessary.
  • When the restart has happened the threats are already gone.
  • Creates a .txt-file in front of your face when you restarted the computer and tells you if the threats have been removed or not.

 

I hope I've explained this clearly enough for you guys.

 

syndreas

Link to post
Share on other sites

It would certainly help to see what items (which you're referring to as threats) came up in the scan in order to be able to determine why this is occurring.  For example, in MBAM settings, Under detection and protection, there are a couple of options for non-malware,, Potentially Unwanted Programs (PUP) and Potentially Unwanted Modifications (PUM), both of which, by default, I believe are set to Warn users about detections but which also have two additional options:  Ignore detections and Treat as malware.

 

I suggest that you take a look at the MBAM 2.0 User Guide and the staff developed MBAM 2.0 User FAQs for more information.

Link to post
Share on other sites

It would certainly help to see what items (which you're referring to as threats) came up in the scan in order to be able to determine why this is occurring.  For example, in MBAM settings, Under detection and protection, there are a couple of options for non-malware,, Potentially Unwanted Programs (PUP) and Potentially Unwanted Modifications (PUM), both of which, by default, I believe are set to Warn users about detections but which also have two additional options:  Ignore detections and Treat as malware.

 

I suggest that you take a look at the MBAM 2.0 User Guide and the staff developed MBAM 2.0 User FAQs for more information.

 

Oh ok so basicly if the foundings are PUP or PUM the program will ignore them by default if you haven't changed the settings? Yeah MBAM only found 2 PUPs from my pc and I immediately thought that it does the same for viruses too which would be super weird. I'm glad you told me this thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.