Am I missing some updates?

[abuela]

Some updates seems to be missing/skipping and others seem to be duplicating from what I can see.  I have set to update its database once per hour.  Also I turn the PC off when not in use.  I've enclosed some protection logs so that you can see what is happening. 

 

What could be the problem if there is one and what can be done to it to correct if the updates are not working correctly?  Attached some protection logs so you can advise me what to do.  Thanks for looking at the logs.

May 28.txt

May 29.txt

MBAM May 30.txt

[daledoc1]

Hello:
 
Welcome back.
 
At first glance, those logs appear to be quite normal.
 
Just to clarify a few things:

• As you already know, MBAM can not check for updates when the computer is not turned on.
• The timing of the first & subsequent update checks after booting the system depend on your automated scheduler settings, especially the "Recover If Missed By" setting.
• Scheduled hourly update checks will be randomized +/- 15 minutes to balance server load.  So, for example, if you have update checks scheduled for hourly, "on the half hour", the check will occur sometime between XX:15 and XX:45.
• Just because MBAM checks for an update ~hourly, that does not mean that a new database is available every time. There are usually only 6-15 updates per 24-hour period.
• When MBAM checks for updates and no new database is available, that update check will not show up in the logs. Only those update checks that occur when a new database is available and downloaded will appear in the logs.
• Sometimes, the Research Team might need to issue a series of frequent updates -- rarely more than 1 or 2 in a given hour.  This could be due to an urgent, zero-hour threat, a rare false positive, or other reason.
• In that case, if your MBAM checks for updates an hour or so later, the update version might appear to "skip" a version or two. That only means that there had been an intervening database update in the hour since your system last checked.
• It's nothing to worry about.

If you need more help with this, please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thank you,

[abuela]

Hi daledoc1.  So in effect when for instance there is an update #1 but the next one is an update #4 then there is nothing to worry about?  (no update #2 and no update #3?) Also when a previous update #4 appears AGAIN as an update #4 is that normal?  Skipping update #s and duplicating updates is normal then?

 

Thanks.

[abuela]

Forgot to write that I don't have anything put in the *Recover if missed by*  Should I put a time in the advanced due to the fact that I shut off the computer at the end of the day? 

[daledoc1]

Hi daledoc1.  So in effect when for instance there is an update #1 but the next one is an update #4 then there is nothing to worry about?  (no update #2 and no update #3?)

• Sometimes, the Research Team might need to issue a series of frequent updates -- rarely more than 1 or 2 in a given hour.  This could be due to an urgent, zero-hour threat, a rare false positive, or other reason.
• In that case, if your MBAM checks for updates an hour or so later, the update version might appear to "skip" a version or two. That only means that there had been an intervening database update in the hour since your system last checked.
• Strictly speaking, nothing is being "skipped", as the database updates are incremental and cumulative
• It just means that -- for this particular update check on this particular day -- there were one or (even more rarely) more database updates that were issued in the hour since your system last checked.
• Even more rarely, there can be occasional "hiccups" with the update servers.
• Bottom line: The most current database is the most important one at any given point in time.
• So, if your system *appears* to have "skipped" updates, it is nothing to worry about, unless things are seriously out of date.
• Scheduled hourly update checks with a recurrence every 1 hour --as you have yours configured -- is more than sufficient for nearly all users and circumstances.
• While the auto-update checks *can* be scheduled to run more frequently than every hour, doing so is neither routinely necessary nor recommended.

Also when a previous update #4 appears AGAIN as an update #4 is that normal?

I'm sorry, I may have missed it, but I don't see any duplicates in the logs.

 

Each database each day is uniquely numbered, both with the day's date and the version # for that date.

So, on May 30, 2015, the databases will be 2015.05.30.01, then 2015.05.30.02, 2015.05.30.03, and so on.

More specifically, database 2015.05.30.01 is not the same as database 2015.05.31.01.

Each is the #1 version for that day, but each is unique because of the DATE.

If you still need more help with this, I suggest that you please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thank you again,

[daledoc1]

Hi, again:

 

Sorry, I didn't see this other post:

Forgot to write that I don't have anything put in the *Recover if missed by*  Should I put a time in the advanced due to the fact that I shut off the computer at the end of the day? 

 

My personal opinion and practice, with hourly scheduled update checks recurring every 1 hour is: No.

If the computer has been turned off for a period of time, with checks every 1 hour, it will be less than an hour or so before a regularly scheduled update check occurs. The system will catch up on MBAM updates at that time.

From a practical standpoint, though, I often run a MANUAL update check for MBAM as soon as the system has booted and settled down from the tasks that run on system startup and before I go online.  That way, I know I have the most current database before getting on the internet.

(My AV will auto-update 15 minutes after booting, but I often will manually update it, as well, before I go online, for the same reason.)

 

I personally think that the "Recover If Missed By" setting is more trouble than it's worth.

I am comfortable working with MBAM and don't mind some manual tasks.

Other users and staff may disagree, preferring everything to be scheduled and automatic.

 

I wouldn't lose too much sleep over this.

If you still need help, I suggest posting back with the requested Diagnostic Logs.

That way, we can provide more concrete, specific advice.

 

Cheers,

[abuela]

OK daledoc1.  I will leave it that and will do a manual update immediately after booting the computer.  Thank you very much for your explanantion saying that all is well, even as updates are posted as duplicates or seemingly missing.  The May 30 updates show quite cleary the duplicates though as are the others.

 

Thank you very much for your explanations. 

[daledoc1]

Hi:

 

You wrote:

  The May 30 updates show quite cleary the duplicates though as are the others.

 

Unless my senility is catching up with me, and a staff member will correct me if I am wrong, I don't see any duplicates.

 

The log shows what appears to be 4 normal updates.

The first one occurred after it appears that the computer had been powered off for a day or so.

The numbers highlighted and surrounded by the RED box are the database version the program was on BEFORE the database update.

The numbers highlighted and surrounded by the GREEN box are the database version the program was on AFTER the database update.

 

Does this explain what you think you see in the log?

 

Thanks,

[abuela]

Thanks for posting that daledoc1.   Strange, this is what I see in the May 30 Protection Log.  I can't scroll down to show you more.  Confusing isn't it? 

[gonzo]

The first one shows that you updated from 2015.5.29.7 to 2015.5.30.3.

The second one shows that you updated from 2015.5.30.3 to 2015.5.30.4.

They're both very clear.

[abuela]

The first one shows that you updated from 2015.5.29.7 to 2015.5.30.3.

The second one shows that you updated from 2015.5.30.3 to 2015.5.30.4.

They're both very clear.

 

The first one shows that you updated from 2015.5.29.7 to 2015.5.30.3.

The second one shows that you updated from 2015.5.30.3 to 2015.5.30.4.

They're both very clear.

 

The first one shows that you updated from 2015.5.29.7 to 2015.5.30.3.

The second one shows that you updated from 2015.5.30.3 to 2015.5.30.4.

They're both very clear.

OK gonzo, now I understand why I am seeing 2 of the same updates as the second one is *FROM*.  Thank you very much!   English is my third language so sometimes I am struggling with it in understanding everything clearly and am in my seventies so that doesn't help much either.

 

Solved!

[daledoc1]

Hi, abuela:

 

Yes, as gonzo explained, what you depict in your log HERE and in your screen shot HERE is the same information that I tried (unsuccessfully) to explain in my posts and in my screen shot HERE.

 

Each time there is a successful database update, the log will show BOTH the database version before the update AND the database version after the update.

(Before/after = to/from in this case.)

 

It's all correct and it's all good.

Your MBAM appears to be working properly for update checks, based on the information you have provided.

 

Cheers,

[gonzo]

Glad its all making sense now.  To add to this, the first one shows a jump in days AND the "to" update is not the first one of the day.  That likely means that your computer had been turned off, and when you turned it back on, you got multiple updates to bring you up to the latest level.

[daledoc1]

Glad its all making sense now.  To add to this, the first one shows a jump in days AND the "to" update is not the first one of the day.  That likely means that your computer had been turned off, and when you turned it back on, you got multiple updates to bring you up to the latest level.

 

Exactly!

I tried to explain that here, but I guess I get a grade of F- today.

 

Thanks, gonzo.

[abuela]

Hi daledoc1.  The one who deserves an F is me and definitely not you!  I just couldn't get it through my head and understand it.  Thank you very much for your patience. 

 

Hi gonzo, it took me a while to understand but thankfully I do now.  So another thank you very much for you.   

[Axis]

Well, looking at this thread and my own situation (Windows 7 Premium--32 bit and running a server on my machine, which is generally running 24/7) with Malwarebytes Premium I am getting a little disappointed at the releases that seem to slow on weekends and holidays.

 

My Malwarebytes is set to update at 6 AM and with every 6 hour updates...just 4 in 24 hours. I had no update since 6 PM yesterday until I ran a manual scan this morning at 10:23 AM where it updated from "Update, 5/31/2015 10:23:46 AM, SYSTEM, mycomputersuniquename, Manual, Malware Database, 2015.5.30.6, 2015.5.31.1." (I prefer to scan manually.)

Since that update and scan, and failing to get a 12 PM update I manually updated at 3:41 PM and got:

Update, 5/31/2015 3:41:39 PM, SYSTEM, mycomputersuniquename, Manual, Rootkit Database, 2015.5.24.1, 2015.5.31.1
Update, 5/31/2015 3:41:47 PM, SYSTEM, mycomputersuniquename, Manual, Malware Database, 2015.5.31.1, 2015.5.31.3

 

Malwarebytes failed to update at 6 PM, and trying to manually gave me the "No updates available." It is now 9:40 PM and if I try to manually update I get "No updates available." I should be able to get at least 4 updates in 24 hrs. even if it is a weekend or holiday, right? Malware doesn't take a break, and I count on and enjoy the security Malwarebytes gives my server and my machine. I even tried the Chameleon and that scanned but no update was apparently available at 6:29 PM.

 

I have been through the do the process of clean installs in the past. I have been throught the process via email support with the whole diagnosis bit, etc. Software should not be that complicated.

 

Just my experience, friends. It would be nice to get a consistent update schedule, but that relies on consistent releases.

 

Regards,

Axis

[gonzo]

Updates are sent out if updates are needed.  Just because one has not come out does not mean that the guys are slacking off in the back room.  There may be times that doing it the way you're doing it (every 6 hours) would leave you vulnerable.  At other times, that's fine.  Its all a question of new threats and the way that the database signatures are written.  I checked for updates after reading your post, and I am in sync with you.  I also checked for chatter to see if there were any issues being discussed, and there are not.  It probably means its a nice, quiet Sunday.

[Axis]

Hello gonzo--

 

Thanks for the confirmation of your updates being in synch with mine. The "every 6 hours" comes from me needing to manage all the scheduled tasks on my server without conflict.

I appreciate your response.

 

One thing that would be "nice" would be if Malwarebytes wrote to log something like "Checked for updates, no Update available." That would confirm to users that nothing is broken with their installation. Just a thought.

 

Thanks again,

Axis

[1PW]

One thing that would be "nice" would be if Malwarebytes wrote to log something like "Checked for updates, no Update available." That would confirm to users that nothing is broken with their installation. Just a thought.

Hello Axis:

Some folks will change their Premium installs from the default (once per hour) and set database updates for every five (5) minutes!

 

Even hourly checks would fill the logs rapidly. Yours is still a good suggestion as long as other checks and balances are included to counteract system self abuses.

 

Thank you.

[blender]

Hello everyone,

 

Indeed Gonzo & Daledoc1 are correct. It may look like updates are "missing" but where you see this, you are getting all the incremental updates in between as well so nothing is missed.

 

And yes - generally weekends and holidays do slow down for malware. Last night was quite slow. Nice quiet Sunday.