Jump to content

Different scan results in Admin and Limited accounts?


Recommended Posts

Good day,

I have a few observations I'd like to ask about:

1)Why is it the quarantined files in Admin account don't show up when I open MBAM in the limited account? Does this mean the quarantine for the limited account is different from the quarantine of the admin account?

2)Can MBAM be updated when in a limited account? will their be anything wrong if I update from a limited account?

3)Why MBAM show obviously different results when scanning in admin and limited acct? Does this mean I have to run different scans for each account? (it scanned lesser number of files at a longer amount of time when used in the limited account and I'm not sure if it scanned same files from the limited and admin account)

P.S. I have an AV and ASW/ARK on access protection but only MBAM caught Trojan.Agent(install.exe) on demand. This is the 'thing' in the quarantine of the admin acct. which does'nt show in the quarantine of the limited acct. After catching this in Quick scan I again ran a Full scan in admin then another Quick scan in limited, it did not catch anything. What exactly is Trojan.Agent and am I done with it?

Link to post
Share on other sites

1)Why is it the quarantined files in Admin account don't show up when I open MBAM in the limited account? Does this mean the quarantine for the limited account is different from the quarantine of the admin account?

Because these are two different accounts :)

2)Can MBAM be updated when in a limited account? will their be anything wrong if I update from a limited account?

You can't update from a limited user account because a limited user is not allowed to write to c:\programs\mbam :)

3)Why MBAM show obviously different results when scanning in admin and limited acct? Does this mean I have to run different scans for each account? (it scanned lesser number of files at a longer amount of time when used in the limited account and I'm not sure if it scanned same files from the limited and admin account)

I think you should run it from the admin account to scan the whole system :)

Link to post
Share on other sites

I could be wrong but it's my understanding that what elero said was correct... You can't update from a limited user account because of it's inability to write to the MBAM directory. However, it is also my understanding that the best method to scan is from the infected user account which would be the limited user account in this case. So maybe you could elevate privileges to the limited user to update and then immediately remove those privileges before scanning. Not sure if that would be the best method. I'd be interested to hear back from someone a little bit more knowledgeable.

Keith

Link to post
Share on other sites

I'm not sure why MBAM can't update on a limited account, it stores its database in the all users application data, which can be written to from the Guest account (I just tried creating a text file, and it worked). I think it's best to run MBAM under an admin account, since it needs to load its driver for direct disk access. Programs that are run under limited accounts do not have permission to load drivers (I think, not 100% sure). Also, if you run it under an admin account, you shouldn't have to run it on any other user's accounts, since MBAM is capable of finding the paths to other user's files (open MBAM, go to 'More Tools' tab, and click 'Collect Information'. It will find everyone's folder locations).

Link to post
Share on other sites

  • Root Admin

To remove all traces it needs to run in the following manner.

1. First and subsequent runs until logs are clean.

Run with an account that has Admin rights.

2. If there are 5 accounts on the system then all 5 of them should run a scan to remove any potential Registry items left over from Malware. They do not require Admin rights to run.

Link to post
Share on other sites

am i reading this wrong ?

i get the impersion that alought the admin account mabye unifected.

the user account might?

i ask as i cleaned up (no i am not sure i have) my daughters laptop witch is a vista os.

am i right to think that her account might still have malware on it?

(i never thought about malwarebytes not scanning her account as the other tools i used did)

please rply becuse that laptop cost me a fortune

also i have to ask her to bring it around to my house as she lives with her mum so i cant easily look to check.

however if theres a chance its is infected i will have to get it brought round again.

i scanned a few days ago but did it in admin. i will need a vaild reason to get her mum to bring it over again,its only ussaly brought over once a mth or more for me to check,update ect.

Link to post
Share on other sites

  • Root Admin

File and Folder Malware and all common HKLM keys of the Registry will be scanned and cleaned. The only portion that will not is the HKCU current user Registry data. In most cases it is harmless without the files it links to, but one should still scan the system while that user is logged on as well.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.