Jump to content

How to scan an networkdrive or NAS

miel
 Share

Recommended Posts

exile360

exile360

Posted
Posted

You're welcome.  I'm sorry that I couldn't provide a better solution, however you might be able to scan the drives with one of the many free AV scan tools that are available.  Here is a short list of a few; I haven't verified which ones are or are not capable of scanning network attached storage but I am sure that at least some of them will be able to, you will just need to select your network drive(s) for scanning in the settings:

https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool
https://www.eset.com/us/home/online-scanner/
https://free.drweb.com/download+cureit+free/?lng=en

Additionally I believe you can scan the drive using the built in Windows Defender application that ships with Windows.

I hope this helps, and if there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites
  • 4 months later...
robains

robains

Posted
Posted

It's unfortunate that MalwareBytes aren't adjusting their design to scan Network drives ... I understand the issue (not really a technical one), if you allowed such activity then users would be able to circumvent licensing by buying just one license and mapping/sharing all the other PCs they may have on their LAN.

Anyway here is a link to how you enable Windows 10 to scan network/mapped drives: https://www.tenforums.com/tutorials/70530-enable-windows-defender-scan-mapped-network-drives-windows-10-a.html

Be aware that you must first exit/disable MalwareBytes, once you do that, then Windows 10 Defender will be available when you right click on a mapped network drive, however, the group policy change is aimed at using the "Full Scan" option and ONLY the "Full Scan" option ... don't do custom or quick scans as they will not work for network drives.

It would be nice if MalwareBytes looked at one's purchased license and then "registered" computers based on their drive mapping by user request ... so in my case I have MalwareBytes Premium with 3 licenses (running on 3 PCs) ... perhaps provide an option to buy a single network device license (i.e. a NAS) which could be assigned/registered to my NAS device.  So if I tried to map other PC's drives they wouldn't work because MalwareBytes has already registered a mapped/network device ... something along those lines.  I'm pretty sure every shared/mapped drive has a GUID associated with it at the time of creation which can be used to establish a unique link/license.

Add that as my feature request please :)

Cheers, Rob.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

FYI, the reason that Malwarebytes does not scan network drives has nothing to do with licensing and everything to do with Windows permissions and the peculiarities involved with network attached storage devices/network mapped devices and which users/accounts have access and which ones do not (for example, by default the built in SYSTEM account; the account of absolute highest privilege for the entire system, has no write access to network attached storage devices, only the local user does).  This means that for Malwarebytes to have the access necessary to actually scan and remove threats from network drives it would have to do something shady like spoofing the local user's credentials (and this assumes that the current user has full write access to the network storage device which may not always be the case) and that is bad behavior for legitimate Windows applications (it's bad form to spoof any sort of data/access/credentials generally speaking and isn't necessarily overtly malicious, it is definitely on the grey side of things).

I know all of this because I used to be the Product Manager for Malwarebytes and I spoke at length on this very subject with our lead Developer and he explained it to me in great detail and by the end the conclusion was that our choices were to either not scan the drives or to do something that typically would be considered a 'hack' and borderline malware behavior and we chose not to push into that territory.  I do not know how other applications handle accessing such devices, however based on the conversations we had it is my understanding that those are the only real options.

Link to post
Share on other sites
robains

robains

Posted
Posted

I've been a software engineer and project lead (over 34 years now) and have started my company recently.  I'll respectfully disagree with you.  As outlined in the article I linked above, it is possible with Windows Defender (simple group policy change or registry change) and other vendors are able to perform network scans (at a price and without hacks or security compromises).  Please don't take my comment as a negative, it was NOT intended as such ... being a software engineer I fully respect licensing models.

Windows Defender is not a speedy process, I'm going on 15 million files scanned and still over 8 hrs to go.

I think MalwareBytes is a great product and have been using it for years along with Windows Defenders.

Cheers, Rob.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
8 minutes ago, robains said:

Windows Defender is not a speedy process, I'm going on 15 million files scanned and still over 8 hrs to go.

Scanning those drives would be for the most part a waste of time/resources.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution only.


Also more to digest.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

If you need a flat file scanner to check archived data/drives, I would recommend using one of the many available free AV scanners such as Kaspersky's Virus Removal Tool, ESET's Free Virus Scan, or even the built in Windows Defender that ships with Windows 8/8.1 and Windows 10.  Links to the first two scanners I mentioned can be found below:

https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool
https://www.eset.com/us/home/online-scanner/

More info HERE https://forums.malwarebytes.com/topic/253972-malwarebytes-4-faqs/?do=findComment&comment=1346719

 

Link to post
Share on other sites
robains

robains

Posted
Posted
3 minutes ago, Porthos said:

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Yes I understand, that's why I'm using Windows 10 Defender per my reference above ... not really sure where you are going with this?  Perhaps you misunderstood my comment?

I have looked into and tested those you've listed, but Kaspersky seems to be more virus than anti-virus ... it was telling me to remove core Win10 components or reporting them as possible security threats when in fact they were part of Windows 10 Pro (like IIS).

Cheers, Rob.

Link to post
Share on other sites
  • 4 weeks later...
marcush70

marcush70

Posted
Posted

I must agree with robains:

Even if, and for the sake of this I DO, agree with Porthos assertions and reasoning behind not scanning network drives, I must say that for the price I have paid for multiples of licenses for Malware-bytes Premium not being able to use its inventory of known malicious files to scan a network attached drive is not a good thing.  Many articles these days are saying that Windows Defender has progressed to a point where M.B. is no longer an asset /  needed.  And in this case your telling me to use the competition.  So the logical step is before renewing my subscriptions this year is to review the products you are referring me to and find the better soloution.   I don't think you have thought your recommendations through from a business standpoint very well... IMHO  it would have been better to just say it was a licensing issue and we need to buy M.B. for the devices hosting the drives.  Never admit your product doesn't do something the next guys does because i can assure you those other products websites will set out to convince us we don't need you.  Just saying..

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
34 minutes ago, marcush70 said:

Many articles these days are saying that Windows Defender has progressed to a point where M.B. is no longer an asset /  needed. 

First I need to say I do not work for Malwarebytes. I am long time user and independent reseller.

Defender is has improved since it debut in Windows 8 and improved leaps and bounds since Win 10 was released.

I personally for myself and about 400 clients use both. They complement each other and give you a layered set of protections.

39 minutes ago, marcush70 said:

is to review the products you are referring me to and find the better soloution.

Those links I posted are stand alone scanners to use in extreme cases to do onetime cleanup in a triage situation they are not to protect your computer. By using Malwarebytes and Windows Defender together you should not have to clean up an infected PC unless the user does things that will usually get by any protection anyway.

43 minutes ago, marcush70 said:

not being able to use its inventory of known malicious files to scan a network attached drive is not a good thing.

Those "files" on other drives and network storage are dormant. If they were to be executed, Malwarebytes/Defender would stop them from running.

The 4 protection modules and the cloud component of Malwarebytes is strong enough to use alone on a PC. Defender is just a free layer of protection.

48 minutes ago, marcush70 said:

it would have been better to just say it was a licensing issue and we need to buy M.B. for the devices hosting the drives.

Depending on the device and OS of those devices a license might be possible to recommend. The consumer version that is referenced here is not supported on any server OS. Malwarebytes offers business solutions for that environment.

51 minutes ago, marcush70 said:

inventory of known malicious files

The "database" is not historical if a file is more than 3 months old it is not added to it in many cases.

The file types I referenced in my post are not in the scanning database. If they are malicious, the other 3 modules will kick in and stop the payload.

Windows Defender with the huge database and being an active on access scanner could stop/delete those just by opening a drive or the folder the file resides in.

Windows Defender by default does not anything about PUP's and as some call them PUA's. You have to manually use a registry entry to enable those detection's.

Bottom line is over the last 5 years None of my clients using Malwarebytes/Defender have been infected.

To enhance protection I also encourage my users to use a Firefox or a Chrome based browser with both the new Malwarebytes Browser Guard an Ublock Origin.

I have done my best to offer some thoughts on your post.

By the way...  :welcome:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.