Jump to content

Threat scan only scans 1 drive

Rory_Mercury
 Share

Recommended Posts

Rory_Mercury

Rory_Mercury

Posted
Posted

Threat scan only seems to scan through the SSD that I have win7 and Malwarebytes 3.0 is installed in.

For example, when I perform a threat scan, it goes through 355,000 items. I disconnect my second SSD drive and power cable (the one that doesnt have win7 and Malwarebytes 3.0 installed) and perform another threat scan and only 355,000 items are scanned. Anyway to configure it so threat scans include both of my SSDs?

Thanks!

 

Link to post
Share on other sites
  • 1 year later...
exile360

exile360

Posted
Posted

It scans the boot sector of every drive and it also checks any processes, modules and threads in memory along with their associated files no matter where they might be located so even if a threat is installed on a secondary drive, Malwarebytes should still detect it.  The same goes for the real-time protection component.  It doesn't only check processes running from the main system drive, but those from anywhere on the system.

Additionally, Malwarebytes will scan other drives if you use the right-click context menu Scan with Malwarebytes option in Explorer, or you can perform a Custom scan which is accessible via the Scan tab in Malwarebytes and select any of your drives or even just specific folders to be scanned if you wish.

The reason that the Threat scan only checks the inactive files on the main system drive is because that is how threats install themselves and it was designed to look for and remove actively installed threats.  If it were to scan all drives/files by default the scan would take a very long time.  In fact, most AV/AM products have such a scan.  Microsoft Security Essentials and Windows Defender do not scan any other drives by default in their quick scans either, neither do most other AVs for the same reason, though just like Malwarebytes, they offer the option to scan those other drives manually if you wish.

Link to post
Share on other sites
seasquared

seasquared

Posted
Posted
1 hour ago, exile360 said:

It scans the boot sector of every drive and it also checks any processes, modules and threads in memory along with their associated files no matter where they might be located so even if a threat is installed on a secondary drive, Malwarebytes should still detect it.  The same goes for the real-time protection component.  It doesn't only check processes running from the main system drive, but those from anywhere on the system.

Additionally, Malwarebytes will scan other drives if you use the right-click context menu Scan with Malwarebytes option in Explorer, or you can perform a Custom scan which is accessible via the Scan tab in Malwarebytes and select any of your drives or even just specific folders to be scanned if you wish.

The reason that the Threat scan only checks the inactive files on the main system drive is because that is how threats install themselves and it was designed to look for and remove actively installed threats.  If it were to scan all drives/files by default the scan would take a very long time.  In fact, most AV/AM products have such a scan.  Microsoft Security Essentials and Windows Defender do not scan any other drives by default in their quick scans either, neither do most other AVs for the same reason, though just like Malwarebytes, they offer the option to scan those other drives manually if you wish.

Nevertheless when I scanned my data drive MB came up with 18 threats. 

3 GeneralMalware/Suspicious, 2 Trojan Agents, 13 PUPs

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Yeah, the scan log shows only files detected, 0 processes or memory modules meaning every one of those objects is dormant/inactive.  It shows the directory as though it were for an active Windows installation, is that a slaved drive from another system or are you just installing your programs there/moved your user profile and downloads folders there?

The reason I ask is because if you actually redirected them to that drive in your currently loaded OS then they should have been scanned as Malwarebytes will follow the same system variables that Windows uses, at least as far as I know it does (otherwise it wouldn't work properly for scanning other users' profiles as well as OS installations when the current/active OS is installed on a drive other than C:, which is possible in older operating systems like XP).

Link to post
Share on other sites
seasquared

seasquared

Posted
Posted

I don't remember, everything as its been a while but I added an SSD as the C drive and it has the system and programs on it but all my files photos and downloads go to my I drive. I believe I originally replaced my original drive with the larger drive, which is now my Data Drive. This system is Win 7 and older, I certainly could clean up a lot of remnants from the data drive but why take the time?

I also have a Win 10 laptop that I added a second SSD to with the same architecture;windows and programs on the C drive, files ,photos, etc , on the second drive.

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)
4 hours ago, seasquared said:

I believe I originally replaced my original drive with the larger drive, which is now my Data Drive.

That explains it.  Those detections are from the previous Windows installation from when that drive was the main drive with the OS and programs on it which also explains why the items found were under Program Files etc. on that drive (directories that would normally be on your C:\ drive).  Since they are from a previous Windows installation, not the current one, none of those items are actually active which also explains why no processes were detected in memory and no registry entries/keys were detected either (settings for those detections and loading points that would normally be used to allow them to run at startup when you boot your system).

So basically, because they are from the old Windows installation and not the current one, they're completely harmless.  With that said, it's always a good idea to scan any drive with files on it when you first attach it to your system just to make sure it's clean.  You can do this by right-clicking on the drive and selecting Scan with Malwarebytes, and of course if you'd have had Malwarebytes scan the your system back when that data drive was the primary/OS drive, it would have most likely detected those items even with just the default Threat scan.

Also, FYI, the default scan for Microsoft Security Essentials is the Quick scan which also would not have scanned those locations on your data drive and wouldn't have detected them unless they were active in memory or you'd have scanned that drive specifically or performed a Full scan or Custom scan:

mse.png.1da49429d3dab629011b7d770ba4b09b.png

As I said, most AV/AM products work this way because the Developers figure that users would prefer their scans to be as fast as possible as long as they detect/remove anything that is an imminent/active threat, plus of course they expect that as long as you have your protection active that even if you were to access a file located on a secondary drive and try to run it, their real-time protection would detect it, block it from running and remove it so that you'd still be protected from it even though the drive had never been scanned.

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.