Need some clarification about potential threats settings and about Hyper Scan

[throkr]

Hi,

1. Following the scan progress, Hyper Scan includes memory, startup, file system, heuristic analysis and potential threats but the scan summary mentions "deactivated" for startup, file system and  heuristic analysis (see attachment). Did I miss something here ?
2. If under Protection Settings > Potential Threats, I set e.g PUP to "warn user" (meaning : "You will be alerted to the detection, and you may choose to ignore it, create an exclusion, or treat it as malware."), this setting is taken over by all 3 scan types. But I noticed that in this case the scan summary mentions "deactivated" for PUP. If so, how could MB possibly detect them and warn me as this seems to correspond more to the protection setting "Ignore detections: Malwarebytes will not act on detection, nor will you be alerted." ?

MalwareBytes version 3.0.5.1299 - Win10 1607 (Build 14393.576) Pro x64

Thanks for your time !

Scan summary Hyper Scan.txt

Edited December 23, 2016 by throkr
typo

[throkr]

Hi,

In addition to my previous post, I have another question concerning the option to "check for updates before scanning" under the scheduled scans settings. Well, in fact this "option" isn't one as it will always stay checked (even if the user unchecks it, it'll revert to checked after closing this window). 

Of course I agree with the idea to always scan with the latest possible updates, but is this normal ? (..... just curious .....)

Again, thanks for your time !  

[Erix]

throkr:

Thank you so much for bringing up 3 quite excellent points! You are correct:

- Startup on the summary for Hyper Scan will show as "Disabled" even though the Startup Scan phase does in fact take place, Hyper Scan checks startup objects but not in the same way as  Threat Scan. Ultimately that label on the summary needs to be either split or reworded to be more specific (better describing of what goes on), and we are working precisely on that just haven't gotten to it yet. 

- We still have a Known Issue out there relating failing to honor the PUP, PUM settings under certain circumstances. That said, exactly how to interact with the User in all possible scenarios of Scan (Scheduled or on demand) or Real -Time detection so that the application can honor the setting for prompting is as you well explain, not necessarily straight forward. We are working on more descriptive wording for the setting in short-term and more control for managing this type of detection long-term.  

- Finally "check for updates before scanning" is like a human appendix, something that stuck because nobody challenged its usefulness throughout the development cycle. Rather than take it out, for the time being, we let it exist because it will become valuable for the business edition of the product where it can be configured to get updates from either cloud or centrally.

Hopefully this helps in some way clarify, our company exists precisely because of your participation we hold with the out most value your feedback, so thank you very much again and please allow me to keep you posted in our progress towards the improvements you bring forward.

-Erix

[throkr]

Hi Erix,

Thank you for these explanations; I will observe the evolutions in the next releases.

[Firefox]

The "check for updates" feature was implanted if I recall correctly back in version 2.

Basically this feature was introduce for user safety, as some folks forgot to manually check for updates (when running the free version) before performing a manual scan.  This would cause the user to scan a computer with an outdated DB (days, weeks, sometimes months behind) to avoid getting False Positives or False Negatives.

 

[throkr]

Thanks Firefox for this additional details. I must admit that I often forget about the free version as I am using the paid one since version 1 (since so many years now ...).