Jump to content

protection finds PUP, doesn't quarantine


Recommended Posts

hi. i run your premium version on a couple dozen machines, mostly win 7 pro. since updating to v2 i've noticed this on a couple of machines. the user will tell me they have the 'database is outdated' message in their tray and clicking update doesn't make it go away. i get on the machine and open mbam. on the dashboard it says the db is outdated, but the 'update now' link doesn't do anything. then i go to the scan page and there will be one or more pups (lately mysearchdial) listed. they're selected to be quarantined, but i have to click the button to do it. after a few seconds i get the happy green bar, then the db updates, then the scheduled scan runs. but it seems like when the realtime protection detects a pup it pretty much stops everything until i manually go in and tell it to go ahead and complete the selected action. it won't do scheduled scans or updates, it just keeps showing the db needs to be updated message. i have PUP set to treat detections as malware, and in advanced i have automatically quarantine detected items checked. so when protection detects pup, why doesn't it just quarantine and move on? i've seen this on 3 different machines now. what do i have to do to fix this?

 

thanks

Link to post
Share on other sites

Hi and welcome, mpfogarty:
 
Some malware/PUPs require the use of multiple tools for complete removal.
I know you mentioned that MBAM is configured for their automatic quarantine, but you might want to verify that your settings look like those in the screenshot.
 
If you would like expert help with scanning and cleaning, then I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the process.

You would want to open a separate topic for each machine.

 

>>>>Having said that, as you mention "a couple dozen machines", it sounds as if this might be a business/corporate/educational setting?

If so, your MBAM Business license entitles you to free, one-on-one support via email from the Business Help Desk.

With so many affected machines, that will probably be more efficient than posting in the malware removal section of the forum targeted to home users.

 

Also, please note, the Business version of MBAM is still on 1.75 -- version 2 for Business/Enterprise/Corporate has not yet been released.

Use of the Consumer, home version of MBAM in that environment would be a violation of the EULA. :(

 

The Business Help Desk can be contacted by opening a ticket here: Contact Business Support.

They can assist you with both licensing problems and with getting the machines in question properly configured and cleaned up.

Thanks,

post-29793-0-22939900-1405766953_thumb.p

Link to post
Share on other sites

i sure don't want to violate any agreements. i originally bought about 30 licenses for business use years ago on cleverbridge reference number 4980397. at that time there wasn't a distinction between business and personal use and those licenses were installed on business machines. as those machines have been decommissioned i have moved the licenses to new machines, also for business use. i did not seek out upgrades, the machines started telling me that the new version is available and i needed to upgrade, so i did. what should i have done instead?

 

i don't need help with scanning or cleaning, i think everything is good. non-malware protection settings are indeed as you have indicated above and in advanced i have automatically quarantine detected items checked. i'm just trying to understand why, when pup is detected, v2 stops updating and running scheduled scans and just displays the confusing 'database is outdated' message until i manually process the quarantines, instead of automatically quarantining the files or registry entries and then continuing normal operation. i don't see how that could be affected by whether the computers are at my home or at the office. 

 

thanks

Link to post
Share on other sites

Hi:

 

Thanks for the update and clarification.

As I am just a home user and forum volunteer, we'll need to wait for our Forum Admin, AdvancedSetup, or another staff member, to assist you with sorting out the licensing matters.  I am confident that the support team will be able to work with you on that.

 

As for the PUP detections and the associated updating and quarantining issues, it's hard to say without a bit more data.

Each computer is unique, and each affected system would require a bit of individual troubleshooting, including collecting some basic system logs. This particular forum is targeted mostly to individual home users with one personal computer at a time. It can be a bit confusing to work on multiple systems at once in a public forum.  That is why I suggested opening a ticket at the Business Support helpdesk.

 

Having said all that, a couple of things come to mind, generically:

  • Some forms of malware/adware/PUPs require use of multiple different tools for complete removal, as well as resetting of browsers and other actions to prevent their reappearance. The complexity of finding, preventing, and cleanup from malware.
  • Also, if an MBAM scan has detected items (especially PUPs and PUMs) for which the user has not configured automatic quarantine (or which are otherwise awaiting user action), those "Detected Threats" will prevent the program from updating.  That is a bit of a quirk/bug in version 2 that is due for a fix with a future release.  So, if you are seeing PUPs in the scan detection that need to be dealt with, that may explain why you can't update.

And having said all THAT, we would need to see some diagnostic logs, ideally from one system at a time, in order to determine what's going on and how to resolve it. 

Adware/malware/PUP removal is conducted in a special, dedicated area of the forum by trained experts, one-on-one with the user.

 

So, at this time, I would suggest that you please start with the advice in this pinned topic: Available Assistance for Possibly Infected Computers

A malware expert, either in the malware removal section of the forum, or at the help desk, will then assist you with getting the computers cleaned.

 

AdvancedSetup or another staff member will most likely have additional recommendations or advice for you.

Thanks for your patience and understanding,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.