"Scan with malwarebytes" greyed out over network folders

[jajus198]

Hello, 

 

I just updated my MalwareBytes to 3.5.1 and now the Scan with malwarebytes when I right click in Windows (10) explorer is now greyed out.

 

It was working perfectly before. How do I restore this function?

 

 

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
• Click the Gather Logs button
  
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
• Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     
  
  Click "Reveal Hidden Contents" below for details on how to attach a file:
  Spoiler

  To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

  

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[exile360]

Greetings and welcome,

Is the option only greyed out for your network drives or is it this way for all files and folders?  The reason I ask is because, to my knowledge, Malwarebytes isn't actually able to scan network drives and their contents (though its real-time protection components should be able to detect/stop any threat that executes from those locations as it functions differently if I recall correctly).

Please refer to the following threads and in particular the comments from members of the Malwarebytes staff for more info:

https://forums.malwarebytes.com/topic/220770-malwarebytes-free-not-scanning-files-on-mapped-drive/?do=findComment&comment=1214838
https://forums.malwarebytes.com/topic/225516-malwarebytes-does-not-scan-all-files-network-drive/?do=findComment&comment=1228143

If anyone from the staff knows better, then please correct me, however I don't believe Malwarebytes 3 can scan network drives due to the way permissions work for network shares which would explain why the option to scan is still present, but greyed out for these locations (likely something the Developers implemented to eliminate confusion since previously I believe it would let you scan those locations, but wouldn't actually check them with the scan; it would just go through the motions as though it were scanning but wouldn't be capable of actually checking the data stored there or detecting any threats within those locations).

[Firefox]

9 hours ago, exile360 said:

to my knowledge, Malwarebytes isn't actually able to scan network drives and their contents (though its real-time protection components should be able to detect/stop any threat that executes from those locations as it functions differently if I recall correctly).

I can confirm this, if you right click on a network drive/folder the Scan with Malwarebytes is greyed out, this is because Malwarebytes can not scan network drives (at least with the consumer version, not sure if the business version can do it).

[jajus198]

Thanks for replying. 

Yes only network folders are greyed out. I don't believe you are correct Malwarebytes is unable to scan network locations because I have been using this feature for YEARS. I have Premium and his problem only showed up when I upgraded to the lastest version last week.

 

 

Soemetbign else has been disabled in the software and I would like to know why. Scanning files on your network should be possible and always has been it is just disabled now. 

[exile360]

If you look back at older threads you'll find several on the subject from Malwarebytes 1.x to 2.x as well as older versions of 3.x explaining that it doesn't scan network drives due to permissions (it appears to scan, but doesn't actually check the files/folders there and if anything is there that it would normally detect, it doesn't detect it).

You can verify this if you wish with one of the older versions of Malwarebytes:

https://filehippo.com/download_malwarebytes_3/history/

Install one of the previous versions from the above link, then download a PUP installer such as this one then place it in one of your network shares and try scanning the share to see if it gets detected.  You can then place it in another location such as your desktop and scan it with Malwarebytes to verify that it is detected.

[jajus198]

Hmm.. I could swear it has caught detections over my network before.

 

So in this scenario how would I use malwarebytes? I download a file on another computer on my network, I would like to scan the files on my main computer before transferring them over the network. If I transfer the files first before scanning it could infect my main computer. What is your recommendation?

 

I will have to take you up on older MalwareBytes versions and do a network scan. I will report back here with my findings. 

 

edit - I just tried with Windows Defender and it is able to scan network folders

Edited June 12, 2018 by jajus198

[exile360]

The file I linked to isn't infectious, it's just a PUP (Potentially Unwanted Program) installer so you don't have to worry about any of your systems being compromised by it.  You just needed something that Malwarebytes would detect in a scan, and that PUP installer fits the bill.

[jajus198]

You mentioned something about permissions. Why is windows defender able to scan network locations but not malwarebytes?

[jajus198]

1 hour ago, Firefox said:

I can confirm this, if you right click on a network drive/folder the Scan with Malwarebytes is greyed out, this is because Malwarebytes can not scan network drives (at least with the consumer version, not sure if the business version can do it).

Is there a version that can do it?

[Firefox]

11 minutes ago, jajus198 said:

Why is windows defender able to scan network locations but not malwarebytes?

This is most likely because its an Antivirus program and has that capability, as Microsoft designed it that way.  Malwarebytes is an antimalware program (not a full AV) and scanning network locations is probably reserved for the business version.  This is true with other apps, network locations are considered usually to be in a business environment and companies design two versions (consumer and pro/business) to allow them to market to business at a higher cost in most cases. 

[exile360]

Actually, I think it's because Defender (and probably other AVs) are able to spoof user tokens.  The trouble with network shares is, by default at least, they don't actually include local admin access (much like trying to scan another user's documents from a different limited user account) so even the SYSTEM account lacks privileged access to network shares, and this is why Malwarebytes can't scan these locations, and even if it could, it wouldn't be able to remove what it finds there due to lacking write access.

[Firefox]

That is true to a point... however if I have a mapped drive and the mapped location has been configured with read/write access they I have access to do whatever I need on that network location.  This is different than browsing to a network location and not having access to it.

[dcollins]

3 minutes ago, Firefox said:

That is true to a point... however if I have a mapped drive and the mapped location has been configured with read/write access they I have access to do whatever I need on that network location.  This is different than browsing to a network location and not having access to it.

The problem here is that Malwarebytes doesn't scan as your user, it scans as the system account, which won't have that same network path mounted or have the credentials for it. As mentioned by Exile above, spoofing user tokens would be one way to do this, but Malwarebytes doesn't do that.

To answer the original question, Malwarebytes does not scan network drives. While earlier versions allows you to select the drives and click on scan, no threats would be found on those drives and no remediations would take place. To help reduce this confusion, we now disabled those drives from being selected. If you want to scan a file before copying it over your network, you can install Malwarebytes on the machine where the file actually resides. On top of that, simply copying a file over your network to your local machine isn't malicious, the file would need to be executed in some manner. Once the file is executed, then Malwarebytes would stop it.

[Firefox]

2 minutes ago, dcollins said:

The problem here is that Malwarebytes doesn't scan as your user, it scans as the system account, which won't have that same network path mounted or have the credentials for it.

Thanks for that added into and clarifying what is going on in the background on how the scan is being performed.

[exile360]

Yep, ever since 2.0 Malwarebytes has operated based on a service oriented architecture where it relies on a SYSTEM level service to perform all major operations, including not just the protection components and their drivers, but now also scanning as well (which in the 1.x days was an admin level user mode process executed by mbam.exe, but now is run through MBAMService.exe which itself is obviously a service).