Jump to content

Log files / Quarantine?

nukecad
 Share

Recommended Posts

nukecad

nukecad

Posted
Posted

Yesterday I suspected an infection on my Android phone. (Galaxy S3 mini, Android 4.1.2, not rooted).

I installed and ran Malwarebytes Mobile 3.0, and yes it found a critical issue.
I opened the notification and selected 'fix'. (While the scan was still running).
This seems to have removed the infection.

BUT

What was it?
Is there a log/report file? If so where?
Is there a quarantine folder? If so where?

Thanks for any help.

Link to post
Share on other sites
  • Staff
Vabadus

Vabadus

Posted
  • Staff
Posted

@nukecad @MAM When user opens the application we make a health check. there can be issues, and those issues are not necessarily mean "installed threats/malware".

For example,

If user never performed a full scan, we consider it critical issue, since there can be threats. And by default, application will start scanning after installation (and when it finishes it solves this issue).

If user ignored to delete a dangerous malware, we consider it critical issue, since that ignored malware can harm user's device or information.

If user has some security flaws in security audit, we consider it non-critical issue. This means user can ignore it but at least user will be informed about it.

And so on.

Other than protecting our users, we also do our best to inform our them so they can make an informed decisions.

Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted (edited)

Thanks for replying @Vabadus,

 

Yes it was the first time run after installation, and it was a critical issue that it found and removed.

Which is why I installed MB, I had suspected something was there that shouldn't be .

 

However my question was about the existence, or not, of a logfile so that I can see just what was found and removed.

If I knew what it was then I could possibly work out where it came from and so avoid visiting that webpage/site again.

 

As for non-critical issues MB flags a couple, but I would consider them either optional MB settings that I have chosen not to enable (eg. Device Administrator) or software that is there because I deliberately put it there. (eg. CCleaner is reported as a privacy/security risk. TBH I trust it as do many others).

This seems to be a new trend with security software MB, Windows Defender, and others all flag that you are 'unsafe' just because you don't want to turn on 'optional' features. (eg Defender flags that you are 'unsafe' if you turn off 'Automatic Sample Submission' so that it doesn't send info about your system to MS).

Edited by nukecad
Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted

Sorry, I don't have any screenshots and as I say I have uninstalled now.

If/when I reinstall in future to run a scan I will try and remember to take one, what exactly would you like a screenshot of?

 

The usage was noticable because I was having to charge twice a day with MB running, but only once every day or two days without it.

Link to post
Share on other sites
  • 4 months later...
nukecad

nukecad

Posted
  • Author
Posted
On 18/09/2017 at 8:36 AM, Vabadus said:

Thanks Nukecad.

A screenshot from battery usage would be really helpful to see how bad we are doing. We're already working on improvements however if we can get more tips, it'll help us to understand the nature of problem.

Hi again Vabadus,

I hadn't forgotten this, it's just been a while.
Here are some numbers for you to look at, hope they are of some use.

Yesterday evening I downloaded Mawarebytes from Google Play store.
Closed all running apps.
Started a scan.
It reported that the app had never been run and started scanning.
Battery was at 42% at scan start.
15 mins, 43 apps scanned, battery at 15%
30 mins, 85 apps scanned, battery at 10%
45 mins, 134 apps scanned, battery at 6%
51 mins reported 1 issue found, not malware I don't have encryption turned on. (battery at 4%)
60 mins, 174 apps scanned, battery at 2%
65 mins, 197 apps scanned, battery at 1%

So this initial scan had drained 42% of my battery, and hadn't completed.

Powered off phone and put on charge overnight.

This morning I unplugged the phone and powered up.
Task Manager showed no apps running.
(Phone started downloading updates to various apps).
Launched Malwarebytes which reported that scan was 100% complete, 1 issue found.
Is this telling me that Malwarebytes was still scanning overnight, even though I had powered off the phone?

10 minutes later Malwarebytes started a new scan by itself. (Presumably it had updated definitions and this was a Scan after Update?)
Battery was at 83% at scan start.
15 mins, 28 apps scanned, battery at 81%
30 mins, 88 apps scanned, battery at 79%
45 mins, 144 apps scanned, battery at 77%
59 mins, scan finished, 198 apps, 72 files, battery at 75%
No issues found.

So this second scan had used 8% of the battery for a complete scan.
I assume the difference between battery usage is due to the initial scan being more intensive than subsequent scans.
(Of course it could also be that the % remaining is not being reported the same at high and low battery levels).

8% of the battery still seems a lot for one scan.

Going to settings, the battery manager reports:
1h 38m 41s on Battery.
Screen 44%
Mawarebytes 44%
Android OS 3%
Google Play Store 3%
Media 2%
Google Play services 2%
Cell standby 2%
Device idle 2%

 

It's going to be harder to judge battery usage by the real time protection module, without a real time battery usage monitor that's always going to be more of a user perception.

Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted (edited)

Real time monitoring did not seem bad on battery usage.

It did noticably slow down the browser page loading though, and seems to have broken Ookla speedtest altogether. (although that may be Ookla itself?)

It seems that the scanning is the main culprit for battery drain, especially that inital full scan.

I've uninstalled it again, and will just reinstall and scan if I suspect something needs checking. (Knowing now that the scan will use around 50% of the battery for the initial scan).

Edited by nukecad
Link to post
Share on other sites
MAM

MAM

Posted
Posted

Hello, maybe you have too many App´s running on your Device?

Or, your battery is too old, who Yes, replace it with a new one.

It is a new version, of Malwarebytes for mobile available, visit the google store, and make an update. Maybe it helps you.

I am using here by my self in Germany also the same device as you, a Samsung Galaxy S3 mini AndroidOs 4.2.2 (GT-I8200N) version in white.

I'm always on the battery if I'm running too many apps ...

MAM

Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted

You are missing the point MAM, this is all about the battery usage of Malwarebytes during a scan and/or during realtime protection.

It is nothing to do with any other apps that may be running. (None are - if you read my testing resuts above, especially the battery manager figures, you would see that).

My battery life itself is fine.

And if you had read that post you would see that this testing was done with a download of the latest version from the app store.

 

PS. the ookla problem seems to be ookla itself (possibly a conflict with the ISP server).

Link to post
Share on other sites
  • 4 weeks later...
nukecad

nukecad

Posted
  • Author
Posted

Just to note:

I'm currently running in real time only with all automatic scanning disabled, battery usage is negligable/unnoticable.

So it's definitely the scanning that is the power hungry component.

If RTP is running then is there really any need for scheduled scans, scan-after-reeboot, or scan-after-database-update?

Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted (edited)

I've just rebooted my phone and MB is running a scan.

I have 'scan after reboot' not selected.

Any comment on why it has ignored my preference?

Edited by nukecad
Link to post
Share on other sites
  • Staff
Vabadus

Vabadus

Posted
  • Staff
Posted

@nukecad

I can recommend you to turn on "Power saving scans" or "Perform scans during charge only" in order to minimize battery consumption. Especially the second one is really handy.

I personally use this option with RTP and Scan After Update configurations. Scan after update is kind of important one since new protection definitions arrive. So when I plugged my phone to power it starts scanning with the latest definitions. And since nowadays, I had to charge my phone everyday, it is actually daily full scan. And RTP is on, so for any downloads, installs, updates are scanning immediately.

Link to post
Share on other sites
nukecad

nukecad

Posted
  • Author
Posted

Thanks for the suggestion Vadabus,

However it still doesn't answer why scans are being performed automatically when I have all the options for auto-scanning deselected.

(It does say currently that I have some apps that haven't been scanned, presumably updates since it scanned yesterday. I'll try to keep an eye on what it's doing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept