Jump to content
slovokia

Very slow scans with newest Malwarebytes!

Recommended Posts

BTW procmon was not running during the last test and Panda was not installed.

Share this post


Link to post
Share on other sites

Im having the same issue so i tried googling and came across this thread. I've read it all so far but it same to have stopped march 21st and its now July 11? Was there a solution? It seems ever since I updated last week when it gave me the notification last week i can update malmare bytes scans  a lot slower.. idk what they did but they needed to undo it. And since i Dont have an SSD it takes me even longer.  Hint: it took me 13 hrs for a custom scan full with root kit/ etc and It never finished cuz i canceled it due to frustration.

Share this post


Link to post
Share on other sites

The problem still exists for me as well - the performance of Malwarebytes on my computer is the same as it was in March. So basically someone made changes to the product that significantly increased scanning times and no fixes have been made that significantly improve the performance since then.

For fast scans I'd suggest using the EMSI emergency kit scanner - their product scans ~47K files on my computer in less than 2 minutes.

Share this post


Link to post
Share on other sites
16 minutes ago, ALovelyAnxiety said:

what about full scans? ya i got a screen shot of a 33 hr scan.. its that bad how bad this program is now.

Full scans are generally not recommended. Threat scans will scan everywhere malware hides. Malwarebytes strengths are in the protection of the web blocker, Exploit protection more than a flat scan. 

Share this post


Link to post
Share on other sites
6 minutes ago, Porthos said:

Full scans are generally not recommended. Threat scans will scan everywhere malware hides. Malwarebytes strengths are in the protection of the web blocker, Exploit protection more than a flat scan. 

well im content with the threat scan time even if its 10 mins...

should i switch to the above? or stay with malware? and why arent full scans reccomended?

Share this post


Link to post
Share on other sites

The Threat scan is recommended because the Research team finds all the locations used by threats in the real world and this is what comprises the Threat scan.  It is also dynamic, so whenever a new location is used by malware the Research team can add that new location in a database update (in other words it doesn't require a new Malwarebytes build/version release to change the locations checked by the Threat scan) so it is very efficient.  One thing to also keep in mind is that the Threat scan checks all running processes, threads and modules in memory, so even if an active threat were using some new/previously unknown location (even a location on a drive other than C:\) Malwarebytes would still can/detect it because it checks the files for all running processes in memory.  Of course Malwarebytes also checks all the usual loading points found on disk and in the registry for startup items, so even if a threat is installed in an unusual location it should still get caught because there is no way off-disk for a piece of malware to load on boot/startup.

The only time I would suggest anything beyond the Threat scan would be for cases where you might store downloaded files from the web on another disk, in which case I'd suggest simply right-clicking on that location or the individual file and using the Scan with Malwarebytes option in Explorer to check those items to make sure they're not threats (though even this is optional as long as you've got Malwarebytes Premium as its real-time protection would detect/block/quarantine any such item from any location as soon as you tried to run it).

Share this post


Link to post
Share on other sites
3 hours ago, exile360 said:

The Threat scan is recommended because the Research team finds all the locations used by threats in the real world and this is what comprises the Threat scan.  It is also dynamic, so whenever a new location is used by malware the Research team can add that new location in a database update (in other words it doesn't require a new Malwarebytes build/version release to change the locations checked by the Threat scan) so it is very efficient.  One thing to also keep in mind is that the Threat scan checks all running processes, threads and modules in memory, so even if an active threat were using some new/previously unknown location (even a location on a drive other than C:\) Malwarebytes would still can/detect it because it checks the files for all running processes in memory.  Of course Malwarebytes also checks all the usual loading points found on disk and in the registry for startup items, so even if a threat is installed in an unusual location it should still get caught because there is no way off-disk for a piece of malware to load on boot/startup.

The only time I would suggest anything beyond the Threat scan would be for cases where you might store downloaded files from the web on another disk, in which case I'd suggest simply right-clicking on that location or the individual file and using the Scan with Malwarebytes option in Explorer to check those items to make sure they're not threats (though even this is optional as long as you've got Malwarebytes Premium as its real-time protection would detect/block/quarantine any such item from any location as soon as you tried to run it).

hmm i'd support this answer but there have been times when threat scan wouldnt find malware but when i clicked full scan it did. this was def updates before this current one.

so whats the point of hyper scan?

Share this post


Link to post
Share on other sites
1 hour ago, ALovelyAnxiety said:

hmm i'd support this answer but there have been times when threat scan wouldnt find malware but when i clicked full scan it did. this was def updates before this current one.

so whats the point of hyper scan?

The Hyper scan is to do a fast check of the currently running processes in memory as well as known loading points and the registry to quickly determine if the PC might be infected.  If the Hyper scan finds anything, it's a good idea to go ahead and perform a Threat scan.  Basically the Hyper scan is useful for a really quick check to see if there might be any active infections on the system.

Share this post


Link to post
Share on other sites
5 minutes ago, exile360 said:

What other question; I only saw the one?

when i would use threat scan at times  i wouldnt detect malware but when i did a full scan i did. many  many updates ago.

Share this post


Link to post
Share on other sites

Was it an active threat or just a dormant file (like an installer containing a bundled PUP or something similar)?  The reason I ask is because any active threat should be detected by the Threat scan, and any dormant threat on any secondary drive or in any location that the Threat scan doesn't check would first have to be executed to present a threat to the system (which is why I suggested using the context menu scan function if you have a tendency to save files from the web on secondary drives etc.).  There is also the possibility that it was a false positive, but the only way to know that would be to check the file on VT and/or maybe submit the file to the Research team in the FP area to have them take a look.

Share this post


Link to post
Share on other sites
1 hour ago, exile360 said:

Was it an active threat or just a dormant file (like an installer containing a bundled PUP or something similar)?  The reason I ask is because any active threat should be detected by the Threat scan, and any dormant threat on any secondary drive or in any location that the Threat scan doesn't check would first have to be executed to present a threat to the system (which is why I suggested using the context menu scan function if you have a tendency to save files from the web on secondary drives etc.).  There is also the possibility that it was a false positive, but the only way to know that would be to check the file on VT and/or maybe submit the file to the Research team in the FP area to have them take a look.

it was a PUP

Share this post


Link to post
Share on other sites

That makes sense.  I'm guessing it was some installer from the web that had some bundled PUP with it; technically harmless, and of course it would have been detected by real-time protection had you tried to execute the file which would have prevented the PUP from being installed in the first place.

Share this post


Link to post
Share on other sites
12 hours ago, exile360 said:

That makes sense.  I'm guessing it was some installer from the web that had some bundled PUP with it; technically harmless, and of course it would have been detected by real-time protection had you tried to execute the file which would have prevented the PUP from being installed in the first place.

 so with all this info i can gather i really never need to full scan and can stick to threat scans.  it just sucks i can never full scan again. it used to be like 6 hrs now its 33 hrs.

Share this post


Link to post
Share on other sites

Yes, you can stick with the Threat scan, and if you save stuff in odd locations like on a secondary drive or separate partition you can scan those locations using the right-click Scan with Malwarebytes option to check them.  It is strange that the scans are taking so long, but it could just come down to changes in the scan engine or driver resulting in longer scan times on some devices.

Share this post


Link to post
Share on other sites
3 minutes ago, exile360 said:

Yes, you can stick with the Threat scan, and if you save stuff in odd locations like on a secondary drive or separate partition you can scan those locations using the right-click Scan with Malwarebytes option to check them.  It is strange that the scans are taking so long, but it could just come down to changes in the scan engine or driver resulting in longer scan times on some devices.

ty for your time :D

Share this post


Link to post
Share on other sites

You're welcome, I'm glad I could help clarify things.  Malwarebytes works very differently from a traditional antivirus scanner and I have a lot of working knowledge about it having been an employee for a long time who had the privilege of working directly with the Developers and Researchers to help design and implement it, and having used and tested tons of third party AV/AM solutions/scanners over the years, both in my work as well as part of my hobby in cybersecurity, I can speak from first hand knowledge that the detection engine in Malwarebytes works very differently from most of the products out there, and while it may share some of the more traditional techniques that they use to analyze objects to determine whether they are malicious or not, the vast majority of what Malwarebytes does to check for threats is quite unique which is also one of the key reasons it pretty much always has been and remains to this day one of the most effective solutions out there with an excellent scan/remediation engine (not to mention all the additional layers/components included in the Premium version that go way beyond normal threat detection/prevention methodologies in use by most of the big AV vendors out there today).

Anyway, if you have any more questions please don't hesitate to let us know, we're always glad to help out when we can.

Share this post


Link to post
Share on other sites
24 minutes ago, exile360 said:

You're welcome, I'm glad I could help clarify things.  Malwarebytes works very differently from a traditional antivirus scanner and I have a lot of working knowledge about it having been an employee for a long time who had the privilege of working directly with the Developers and Researchers to help design and implement it, and having used and tested tons of third party AV/AM solutions/scanners over the years, both in my work as well as part of my hobby in cybersecurity, I can speak from first hand knowledge that the detection engine in Malwarebytes works very differently from most of the products out there, and while it may share some of the more traditional techniques that they use to analyze objects to determine whether they are malicious or not, the vast majority of what Malwarebytes does to check for threats is quite unique which is also one of the key reasons it pretty much always has been and remains to this day one of the most effective solutions out there with an excellent scan/remediation engine (not to mention all the additional layers/components included in the Premium version that go way beyond normal threat detection/prevention methodologies in use by most of the big AV vendors out there today).

Anyway, if you have any more questions please don't hesitate to let us know, we're always glad to help out when we can.

will do

Share this post


Link to post
Share on other sites

I found this article, specifically because we are finding that the scanning on MBam, using a custom scan of everything, is taking about twice the time it used to do prior to sometime earlier this year.
This is a subjective measurement because its across lots of our clients PC's, if we have a client where we suspect malware we have traditionally installed a MBam trial and doe a scan. As a rule of thumb it took two to three hours, sometimes four dependent upon disk usage and capacity .

I have in front of me a clients laptop that is up to 269,000 file and has been going for 6hrs 39mins
OK its a slow laptop - one reason there might be bugs (nothing so far), but it's the hugely different time scale we are finding, to that which we have previously experienced over years of use.

Initially you think is it me, is it just this machine but over the months you realise its MBam, which has for some reason become massively slower.

Its a shame at a time where Malwarebytes are developing "marketable" security products that their traditional "techies" are beginning to look to competitors..

Share this post


Link to post
Share on other sites
31 minutes ago, CBits said:

if we have a client where we suspect malware we have traditionally installed a MBam trial and doe a scan. As a rule of thumb it took two to three hours, sometimes four dependent upon disk usage and capacity .

I have in front of me a clients laptop that is up to 269,000 file and has been going for 6hrs 39mins

Because of the time taken so far, I assume you are doing a full custom scan. It is not needed. Threat scan is the recommended scan. Also the first scan will be longer due to file caching. future scans will be quicker. 

Also a manual scan is designed by default to use max CPU and in doing so you can not do anything else during the scan. Single single core and dual core systems with standard hard drives will also take more time.

I am offering this advice as I am also repair shop and have used Malwarebytes for the last 10 years. You might want to add ADWcleaner to your clean up routine and clear all temp files before you scan.

Share this post


Link to post
Share on other sites
On ‎7‎/‎15‎/‎2019 at 6:03 PM, ALovelyAnxiety said:

it just sucks i can never full scan again. it used to be like 6 hrs now its 33 hrs.

Do you have scanning Scan within archives enabled under Protection Settings? If you do that could be why its taking longer, as it would scan all supported archives that you have on your computer.

Share this post


Link to post
Share on other sites
3 hours ago, Firefox said:

Do you have scanning Scan within archives enabled under Protection Settings? If you do that could be why its taking longer, as it would scan all supported archives that you have on your computer.

even without clicked this new update weeks ago has made scans drastically longer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.