Jump to content

Question about a setting

Recommended Posts

MWB Premium - under Security settings, what is the effect of:
"Use expert system algorithms to identify malicious files." ?

Does the product have these algorithms in-built, or does it have to go online to an external server to check suspicious items?

I see it is set off as default, but what percentage (on average) does it add to the system scan time?

I have not yet tried it, but I would hope that the "normal" scan algorithgm would pick up most malicious files?

I would be grateful for any information or experience users have had, using this setting, and any effects on system running, CPU % etc, or hangs, BSOD etc.

Link to post
Share on other sites

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.













If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key



Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites


It is a new feature based on Artificial Intelligence algorithms, however it is still somewhat experimental so it may be prone to a high number of false positives while it is still being tested, tweaked and tuned by Malwarebytes' Research and Development teams.  That said, it is yet another powerful feature designed to detect new and otherwise unknown and undetected threats which existing signatures and engine components might miss (the same reason there are numerous protection modules included in the Premium version as documented on this page).  If you choose to enable the feature, you will be better protected, however it comes with the risk that it also might detect something legitimate as a threat, which is why it remains disabled by default for now.  You are of course free to enable it, and if you have any question about a detection you may post about it by following the instructions in this topic and posting in the file detections false positives area or by clicking here.

No one solution is 100% effective against all threats in the wild, otherwise everyone would be buying just that one product to protect their devices and all of the other antivirus/anti-malware companies would go out of business, however Malwarebytes has an excellent track record for being very agile in adapting to the latest threats, scams and attack methods used by the bad guys to try and infect their victims, and this new algorithm technology is yet another example of that ability and philosophy.  On top of that, it is also important that the user practice safe browsing habits and uses caution online and with unknown sites, files and email attachments.

I also recommend reading through the information in this topic for further tips which will help you to secure your device, its data and your privacy online.

I hope that helps to clarify things and if there is anything else we might help with, please let us know.


Link to post
Share on other sites

Hello @exile360 thanks for the quick reply, and for taking the time to put in all that very useful feedback and resource links. I will certainly look at the resource links when time permits, and might have a "test run" with it set on to see what it does, and if it detects any (possibly) false positives.

Link to post
Share on other sites

By the way, I apologize I didn't address the other aspects of your question, however while I do not believe the new feature extends the amount of time required for a scan to complete, it is possible that it does so I'd have to let the results speak for themselves if and when you run a scan with the new feature enabled to see if there's a difference, unless a member of the staff responds to inform us on the subject.

With regards to whether it connects to the internet/the cloud; I don't believe this particular module/component does, however there already is a cloud based AI component in Malwarebytes which is the setting right above the new feature under settings labelled as Use artificial intelligence to detect threats (scans may take longer), which leverages the cloud and clearly impacts scan times as indicated in its description.

Anyway, I once again hope that you find this information helpful.

Link to post
Share on other sites

Hello @exile360 No problem, and thanks for the additional useful information, I will bear it in mind. I will try the settings, and attempt to do some timings and post them here when I get time, as it might be useful to others with similar interest in this excellent MWB product.

Link to post
Share on other sites

FYI: Earlier today, I ran a full manual scan, with "Use expert system algorithms to identify malicious files." set to ON.  I suspect this is a newer/better version of what the "Heuristic" scan section was, under the 4.0 and earlier MWB versions.

It ran just fine, with no issues, and found no extra items needing quarantine. It took 28 minutes 3 seconds, to scan  388,737 items, on a 50% full Seagate 500GB HDD drive.

It did hang a 2 points, 3 minutes at 289,954, and another 3 minutes at 312,991 then continued normally to completion.

This test was on a Homebuilt Desktop ASROCK Z68 Pro3-M with Intel Core i3 2100 @ 3.10GHz Sandy Bridge 32nm, Seagate HDD 500GB, 50% capacity.

This would take a LOT less time on a system with an SSD, and DDR4 memory rather than the HDD/DDR3 I used for this test. I think that the extra setting added about 8 minutes to the scan, as they are normally around 20 minutes, but I will reboot and retest with the "Use expert system algorithms to identify malicious files." set to OFF next time, and confirm the time in my next post.

Link to post
Share on other sites

I just rebooted the same desktop as the previous test I posted, to ensure a fair test, with no cache "primed" by any previous test, but this time with the "Use expert system algorithms to identify malicious files." set to OFF.

The elapsed time was 25 Minutes, 20 Seconds, for 388,598 objects, so this was a difference of  2 Minutes 43 Seconds.  There were 139 less files, most likely a few small temp files removed by Norton during it's daily perfomance checks. Most users with more modern desktops/laptops with SSD disk, DDR4 memory and faster CPU should see MUCH quicker timings than posted above.

I forgot to include the Windows and Malwarebytes Versions in the first test post:

Windows 10 Pro version 19041.423, MalwareBytes with UPV 1.0.28147 and CPV 1.0.1003.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.