Jump to content
WZZZ

How to stop manual scan in progress

Recommended Posts

Just started running the 3.6.21. Cancel button doesn't appear to stop a manual scan in progress -- from the user guide, https://www.malwarebytes.com/pdf/guides/Malwarebytes-For-Mac-User-Guide.pdf?d=2019-01-03-14-09-16--0800 seems meant to stop further processing of threats found. I simply want to be able to stop a scan. How to do this?

Share this post


Link to post
Share on other sites

OK, seeing that it can be done from menubar icon. Non-urgent feature request:  a stop scan button located directly next to cancel, pause buttons. Cancel button might do with a tooltip or short note explaining its use.

Share this post


Link to post
Share on other sites
16 hours ago, WZZZ said:

OK, seeing that it can be done from menubar icon. Non-urgent feature request:  a stop scan button located directly next to cancel, pause buttons. Cancel button might do with a tooltip or short note explaining its use.

Actually, this feature request becomes a bit more important if one wants to hide the menubar icon. As far as I can see, without the icon no way then to stop a scan.

Share this post


Link to post
Share on other sites

Cancel should stop the scan, but not until after the engine has finished processing the particular rule that it's working on. That can take a few seconds for some rules, or even longer in some cases where the engine is having to scan a lot of files on a particular system for a specific rule.

Share this post


Link to post
Share on other sites

Thomas, a follow up question (sorry if this has been asked before): I have gone over to the free program. Basically interested in running the occasional manual scan, so no need for RTP. I'm noticing that on a restart, on opening Malwarebytes, and on accessing settings, the RTProtectionDaemon (quite early in the startup, PID 45/56), makes any number of outgoing connections). Are these connections from the RTP daemon necessary for running a manual scan in order to download the latest definitions? Can the RTP daemon be disabled without losing the ability to update the definitions? I have "automatically check for protection updates" unchecked.

Can you say just which connections or which part of the app need to stay enabled only to run updated manual scans?

Also seeing a connection to "telemetry"... something. As I have unchecked "usage and threat statistics," can you please say what the purpose is of this connection?

Thanks.

Share this post


Link to post
Share on other sites

Part of your question has been asked and answered before, here. I'll tell you what I can and let the staff give you a more specific information about the purpose of each connection.

The RTProtectionDaemon is rather poorly named in that it is responsible for the Protection Updates and much more. I suppose it would be possible to reverse engineer it in order to modify it for malicious purposes, so you may not get much in the way of technical information about it's use, but I think it's fair to understand what it's communication needs are. You can find very detailed information about what data is collected, stored and why in the company's privacy policy, but it does apply to all of their software, not just MBAM.

Share this post


Link to post
Share on other sites

RTProtectionDaemon really can't be disabled without affecting the core functionality of the software. As Al points out, the name is no longer accurate, as it does all scanning tasks, including manual scans, and also handles database updates, both manual and automatic. However, if you've got RTP turned off and don't have any scheduled scans active, that process shouldn't consume many resources at all.

As for network connections, it will make connections to several different Malwarebytes servers for 1) database and software updates, 2) licensing checks, and 3) telemetry.

Telemetry is used to get information about the client (app and OS version, license state) and what threats have been detected. The client info is sent in all cases, as there's literally nothing personally identifying and we need that info to properly support the software. The threat data, and other future possible telemetry, will not be sent in your case.

Note that none of this data is ever shared with anyone else.

Share this post


Link to post
Share on other sites

Thanks for the info Thomas. Further question, if I may. Seeing at https://support.malwarebytes.com/docs/DOC-1896

Quote

 

v1.3.1    

No longer supported or maintained

 

However, I'm seeing today that Update Rules from the Scanner dropdown in the 1.3.1 moves the Signatures Version from 336 to 337. Just intuitively, this would seem to mean that the 1.3.1 is still getting newer signatures, and might be just as effective for a manual scan. So can you perhaps explain just what "no longer supported or maintained" means real-world? To be honest, for my purposes -- for just the occasional manual scan -- I would prefer to keep using the 1.3.1, if it's currently just as effective as the v.3, at least until complete EOL.

Share this post


Link to post
Share on other sites

1.3.1 is technically no longer supported, but in reality we're still delivering database updates and will still answer questions about it. Older than 1.3.1, though, is really truly not supported, with no further database updates. (There was a bug in those older versions that caused them to choke on more recent databases.)

As of now, 1.3.1 and Malwarebytes for Mac 3.x detections should be equivalent. We're going to be adding some improvements soon, though, that will mean that 3.x will be capable of detecting or blocking things that 1.3.1 can't. The change will initially mostly affect real-time protection, which 1.3.1 doesn't have, but over time the capabilities are going to diverge further, as other new capabilities are added and newer rules are created.

Share this post


Link to post
Share on other sites

Thanks Thomas. Good to know. Not sure how I will know, but will try to keep an eye out for when the 1.3.1 is completely deprecated.

Share this post


Link to post
Share on other sites

Just keep an eye on the release history page here whenever there's a new 3.x release:

https://www.malwarebytes.com/support/releasehistory/

That'll let you know when there are engine improvements, which will mean that the detections are diverging.

I don't foresee a time in the near future when we'll stop delivering compatible rules to 1.3.1, as we can easily generate and deliver different databases for different versions of the software. It's just a matter of the older software starting to miss things that the newer software can detect.

Share this post


Link to post
Share on other sites

Thanks for the tip about looking at release history -- had thought about that already, but wasn't sure just what to look for there. But what specific kinds of "engine improvements" would mean that detections are diverging?

Also, sorry to keep you going on this, but find the following a bit confusing:

Quote

I don't foresee a time in the near future when we'll stop delivering compatible rules to 1.3.1, as we can easily generate and deliver different databases for different versions of the software. It's just a matter of the older software starting to miss things that the newer software can detect.

You mean that even if the definitions remain the same from one version to another, the older software, in this case the 1.3.1, will start falling behind and not be able to identify/catch/or quarantine certain items? I.e., it will have the appropriate definitions, but not necessarily know where to look for them?

Share this post


Link to post
Share on other sites

I meant that as we create rules designed for new engine capabilities, which will not be used in older versions of the software, the detection capabilities of the older software will fall behind the capabilities of the current software. Barring unforeseen issues, that will be starting with the Malwarebytes for Mac 3.7 release, which is coming soon.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.