Jump to content

Quarantined PUP's


Recommended Posts

Assume the following: -

 

1. MBAM Threat Scan detects PUP's on computer.

2. User selects PUP's for removal

3. MBAM quarantines selected PUP's

4. User restarts system to complete the process

 

Following the restart, if the User runs MBAM Threat Scan again, when the Scan reaches Heuristic Analysis all the previously quarantined PUP's will again be identified as a potential problem requiring the User to repeat the removal > restart process.

 

Is the above behavior normal and in accordance with the manner in which MBAM has been designed?

 

If the above is normal behavior it seems to be somewhat counter-productive.  If an item has been quarantined then I would have thought that it would be ignored in future scans.  If the above is not normal behavior then I would appreciate some thoughts as to why this is happening and what the User can do to prevent it.

 

Thanks

 

T.

 

Link to post
Share on other sites

No that is not normal, once detected and quarantined then it should no longer be detected in a subsequent scan.

If your are having this issue then there is more going on that keeps reinstalling the infection, (then again we would have to see what is being detected to give a more precise answer) but like I said, we would have to know what is being detected.

If you like you can provide a the latest scan log with the item detected for review.

Link to post
Share on other sites

Hello Firefox, thank you for your reply.

 

Careful and repeated testing this morning has shown the following: -

 

1.  If the User is logged-in as a Standard User then the behavior as described in Post #1 applies.

 

2.  If the User is logged-in as an Administrator then the "normal" behavior as indicated in Post #2 applies.

 

The above testing has only been performed on W8.1 machines.  When I have an opportunity I will repeat the test on W10 machines.

 

T.

Link to post
Share on other sites

If you are doing a manual scan in a limited account, it needs to be Ran As Administrator or it will not have the needed rights to removed the infections.

 

If you have a scheduled scan being performed, make sure the scheduled scan was scheduled while logged in as an administrator account.

Link to post
Share on other sites

Firefox, thanks for the information.

 

None of the people that I asked were aware of either of the points that you mentioned - including myself. 

 

With regards to point #1 in your Post #4....  ".....If you are doing a manual scan in a limited account, it needs to be Ran As Administrator.....".  It is not obvious from the Dashboard as to how a User logged in with a Standard Account (W8.1 and W10), can run a Scan with the "Run as Administrator" permissions.

 

I assume that this must be done from elsewhere and not from the Dashboard..?

 

When a User goes through the process as described in my Post #1, there is no error message telling the User that the process has failed, therefore the User will assume that the process has worked and that the infection has been cleaned.  There are two possibilities to to resolve this issue: -

 

1.  A message could be added something like "You are not authorized to perform this task, please refer to the System Administrator"

 

OR

 

2.  The UAC message box could be activated allowing the User to enter the Administrator password in order to complete the task and remove the infection.

 

T.

Link to post
Share on other sites

To run as an admin in a limited account...

Right Click on the MBAM icon on the desktop and click on Run as administrator...  This info is probably mentioned in the Users Guide.

As far as your suggestions are concerned you can post those in the appropriate section titled: Comments and Suggestions --> Malwarebytes Anti-Malware
Link to post
Share on other sites

I run everything as Admin, but this may work. If you are running as admin, right click on the short cut, go to properties, compatibility.

Down the bottom is change settings for all users and check run as admin.

 

I have Win 10 pro and run as admin so don't know if this true for Win 10 "home"

Link to post
Share on other sites

I run everything as Admin, but this may work. If you are running as admin, right click on the short cut, go to properties, compatibility.

Down the bottom is change settings for all users and check run as admin.

 

I have Win 10 pro and run as admin so don't know if this true for Win 10 "home"

 

KenW thanks for sharing this info, but actually this is not recommended by Malwarebytes.  It is best not to change the settings to the shortcut to any compatibility mode, it can cause other issues.

 

Thanks

Link to post
Share on other sites

Using Compatibility Mode at the top,  Vista,Win 7,Win 8 settings are very bad to play with. I went through that trap years ago. Changing the run as Admin setting does not affect anything else to the shortcut or program. This setting can also be changed to the "program.exe" if it allows you.

Link to post
Share on other sites

I run everything as Admin, but this may work. If you are running as admin, right click on the short cut, go to properties, compatibility.

Down the bottom is change settings for all users and check run as admin.

 

I have Win 10 pro and run as admin so don't know if this true for Win 10 "home"

 

Running "everything" as Admin is not something that I would do on my personal computers and I most definitely would not recommend that to a client.

 

Running as Admin should be done on a case-by-case basis.

 

My concern - and I have seen this in the real world - is that users logged in with Standard account privileges (which is recommended) are not aware that MBAM is not removing identified threats and there is no message to indicate this.

 

T.

Link to post
Share on other sites

I only posted because I have seen "run as administrator" mentioned more than once for certain operations. I don't care how others run their computers and don't pay attention to comments about how I should run mine. I expect my security programs to work as a FIRST line

of defense. If they don't do as I expect them to do, they are gone with a big bitch also realizing they can't catch everything.

Link to post
Share on other sites

  • Staff

Something to be aware of is that to run as admin in a standard user account, you first must ensure that mbam.exe is not already running. If you're using the Trial or Premium version of MBAM then mbam.exe will be running as indicated by the notification area icon. First, exit MBAM via that icon, then you may launch MBAM as admin.

 

If the threats are in the admin account or in the HKLM registry location, then admin permissions are needed to remediate.

 

We plan on improving the user experience in standard user accounts in a future program release. The date of that release is yet to be determined. Thanks for your patience, and your feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.