Jump to content

MalwareBytes Breach Remediation Best Practice Exclusion List


Recommended Posts

Is there a best practice guide, or can someone share their exclusion list that can be adopted by others, to shorten the scan times on a Windows machine.  I am currently testing the -full parameter with no exclusion list and the current scan is still running after 14 hours.  It seems to be stuck on a OneDrive file named FILESYNCVIEWS.dll.  I can exclude that file but would like to know if there are already list out that can help someone quickly get off the ground.  For example, I can save time and exclude the SCCM cache dir and the Windows update cache but am looking for other location that have helped but are not usual dropper locations.  Thanks.

Link to post
Share on other sites

  • Staff

Greetings,

I would suggest using the default Threat scan rather than a full or custom scan, only because by default Malwarebytes checks all known locations where threats have been observed to install themselves as well as common locations where any potentially malicious or unwanted downloads are likely to be stored.  Additionally, it also checks all common loading points/startups as well as active processes and modules in memory, so even if a threat were somehow running from a previously unseen location Malwarebytes would still detect it.  Any time a new location is discovered to be used by threats the Malwarebytes Research team can modify the threat database to target the new location as a part of the default Threat scan.  This is accomplished through database updates, so it doesn't even require a new engine or program build/version.

As for creating exclusions, you may find this support article and the Malwarebytes Breach Remediation Windows Administrator Guide  to be of help, however as mentioned previously, the best way to avoid unnecessarily long scan times would be to use the default Threat scan rather than scanning the entire file system.

With all of that said, I have seen the behavior you describe of Malwarebytes getting stuck during scans, however I don't believe it is specific to the same file or files for every system when it does occur, so creating a set of exclusions to try and prevent it is unlikely to help except on the specific endpoint where it does get stuck on that particular file.  It is possible that the Developers may be able to correct whatever it is causing the scan to hang at that point, however I would recommend contacting Malwarebytes Support directly via the form on this page so that you may provide them with any necessary logs and diagnostic data in private rather than posting it publicly here.  A tool such as Process Monitor should reveal precisely where the scan is getting stuck (often times the location shown in the UI during a scan is not precisely the location being scanned since the scan engine is multi-threaded and therefore checks multiple files/locations simultaneously).  Hopefully the scan hanging is an issue they can fix.

I hope this helps and if there is anything else we might be of help with please let us know.

Thanks

Edited by exile360
Link to post
Share on other sites

  • Root Admin

I would agree with @exile360 that perhaps you might do a Full scan one time. Beyond that I don't really see the need to perform a full scan. The product as mentioned already scans all known locations where infections are known to launch, hide, or store data. The real time protection helps to prevent malware from getting on the system as well.

On the consumer version with a new installation of Windows it took 16 seconds to complete a default Threat Scan. Obviously a real life computer with various programs installed and in use for a few years is going to be much slower but unless there are hardware issues it should still complete a Threat scan for most systems in under about 15 minutes, often in just a few minutes.

image.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.