Jump to content

Is Quick Scan really all you need?

nccomp
 Share

Recommended Posts

swagger

swagger

Posted
Posted

My limited knowledge says that 'quick scan' scans the known malware locations on your computer while 'full scan' scans your entire computer. Full scan also gives you the ability to scan more drives or only scan certain drives that are not necessarily your Windows (ex. C:) drive.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

The Malwerbytes' Quick Scan is designed to detect all active malware on a system that exists within its database. Whenever a particular location, be it in the registry or within a folder, is discovered by the Malwarebytes' researchers to contain something that they detect, if that registry key or folder/file location isn't already included in the Quick Scan, it gets added to it :D .

Now, all that being said, there's a reason for this, MBAM is not like your typical file scanner and doesn't detect malware the same way that most other tools do. As an example, if you were to take a bunch of files that are components of an infection and collect them in a folder on your desktop then scan the folder with Malwarebytes', it would likely miss detecting most of them because they aren't located where they would be if the infections were actually active on the system. This detection method has proven to be most effective (although most generic comparisons done against products that disregard file location and other attributes that are used by MBAM's heuristics may indicate otherwise ;) ). MBAM's primary detection method is actually based on heuristics believe it or not, and not positive identification of an individual file. This is what allows the Quick Scan to be so effective and also makes it so potent against new and unknown variants of existing threats, because MBAM sees them coming based on the patterns that the infections themselves use, whereas your typical antivirus or other tool would need to have positive identification of the individual file itself to detect it as malware.

Link to post
Share on other sites
whatmeworry?

whatmeworry?

Posted
Posted
As an example, if you were to take a bunch of files that are components of an infection and collect them in a folder on your desktop then scan the folder with Malwarebytes', it would likely miss detecting most of them because they aren't located where they would be if the infections were actually active on the system. This detection method has proven to be most effective (although most generic comparisons done against products that disregard file location and other attributes that are used by MBAM's heuristics may indicate otherwise :P ). MBAM's primary detection method is actually based on heuristics believe it or not, and not positive identification of an individual file.

Exile, thanks very much for this very useful explanation. I had figured that since MBAM is the best anti-malware program I know, I'd also use it for individual scans of files I download to a specific directory. I can now see that there's little point in my using MBAM in this way. Instead, I should depend on scanning with my AV, plus (if I'm uneasy) something like Spybot from the context menu. I hadn't realized this before.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Correct, although this does change a bit when you're dealing with installers and droppers. Those will usually be hit if they're stored somewhere such as your desktop. Of course, the best way which would also let you avoid having to scan the file would be to use MBAM in realtime. If you've downloaded something that's bad and tried to execute it, MBAM's protection module would block it immediately (provided it's covered by MBAM of course) and would let you quarantine it :P .

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted
Correct, although this does change a bit when you're dealing with installers and droppers. Those will usually be hit if they're stored somewhere such as your desktop. Of course, the best way which would also let you avoid having to scan the file would be to use MBAM in realtime. If you've downloaded something that's bad and tried to execute it, MBAM's protection module would block it immediately (provided it's covered by MBAM of course) and would let you quarantine it :) .

Is that the best reason to also run S A S along side MBAM - As it seems similar but it also picks up the "smaller" items that MBAM will not ?? - :)

eg. Advertising cookies and things like that ?? - :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.