root kits

[Peterr2]

Root kits are not enabled. Are they beta and would you advise enabling the box?

Thank you

[anachromat]

Hi.  See here:

https://forums.malwarebytes.org/index.php?showtopic=145537

 

Short course:  rootkit scanning is disabled by default simply because it may increase scan time.  Up to you!  I turned it on, and it made very little difference to scan time on my box.  Suit yourself 

[Peterr2]

I will enable both pcs. If scan time is the basic reason, I would rather spend a bit of time to be covered re: root kits - they are miserable things..

Thank you

Peter

[daledoc1]

Just to add, for technical reasons, ARK (anti-rootkit) scanning is NOT supported on drives encrypted with any method other than TrueCrypt.

So, if your HD is encrypted with BitLocker, SecureDoc or other method, you'll need to disable ARK scanning (regular scanning is fine).

This is explained in the FAQ.

Also, see here.

 

 

Cheers,

[Peterr2]

That is a good thing if removing encryption is not a big endeavor.

One can run MBAM with root kits enabled and encryption off, then enable encryption , if that is how it goes.

All I know about encryption is you need the recovery partition, I think.

Anyway my pcs have root kit ticked regardless of speed and I have 6 GB ram, 3.30 GHz speed,  so I should be ok.

[daledoc1]

Hi:
 
Decrypting one's hard drive is a complicated matter and not generally recommended under routine circumstances.
(It depends on the technology used to encrypt it.)
But I think that might be a separate issue from your original question?
 
I was merely pointing out that the anti-rootkit (ARK) scanning feature in MBAM 2.x is NOT supported on a hard drive that is encrypted with a method other than Truecrypt, as explained in the FAQ.
 
So:
If your hard drive is NOT encrypted, please feel free to enable the feature in MBAM 2.x. in "Detection and Protection" settings and in the Advanced Settings for your scheduled scans (if using MBAM 2.x Premium).
If your hard drive IS encrypted with BitLocker or another method, then you will need to disable the ARK feature in MBAM 2.x, as it will not perform properly and is not supported.

ALSO, for additional information:
There is an FAQ Section here: Common Questions, Issues, and their Solutions
And here are links to the MBAM 2.0 User Guide: Online and PDF
And there are many useful KB topics and videos at the helpdesk support page

 

Cheers!

[Peterr2]

Yes, I understand encrypting and the root kit selection are 2 different topics or threads.

Your information has been very helpful and thank you for it.

Peter

[daledoc1]

Hi:

You mentioned:
 

That is a good thing if removing encryption is not a big endeavor.

So, I was just trying to clarify that it, yes, removing encryption can be a big endeavor (e.g. a factory reset, as you mentioned).

 

If you run into any problems with ARK scanning, please feel free to post back and someone will be happy to assist you.

(FWIW, I have it enabled on my 2 unencrypted rigs running MBAM 2.0, and it works just fine, with no major increase in scan times.)

 

Cheers!

[Peterr2]

Good to hear and thank you for your support.