Reset of "Scan detections" needed

[NoelC]

I have used the free MalwareBytes version going back many years just for scanning files on disk.  A while back, around the time of the release of version 3, I tested the full protection suite and found it intrusive, performance-wise.  It's okay, all I need is a scanner I can run occasionally.

It has never found a legitimate infection and I'm proud of it.  I have enough security layers around my LAN and systems that nothing bad ever even gets even close.

A long time ago I pushed my "Scan detections" counter up by testing with EICAR files, put in place just to make sure the MalwareBytes scanner is actually working.  I also recall, going WAY back, having found a false positive in an eMail archive file from a backup from another system.  But in no case did I get any actual infection. 

Yet my "Scan detections" counter persistently shows 5.

I just extensively searched all the .xml files I found in my "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs" folder on my main workstation - going back to October 2015 and version 2.2.0.1024 - and I couldn't find evidence of a single detection.

Where is this counter value stored?  Is it accumulated on an online server across all the systems on which I have run the software?

I found a locked thread here speculating that the reason we have been provided with no control to clear that count is that Malwarebytes would like to continually remind users of just how valuable their software is by pointing out how well we've been protected by it.  In my case, repeatedly being reminded of those tests and false positives, and being frustrated at not having a way to clear that indication is having quite the opposite effect!

I want that counter to read 0, because I want it to mean the number of actual infections that have been detected.  I want any change from 0 be because of a legitimate detection.

-Noel

 

 

[Porthos]

9 minutes ago, NoelC said:

I want that counter to read 0

Currently, the only way to do that is a clean install using the MB Clean tool.

Tool can be found at https://downloads.malwarebytes.com/file/mb_clean

1. After downloading the tool run the tool.

2. The tool will automatically clean up the older possibly damaged installation and will ask you for a restart.

3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product .

4. Click on "Yes" to reinstall MB 3.×.

5. Now you will have the latest product installed. If it does not offer the new install after the reboot you can download and install from here. 

https://downloads.malwarebytes.org/file/mb3

[NoelC]

Thanks.  I'll consider doing that next maintenance cycle.

-Noel

[kimiraikkonen]

On 11/20/2017 at 8:31 PM, Porthos said:

Currently, the only way to do that is a clean install using the MB Clean tool.

Tool can be found at https://downloads.malwarebytes.com/file/mb_clean

1. After downloading the tool run the tool.

2. The tool will automatically clean up the older possibly damaged installation and will ask you for a restart.

3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product .

4. Click on "Yes" to reinstall MB 3.×.

5. Now you will have the latest product installed. If it does not offer the new install after the reboot you can download and install from here. 

https://downloads.malwarebytes.org/file/mb3

Hi @Porthos

I wonder the same answer with Malwarebytes 3.3.1 as "scan detections" counter is incremented continuously whenever the "same" file being detected as malware or PUP again and again on each scan despite it's false positive.

Can't we just modify a kind of registry value or file content to make it appear ZERO withouth MB Clean tool and uninstallation?

Thanks a lot.

[exile360]

I found a way that works, but be aware that it resets some other items also, including the number of scans, resetting it to 0 so you'll need to run a scan to get rid of the exclamation on the MB3 tray icon since it will think you've never run a scan, and it will also recreate the default scheduled scan in the Scan Scheduler tab and will reset any modified scan options to their default values (such as disabling rootkit scanning under Settings>Protection).  I tried editing the relevant files, setting the detections to 0 (originally it was 5, which was the number Malwarebytes showed in the Dashboard for scan detections), however all it ended up doing was replacing the entire file with the default/unaltered copy that it keeps as a backup in case the config file gets corrupted (it likely stores the file hashes somewhere to validate whether they've been manipulated or not to prevent tampering and just falls back to the defaults if there is a mismatch).  I then tested the same procedure by simply deleting the files then launching Malwarebytes and the result was exactly the same as when I modified the values so you might as well delete them as it's quicker and simpler and accomplishes the same results.

To do this, you must first exit Malwarebytes then navigate to C:\ProgramData\Malwarebytes\MBAMService\config and delete the following files:

ScanConfig.json
ScanConfig.json.bak
TelemCtrlConfig.json
TelemCtrlConfig.json.bak

You'll need to get through a UAC prompt to do this as the ProgramData folder is protected via admin permissions (I recommend not modifying the default permissions for that folder as it may adversely affect Malwarebytes and other programs on your system that store their data there and would also render your system that much less secure against attack).  Once that's done, launch Malwarebytes again and go ahead and run a scan and edit your scan schedule and scan options as you see fit as you normally would on a fresh install.

[Porthos]

52 minutes ago, exile360 said:

To do this, you must first exit Malwarebytes then navigate to C:\ProgramData\Malwarebytes\MBAMService\config and delete the following files:

ScanConfig.json
ScanConfig.json.bak
TelemCtrlConfig.json
TelemCtrlConfig.json.bak

Sam, I just experimented with this. It still leaves one thing behind that I think people want to clear as well.

 

[exile360]

Nobody asked about that in this thread as both users referenced the free version/scan detections so I didn't try resetting the real-time detections counter.  I'm sure that can be accomplished in a similar manner, they just have to locate the appropriate config file.  That said, since resetting that one would be very likely to reset a lot of other settings in Malwarebytes, at that point a user might find it just as inconvenient as performing a clean install as there are a lot more settings tied to protection than there are to scans and there are a lot of different protection components, and it's likely that each of them has their own numbers stored in their own config files and it's possible that all of them would need to be deleted to reset the counter to 0.

[exile360]

By the way, I just found another issue.  If the user has any exclusions, they might not be honored by the scanner after resetting those files.  I just experienced that myself so I'm going to wipe and restore my exclusions just to be safe.

Honestly, all this hacking is probably more trouble than it's worth.  A clean install may not be an ideal solution, but the alternative would be ending up with a potentially borked install of Malwarebytes.

[exile360]

OK, I was able to fix my exclusion by selecting it from the list, clicking the Edit button then clicking Ok.  Just to be safe, I went ahead and did the same for all the other exclusions in my list that way it's forced to re-read/confirm all of them.

[Porthos]

17 minutes ago, exile360 said:

Honestly, all this hacking is probably more trouble than it's worth.  A clean install may not be an ideal solution, but the alternative would be ending up with a potentially borked install of Malwarebytes.

 

I Completly agree.  I personally do not care about those counters. Just wanted to "see" what happens since many were complaining since the beginning and you were offering a workaround to avoid a clean install. Personally, a clean install is really easy with the support tool.

22 minutes ago, exile360 said:

users referenced the free version/scan detections

But since the trial is forced on install (another complained about issue) Some of the free users might have that other counter as well with detections and might want to delete those as well.

Just my .02 on the issue.

Edited February 25, 2019 by Porthos