gilamonster Posted May 12, 2021 ID:1456418 Share Posted May 12, 2021 As long as I have been working with Malwarebytes there has always been conflicted reporting on whether rootkit detection was enabled or disabled. I ALWAYS select it in the control panel but recently I had an A.I. detection that flagged some Webroot DLLs and the report came back: -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect When I see Rootkits disabled for YEARS in reports despite them being turned ON with user control it gives ZERO confidence in this system. What is going on? How do I know that the webroot dlls were even a threat? Will that affect the function of Webroot? Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted May 12, 2021 Staff ID:1456419 Share Posted May 12, 2021 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes for Windows Help forum. If you are having technical issues with our Windows product, please do the following: Malwarebytes Support Tool - Advanced Options This feature is designed for the following reasons: For use when you are on the forums and need to provide logs for assistance For use when you don't need or want to create a ticket with Malwarebytes For use when you want to perform local troubleshooting on your own How to use the Advanced Options: Spoiler Download Malwarebytes Support Tool Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Navigate to the Advanced tab The Advanced menu page contains four categories: Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand. Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot. Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent. Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program. To provide logs for review click the Gather Logs button Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. To uninstall all Malwarebytes Products, click the Clean button. Click the Yes button to proceed. Save all your work and click OK when you are ready to reboot. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows. Select Yes to install Malwarebytes. Malwarebytes for Windows will open once the installation completes successfully. Screenshots: Spoiler Spoiler If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help If you need help looking up your license details, please head here: Find my premium license key Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
Porthos Posted May 12, 2021 ID:1456424 Share Posted May 12, 2021 Rootkit scanning is disabled by default. It is recommend rootkit be turned on only where there is an issue for removing something with the normal scan. Rootkit scanning is slightly more dangerous as it has to disable some whitelisting to remediate some rootkits. Maybe once a week if really want to use rootkit. But honestly we rarely see rootkit files anymore and the newer engine can remove most of them anyways even without rootkit on. 4 minutes ago, gilamonster said: When I see Rootkits disabled for YEARS in reports despite them being turned ON There are 2 different places to turn on rootkit scanning, one in the main section and one in the scheduler. 9 minutes ago, gilamonster said: recently I had an A.I. detection that flagged some Webroot DLLs and the report came back: There were some false positive AI detection's the last couple of days. I would also recommend creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues. Please add the items listed in this support article to Your AV 's allow list(s)/trust list(s)/exclusion list(s) particularly for any of its real-time protection components and likewise add Your AV 's program folder(s) (likely located under C:\Program Files and/or C:\Program Files (x86)) to Malwarebytes' Allow List using the method described under the Allow a file or folder section of this support article and do the same for its primary data folder which is likely located under C:\ProgramData (you may need to show hidden files and folders to see it). Link to post Share on other sites More sharing options...
Porthos Posted May 12, 2021 ID:1456475 Share Posted May 12, 2021 I also tested a scheduled scan with rootkits enabled. Quote -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 346084 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: DisabledRootkits: Enabled Heuristics: Enabled PUP: Detect Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now