MB Endpoint will not scan files on network drives?

[kbarry]

Do I understand that correctly?  We have workstations setup with their desktops, and my documents, my etc etc redirected to a network drive. None of that will be scanned then?

 

 

[Lazz]

Hi KBarry

 

Malwarebytes Anti-Malware generally will not scan network drives due to permissions issues.  I apologize for the inconvenience.

 

Malwarebytes Anti-Malware will still protect these computers as the realtime protection works by stopping malware on access.

[brino]

Lazz and KBarry, Sorry for jumping into your conversation "uninvited".

 

I spent a few weeks going back-and-forth on this same issue.

I originally noticed this behaviour when I upgraded from MBAM version 1.75 to 2.00.0.1000.

 

It started with this:  https://forums.malwarebytes.org/index.php?/topic/145355-on-demand-scan-always-reports-objects-scanned-0/

 

Initially I thought the problem was with the new version of MBAM.

After a few weeks going thru a support ticket "Request #427533 right-click on demand scanning a file on NAS does not work" we determined that it was NOT an MBAM v1.75 vs. MBAM v2.00 issue, but instead a difference between WinXP and Win7!

 

On WinXP both MBAM v1.75 and v2.0 can scan a file on a network drive.

On Win7 neither MBAM v1.75 or v2.0 can scan a file on a network drive.

Therefore I am convinced that it is an OS permissions issue.

 

It is dangerous, because the pop-up _looks_ like it scanned and says all okay, but if you look closely it reports "Objects scanned: 0".
It is very easy to miss it because it still takes time to run the "prescan", and the results screen has a green banner reporting "Sacn completed successfully! No malicious items were detected!".

 

I still believe this issue should be clearly published somewhere.

Someone could easily get infected by installing something from a remote drive after they have scanned it and believe it to be clean.

(Perhaps not on a mchaine with MBAM installed since as Lazz mentions it would have real-time protection, but perhaps on another machine.)

 

Good Luck and Stay Safe!

brino

[igotgame1075]

I was able to work around this, by manually opening the network drive contents and selecting the folders/sub-folders, then right-clicking and manually scanning. It will go through the pre-scan and then actually start and finish the scanning this way, verses it just completing the pre-scan and not actually looking into any objects on the network shares by initializing it through the mapped drive letter. 

 

It's my understanding that while this does work, it is just a top level scan and it doesn't use the DDA and DOR drivers. This isn't a concern for me since I'm not worried in scanning the actual endpoint machines, but rather just the file contents within the share.