Jump to content

BUGS - Full Scan Column Resize Crashes, Forced C: Drive Scanning & More


Recommended Posts

Greetings,

I've found some more creepy crawlies! Happy bug fixing :)

Please note I am running Windows Vista Business SP2. I haven't had the chance to test on other versions of Windows.

Full Scan Column Resize Bugginess

I've found the full scan drive selection window to be highly prone to crashes and errors if the user resizes the columns.

The first example causes MBAM to crash:

To replicate, select 'full scan' and click 'scan'. Within the drive selection box, drag both resize handles for the two columns to the far left. Result: MBAM crashes. I have repeated these steps over and over, and each time MBAM crashes.

Here is a short screencast if my explanation isn't clear enough: http://www.youtube.com/watch?v=VlMTycYLEww

The second example I haven't been able to replicate - maybe it was a one off. Even so, it was caused by extreme column resizing (that's the best way I can put it!).

I did however, manage to take some screen shots:

mbamcrash2.th.jpg

Then,

mbamcrash3.th.jpg

MBAM Scans C: Drive even if it is not selected in a full scan

As the title suggests, even if the user doesn't select his/her's C: drive, MBAM still scans it (as shown by the 'Currently Scanning' field saying 'C:/Windows' ect).

However, in the log file, MBAM only shows the drive(s) that the user selected to be scanned, not the C: drive.

Not sure if this could be of use but, I would like to point out that, I do not have any other proper hard drives installed (other can C: of course). All other 'drives' that show up in Windows Explorer are either from my multicard reader or a CD.

Redundant UI

Here is the full scan drive selection window:

windowp.jpg

Don't you think that the horizontal scrollbar is unnecessary? Just a thought :lol:

All done (for now!),

Regards,

honda :)

Link to post
Share on other sites

Hello Honda12 :lol: .

I'm not one of the developers or employees of Malwarebytes', but I'm pretty sure I can answer at least one of the issues you raised:

As the title suggests, even if the user doesn't select his/her's C: drive, MBAM still scans it (as shown by the 'Currently Scanning' field saying 'C:/Windows' ect).
MBAM does this regardless because of its standard scan routine and heuristics which is based on finding active infections on a system where they are known to reside, which includes the registry, memory and certain locations such as C:\Windows. The only way I could see not to scan those locations would be to use the right-click "Scan with Malwarebytes'" context menu entry and right click your other drives one at a time or left click each once while holding the Ctrl key on your keyboard and then right clicking one of the selected drives and using the MBAM context menu scan.
Link to post
Share on other sites

Hi exile,

Thank-you for you explanation, but if I am not mistaken your post only reinforces the problem with mbam's full scan. So what you are saying is, the user chooses to scan, lets say drive X: only, mbam then scans drive X:, and then also scans common malware hideouts in the C: drive as an added bonus? The user however, only wanted to scan drive X:. Surely, if the user wanted to scan common malware hideouts, he/she would just perform a quick scan. This "added bonus", although seemingly useful, was not chosen by the user to initiate and therefore is slightly misleading. MBAM already has two well defined scanning options. IMO I don't think adding some features from one scan to another is such a good idea (unless I'm being really dumb and missing something here :lol:)

Of course, seeing that this function is already baked into mbam, I imagine it could be difficult to change functionality. So instead I'd much prefer the devs to concentrate on more important things than my trivial finding.

Sorry if my posts seem "angry" in anyway - I'm sure not, I just want to make an already great program even better :)

honda (Alex)

Link to post
Share on other sites

"I'm being really dumb and missing something here :lol:"

Thank goodness for self-stupidity disclaimers.

Took a peek in the options menu, problem solved! Note to self: Don't go and write late-night bug posts!

Ok ok, so one "bug" down - two to go :)

Link to post
Share on other sites

Hello honda12

What MBAM version are your running, the present version w/updates is:

Malwarebytes' Anti-Malware 1.40

Database version: 2682

Windows 6.1.7100

Reason for such a question is the full scan image.

Greetings,

Here is the full scan drive selection window:

windowp.jpg

Don't you think that the horizontal scrollbar is unnecessary? Just a thought :lol:

All done (for now!),

Regards,

honda :)

I run W7RCx64, WXPsp3.Vistasp2 (x32) and I dont have that horizontal scrollbar showing in the full scan option.

Link to post
Share on other sites

Hi sho-dan,

Running MBAM 1.40 with latest def updates. It seems that extra horizontal scrollbar is only on the machine where I found the other resize crash bug and the runtime error. I managed to have access to a win vista 32bit laptop (with mbam latest) and like magic, no horizontal scrollbar.

The only possible explanation that I can think of is that, maybe the runtime error I experienced changed the default column size to a too big a value causing the horizontal scrollbar to appear. I shall reinstall to see if this is the case.

Link to post
Share on other sites

Hi exile,

Thank-you for you explanation, but if I am not mistaken your post only reinforces the problem with mbam's full scan. So what you are saying is, the user chooses to scan, lets say drive X: only, mbam then scans drive X:, and then also scans common malware hideouts in the C: drive as an added bonus? The user however, only wanted to scan drive X:. Surely, if the user wanted to scan common malware hideouts, he/she would just perform a quick scan. This "added bonus", although seemingly useful, was not chosen by the user to initiate and therefore is slightly misleading. MBAM already has two well defined scanning options. IMO I don't think adding some features from one scan to another is such a good idea (unless I'm being really dumb and missing something here :lol:)

Of course, seeing that this function is already baked into mbam, I imagine it could be difficult to change functionality. So instead I'd much prefer the devs to concentrate on more important things than my trivial finding.

Sorry if my posts seem "angry" in anyway - I'm sure not, I just want to make an already great program even better :)

honda (Alex)

You didn't seem angry in any way :) . While I certainly understand your points, I'll try to explain further the reason MBAM works the way it does. It's not your typical file scanner like most AV, AM, AS tools, it detects the majority of what it does based on heuristics, not a hash check of a file itself so in many cases (note: there are exceptions here) if you check a random drive or directory that you know does contain infected files, MBAM won't detect them because they aren't active. In fact, I've seen the developers themselves mention the fact that the Full Scan option is only there because they knew some people would want it, even thought the Quick Scan will detect everything the Full Scan will in the majority of cases, in particular, cases where an infection is actually active. If you check around the web at some of the so called detection tests that have been done in the past with MBAM vs other softwares where they used a random folder they created containing files that were dormant components of infections, even components of infections that MBAM would normally detect were the infection active, MBAM doesn't detect them. Again, this has to do with the inner workings of MBAM itself and its scanning engine. Both the Quick and Full scans include MBAM's heuristics, a massive part of which is checking for active malware locations on a system so telling the user they're getting a "Full Scan" from MBAM without it checking those particular locations on the active system partition would actually be a lie. Like I said, the only way around this would be the right-click scan, which uses no heuristics and thus won't check those default locations for infection.

edit: you can also read this thread for a good example of what I'm talking about :) .

Link to post
Share on other sites

  • 5 weeks later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.