Jump to content

Automatic quarantine of identified threats


Recommended Posts

  • Staff

Greetings,

For manually executed scans there is not, however for scheduled scans there is.  It can be found under the Advanced options in the create/edit scheduled scan interface as shown below:

quarantine.png.24a0f4410a44e2a6c56d04b0055129fc.png

The scheduler also gives you the option to have the program automatically restart the system to complete the threat removal process, however be warned that when configured this way, once the scheduled scan runs if it does detect any threats it will restart the system immediately without any warning or opportunity to stop it or delay it meaning any unsaved work will be lost, so I'd only recommend setting this option if configuring the scans to occur while the system will not be in use.

Link to post
Share on other sites

21 hours ago, marvnps said:

Is there a setting to automatically quarantine threats found by the scan process instead of having to manually Quarantine Selected items?

Although the setting is there and available as mentioned above by @exile360 I don't recommend that setting to my customers. One false positive that gets removed and you system may be down for awhile. Its happened in the past, and I rather be safe than sorry.

But that is totally up to you.

Link to post
Share on other sites

Most of the computers and customers I service maintain updated and clean computers.  They don't tend to install anything new, and since they use MB3 Premium most things get blocked before it makes it onto the computer in the first place, so the scans are almost always clean and don't detect anything.

On the occasion that once comes back with something detected, the user gets a notification that something was detected, and once that happens they either research it, come ask here on the forums, or simply call me and ask for advice.

Not saying it can happen, but there has been at least two times I can remember where Malwarebytes automatically quarantined some files that rendered the computers from booting into windows. I spend several weeks repairing those computers, so now we prefer to decide for ourselves what gets removed.  

Link to post
Share on other sites

23 hours ago, marvnps said:

I have Malwarebytes Premium.

Is there a setting to automatically quarantine threats found by the scan process instead of having to manually Quarantine Selected items?

Do not do this!  Please, please, please do not do this!  Some time ago an error in a MB data base update resulted in MB quarantining windows system files and literally turning PCs into doorstops.  Mine was one of them.  Were it not for my back-up software I would have been completely hosed.  Just investigate each item and decide for yourself whether or not to quarantine.

Link to post
Share on other sites

Thank you for your important warning.  I'll keep the settings so that I will manually delete the potential threat files. 

Now, how can I educate my self on the things to look for in the quarantined potential threat files so that i don't accidentally and manually delete files that have been identified by the scan?

Link to post
Share on other sites

One of the first places you should check to see if others have reported any detections is in the false positives section, where you can see what others are saying about the detected items.

Another thing to look for is the location of the files.  If they are under the Windows Folder, you have to be careful.

You can always come by here and post your detections and someone can assist you as well.

https://forums.malwarebytes.com/forum/122-false-positives/

Link to post
Share on other sites

  • Staff

Honestly, an issue like the one referenced where system files were quarantined and systems were rendered unbootable shouldn't happen again.  The company took a LOT of steps and put multiple safeguards in place to prevent anything like that from happening again, including augmenting their automated database testing to automatically flag any database that detects any core system files so that such databases never get released to the public.

Link to post
Share on other sites

15 hours ago, exile360 said:

shouldn't happen again.

Key word is Shouldn't... and kudos to Malwarebytes for putting all the safeguards in place.  I prefer to be on the safe side and decide for myself I something gets quarantined. This applies to windows files or any other program that may get detected.

Link to post
Share on other sites

  • Staff
3 hours ago, Firefox said:

Key word is Shouldn't... and kudos to Malwarebytes for putting all the safeguards in place.  I prefer to be on the safe side and decide for myself I something gets quarantined. This applies to windows files or any other program that may get detected.

I say 'shouldn't' but it's basically not possible at this point.  They put extensive safeguards in place to prevent anything like this from happening again including live test systems, automated testing and alerts that get sent to Research whenever there is an issue with a pre-release database.  No database gets released without passing all of their tests and checks.

Link to post
Share on other sites

  • Staff

Yes, I've left it at its defaults meaning real-time protection automatically quarantines any threats it detects.  That said, I don't actually use scheduled scanning as I perform manual scans periodically on my own and don't like resource intensive background tasks to execute while I'm using my system so I don't use the scheduler at all.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.