Scan time

[alicez]

Why does it take 5 minutes to run a custom scan (C:) on my Win 7 and then the next time it takes 1 hour45 minutes? (No rootkits enabled, same settings as previously)

 

http://i58.tinypic.com/rwur5y.jpg

http://i62.tinypic.com/296myit.jpg

[daledoc1]

Hi:
 
It appears that you are using MBAM Free.
That version is only an on-demand scanner.
That means that there is no automated scheduling for scans.
 
That means that, when you perform a "custom" scan, you need to manually select which drives and folders and files to scan each time you perform such a scan.
As you can see from the two screen shots, the number of files scanned in the 2 pictures was very different.
The scan that took longer scanned more files.
That is to be expected.
So, the logical conclusion is that different drives/folders/files had been selected for the 2 different scans.

So, one scan checked more files and took longer.
 
There are many, other, different variables that also impact scan times (e.g. Windows version, hardware specs, software conflicts, bad disk sectors, corrupt files, the size of files being scanned, malware, etc).
 
FWIW, routine scanning of the entire system (all drives and folders) is neither necessary nor recommended (Threat scans are more than sufficient under most conditions).

A full system, "custom" scan is a task better suited to your anti-virus (AV).
A better protection scheme would be to upgrade to MBAM Premium.
The Premium version provides real-time protection to help PREVENT infections, while the Free version can only try to detect and remove an infection that already made it on to the computer.
 
In order to better help you with specific advice and suggestions, it would help if you could please provide a bit of system info.
To do so, please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

It would also help us to see the actual scan logs.  Please let us know if you need help attaching them here to review.

Thanks,

ALSO, for additional information:
There is an FAQ Section here: Common Questions, Issues, and their Solutions
And here are links to the MBAM 2.0 User Guide: Online and PDF
And there are many useful KB topics and videos at the helpdesk support page
 

[alicez]

I always do a manual scan (I do not need the auto scan). I always check the drive C: and did so in both of the above cases and only on the same (Win7) computer.

It mentions different objects scanned and I don't know why it would when I checked only drive C: for the scan.

Doesn't the log (as above) show the files scanned?

What I'm thinking now is that my grandson ran a Custom scan on the Flash drive that is connected to my Win7 and that is the reason for the 5 minutes scan results in the History.

However, when I look in the Application Logs it does not show F: drive (the flash drive) anywhere. I just ran a Custom Scan of the F: drive and it did show 5 minutes, but the Application Log shows only C: drive on the right side which would lead me to believe that the C: drive was scanned, when actually it was the F: drive. Why does it show C: drive under LOCATION?

 

[daledoc1]

Hi:

 

There is no automatic, scheduled scan with the Free version.

Actually, the screen shots you posted only tell the number of files scanned. They do not show scan details, e.g what drives were scanned.
 
And, again, to reiterate, a routine full/custom scan of the entire C: drive is neither necessary nor recommended.
A Threat scan is more than sufficient under most conditions and is the recommended type of scan.
This is true for either a Manual scan, or for an automatic, scheduled scan, no matter which version of MBAM, Premium or Free.
 
In order to better assist you, we would need to see the actual scan logs to know what drives/folders/files were manually selected for each of the manual custom scans. If you need help posting the scan logs, instructions are below.
And it would help to have the Diagnostic Logs, as well.
 
 
Thank you,
---------------------

How to get scan logs:
(Export log to save as a txt file for posting in the forum when requested)

• Open MBAM from the desktop shortcut icon.
• Click on the HISTORY tab > APPLICATION LOGS.
• Double-click on the scan log which shows the date and time of the scan just performed (or the one you are asked to post).
• Click EXPORT.
• Click TEXT FILE (*.txt)
• In the "Save File" dialog box which appears, click on DESKTOP.
• In the FILE NAME box, type a name for your scan log.
• A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
• Click OK.
• Attach the saved log to your next reply.

[exile360]

Why does it take 5 minutes to run a custom scan (C:) on my Win 7 and then the next time it takes 1 hour45 minutes? (No rootkits enabled, same settings as previously)

 

http://i58.tinypic.com/rwur5y.jpg

http://i62.tinypic.com/296myit.jpg

According to the images posted, the longer scan was actually run 7 days earlier than the shorter scan and there's a significant difference in the number of objects scanned and there was a detection in the earlier scan.

Also, when posting logs please post the entire log rather than just parts of it. You can use the Copy to Clipboard button if you wish, and then simply paste the log's contents into your post. That's important because otherwise we cannot tell which settings you had enabled/disabled for scanning, though I did notice that scanning of memory objects was enabled which means any processes running in memory would be checked by the scan, regardless of their location (including on C: or any other drive). Additionally, our heuristics checks which are always active will check multiple areas of the system, including some locations on the system drive (the drive Windows is installed on, which is usually C:).

[alicez]

This is so complicated for me to follow. I don't know that much about computers. I did the txt file of Application Log but I don't see how to attach it to this message. I thought there would be a box at the bottom labeled "Attachment," or something similar

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/22/2014
Scan Time: 5:58:53 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.22.08
Rootkit Database: v2014.10.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: XXX
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 321937
Time Elapsed: 5 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)

[exile360]

You did it correctly, I didn't ask you to attach anything . According to the log, scanning of both startup and memory objects are enabled. That means that at least some items on C: will be scanned (in addition to the heuristics checks which I mentioned earlier).

Currently we do not list which folder/drive was selected for scanning during custom scans in logs, but we do plan to implement that in a future release. That way you will be able to tell which paths were chosen for scanning of filesystem objects for the scans.

[daledoc1]

Currently we do not list which folder/drive was selected for scanning during custom scans in logs, but we do plan to implement that in a future release. That way you will be able to tell which paths were chosen for scanning of filesystem objects for the scans.

 

I stand corrected.

I assumed that the scan log would show the drives/folders selected for a custom scan.

My bad - as I never run Custom scans, I made a flawed assumption.

I apologize for the extra work (but now you know how to post a scan log ).

 

In any event, a Threat scan (not a Custom scan of the whole C drive) is really all that's routinely needed.

But, it's up to you, of course.

 

No matter what, though, as Exile360 points out, different scans on different days (of different drives) will result in a different number of files scanned.

That will change the scan times.

 

Cheers,

[alicez]

So I am okay?

 

Re: Your "Currently we do not list which folder/drive was selected for scanning during custom scans in logs, but we do plan to implement that in a future release. That way you will be able to tell which paths were chosen for scanning of filesystem objects for the scans."

I think that would be a good idea to show people which drive was scanned. In my case it would have been helpful if I had seen drive F: and then I would have know that it was the Flash drive that was scanned and the reason for the time of scan being only 5 minutes.

[exile360]

Yep, everything looks fine .

And yes, we'll definitely be changing the logging in the future to have it show the location being scanned for custom scans. It would definitely eliminate a lot of confusion, especially if a user is reviewing a log from a scan that took place a long time ago (or as in this case, the scan was run by a different user) and they might not remember which folder or drive they selected for scanning. We intend to do the same thing for right-click context menu scans of files and folders.

[alicez]

Thank you.

[exile360]

You're welcome