Jump to content

Malwarebytes skips heuristic analysis


Recommended Posts

Hello,

I use Malwarebytes 3 Premium Trial (8 days left). My main AV Program is ESET Internet Security. I disabled all real-time protection in MBAM 3, because I have ESET for that.

When I do a Threat Scan with MBAM 3, than after all scans are done, the heuristic analysis takes only one second, than pop-up the scan result of MBAM 3.

I made also a Custom Scan of C:\ after this scan, the heuristic analysis did take about 60 seconds, but the scanned files, did not grow alot during this heuristic analysis.

I already made a clean deinstall and new install with the new MBAM Support Tool: mb-support-1.1.2.471.exe

I also put the suggested MBAM excluded list to ESET.

Any ideas to solve this? Or is that a normal behaviour of MBAM 3?

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Staff

Greetings,

This is the expected behavior because the heuristics checks at the end perform additional analysis of the items already scanned to determine if they are malicious based on any detections found during the scan, including the Linking technology checks that look for connected loading points in the various startup locations to any malicious files and processes that were detected during the previous phases of the scan.  The fewer the number of items checked during the scan, the quicker those heuristics checks will be.  That's why it took longer when you scanned your entire C:\ drive.

Also, regarding the Premium features in the free trial; if you do not wish to use them then you may disable the trial by following the instructions in this support article.  This will revert Malwarebytes 3 to free mode.

If there is anything else we might assist you with please don't hesitate to let us know.

Thanks

Link to post
Share on other sites

9 hours ago, exile360 said:

Greetings,

This is the expected behavior because the heuristics checks at the end perform additional analysis of the items already scanned to determine if they are malicious based on any detections found during the scan, including the Linking technology checks that look for connected loading points in the various startup locations to any malicious files and processes that were detected during the previous phases of the scan.  The fewer the number of items checked during the scan, the quicker those heuristics checks will be.  That's why it took longer when you scanned your entire C:\ drive.

Also, regarding the Premium features in the free trial; if you do not wish to use them then you may disable the trial by following the instructions in this support article.  This will revert Malwarebytes 3 to free mode.

If there is anything else we might assist you with please don't hesitate to let us know.

Thanks

Thank you, for your answer. Only to be sure, the Threat Scan did take 13:29 minutes and 330,658 objects scanned. The heuristic analysis at the end did need only 4 to 5 seconds this time.

Is that not to quick? I remember in the past, this take longer. I have also a friend, when he run a Threat Scan, his heuristic analysis take at the end around 60 seconds, every time, with around 400,000 objects scanned.

We both use MBAM 3.5.1.2522 and I use Windows 10 Pro 1803 up to date.

Thank you for the hint about to disable the Premium Trial, this is very useful .

Thanks

Edited by Samar
Link to post
Share on other sites

  • Staff

My Threat scan only takes just over 2 minutes and scans 232,631 objects.  The heuristics portion at the end only takes about 1 second or less.

The amount of time it takes varies depending on your system, the number of files, the number of registry startup entries present and your hardware (CPU, RAM, drive etc.) so yes, it can vary wildly between different systems.  The heuristics portion at the end is more of a CPU intensive operation than anything because it's primarily checking and comparing several items from earlier portions of the scan, and when no threats have been found once it gets to that point, there isn't much to check so it should be much faster than the earlier parts, especially when no threats have been detected up to that point.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.