Jump to content

insuffciant info about scans

baktazjam

By baktazjam
in Malwarebytes for Windows

 Share

Recommended Posts

Porthos

Porthos

Posted
Posted (edited)

I am going to add some more info for you to digest.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

If you need a flat-file scanner to check archived data/drives, I would recommend using the built-in Windows Defender that ships with Windows 8/8.1 and Windows 10/11. 

To reenable Windows security/Defender(they work very well together, You need to turn off the following setting in Malwarebytes.

image.png.b497bb7e39ce6d5b32656d51181ba085.png

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block files like these if malicious on execution-only.

 

And,

An AV (Defender) will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, if you get an email with an infected attachment and download it (Malwarebytes does not filter or scan actual emails), Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made.

 

 

Edited by Porthos
  • Like 1
Link to post
Share on other sites
baktazjam

baktazjam

Posted
  • Author
Posted
8 minutes ago, Porthos said:

I am going to add some more info for you to digest.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

If you need a flat-file scanner to check archived data/drives, I would recommend using the built-in Windows Defender that ships with Windows 8/8.1 and Windows 10/11. 

To reenable Windows security/Defender(they work very well together, You need to turn off the following setting in Malwarebytes.

image.png.b497bb7e39ce6d5b32656d51181ba085.png

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block files like these if malicious on execution-only.

 

And,

An AV (Defender) will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, if you get an email with an infected attachment and download it (Malwarebytes does not filter or scan actual emails), Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made.

 

 

Thx v much for the explanation... so you mean that malware bytes does not scan the specific files..but can block/clean/delete those kind of files (

JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc. ) by their behavior or infection? in other words mw will take action when it ll suspect any wrong action from them...

What do you mean by this " Malwarebytes will block files like these if malicious on execution-only. "

 will not two anti viruses ll make the pc heavy or ll not they create conflicts specially when both of them catch the same malware at a time ?

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
Just now, baktazjam said:

will not two anti viruses ll make the pc heavy or ll not they create conflicts specially when both of them catch the same malware at a time ?

Not Malwarebytes and Defender. They work wonderfully together. Defender is already there so why not take advantage of the added protection?

1 minute ago, baktazjam said:

What do you mean by this " Malwarebytes will block files like these if malicious on execution-only. "

Scanning those types will NOT trigger a detection.

If the file is RUN/executed, It is up to the exploit or ransomware protection to kick in to stop the threat.

  • Like 1
Link to post
Share on other sites
baktazjam

baktazjam

Posted
  • Author
Posted
On 7/11/2023 at 7:20 AM, Porthos said:

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

if mw is not scanning such files the how can a user be protected ?

 

On 7/11/2023 at 7:45 AM, Porthos said:

Scanning those types will NOT trigger a detection.

If the file is RUN/executed, It is up to the exploit or ransomware protection to kick in to stop the threat.

plz explain it in an easy words , i am not a tech smart :)

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
5 minutes ago, baktazjam said:

if mw is not scanning such files the how can a user be protected ?

 

On 7/10/2023 at 9:45 PM, Porthos said:

If the file is RUN/executed/opened, It is up to the exploit or ransomware protection to kick in to stop the threat.

If you actually OPEN open those types of files... It is up to the exploit or ransomware protection to kick in to stop the threat.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.