Jump to content

Questions about how virus scanners work, and other security things


Badran

Recommended Posts

Hi,

I just wanted to make a topic to better educate myself on how things work.

One of the first things I wanted to ask was if it was true that scanners won’t target items that are above a certain file size?

If they don’t pick these things up, would real time protection be able to protect you from files that are large?

Another question is that I wanted to know which items Malwarebytes would and wouldn’t scan. Asking this because it’s consistently recommended to have both defender and Malwarebytes active at the same time, since one can catch something the other might miss.

Link to post
Share on other sites

4 minutes ago, Badran said:

One of the first things I wanted to ask was if it was true that scanners won’t target items that are above a certain file size?

This is true. Size limits are not public.

5 minutes ago, Badran said:

If they don’t pick these things up, would real time protection be able to protect you from files that are large?

When these are executed, the other real-time protections can but no protection is 100%

7 minutes ago, Badran said:

Another question is that I wanted to know which items Malwarebytes would and wouldn’t scan. Asking this because it’s consistently recommended to have both defender and Malwarebytes active at the same time, since one can catch something the other might miss.

Since you have been reading many posts, you have most likely seen the following info but here it is again.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block execution of files like these only with the anti-exploit module of the paid program.

  • Like 3
Link to post
Share on other sites

Thanks for the responses, this cleared up what I was wondering!

I was worried about old PDF’s I had from school, but it turns out the largest one I have is under 300mb (honestly thought some of these were insanely large, but I must’ve been compressing a lot of stuff when it came time to submit them)

Link to post
Share on other sites

  • Root Admin

Open Malwarebytes, click on the small gear icon on the top right.

On the General tab scroll down to the bottom and click the Restore default settings button

image.png

 

Unless there is something very specific that you don't want enabled, then leave the defaults as they are.

 

If you wish to run Windows Defender fully alongside of Malwarebytes (one does not need to, Malwarebytes will protect the system without Windows Defender being in full protection mode)

 

Make the following change in Malwarebytes if you're using the Premium or Trial version

  • Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security tab.
  • Then turn off "Always register Malwarebytes in the Windows Security Center"
  • Restart the computer

 

It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions
between Malwarebytes and Windows Defender

 

Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

 

Then visit the following links on how to setup exclusions in Windows Defender

How to Add or Remove Exclusions for Microsoft Defender Antivirus in Windows 10
https://www.tenforums.com/tutorials/5924-add-remove-microsoft-defender-antivirus-exclusions-windows-10-a.html

Add or Remove Exclusions for Microsoft Defender Antivirus in Windows 11
https://www.elevenforum.com/t/add-or-remove-exclusions-for-microsoft-defender-antivirus-in-windows-11.8797/

 

We are not aware of any currently known issues between Windows Defender and Malwarebytes Premium

 

  • Like 1
Link to post
Share on other sites

Apologies about this, I wanted to ask here since I’m still a bit confused about the topic. My FRST logs used to show the following restriction:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

I got help with removing the restriction, but I had a thought. With this restriction gone, would there be any conflicts between Malwarebytes and Defender, or is there nothing to worry about?

I think an FRST fix is what caused it to reappear after I got help with removing it last week.

Again, sorry about asking this here, I’m just trying to learn a bit more, and this thing has been confusing me, since I only can use my logs as a reference and I don’t know if this restriction exists in other peoples logs who run both defender and Malwarebytes at the same time.

also apologies if this is worded poorly.

Edited by Badran
Link to post
Share on other sites

Thank you.

Iirc, it was said that scheduled scans can occur approx 15 minutes before or after the scheduled time?

Just wondering, since I had a scan scheduled for 19:14 (it should’ve been 19 on the dot, but I had restarted at around that time,  I think) and it occurred several minutes earlier (at around 19:08). I could be misremembering the scheduled time that was displayed.

Edited by Badran
Link to post
Share on other sites

  • 2 weeks later...

Can other programs or windows services block anti-virus scanners from looking for updates at certain times?

Asking because I was trying to check for updates, and I kept getting that message saying “one or more items could not be successfully downloaded” at the time that this was happening, I noticed the Microsoft edge update was running when I looked at the task manager. For some reason there was two instances of it running, which I took a picture of.

I want to say after it was done, I was able to successfully check for updates without getting that error. If it wasn’t this, then maybe it was a server issue.

Updating here, it turns out my ISP done something and my internet cut off for a moment as far as I can tell  so it must’ve been that.

 

Edited by Badran
Link to post
Share on other sites

Wanted to ask if those “check out what’s new” notifications from Malwarebytes occur even if you have the marketing notifications off?

Got one today randomly, with it telling me about the new trusted advisor system, despite me having this new update installed for a long while now, so I’m puzzled as to why it’d show up this late.

Link to post
Share on other sites

1 minute ago, Porthos said:

can cause hard to recover bluescreens.

Ah, that’s a shame. I’ll do as you say and leave it off.

I don’t really adjust the settings aside from having the register Malwarebytes in the security centre option off, since I like running defender and Malwarebytes alongside each other.

Link to post
Share on other sites

On 9/6/2023 at 5:28 PM, Badran said:

Wanted to ask if those “check out what’s new” notifications from Malwarebytes occur even if you have the marketing notifications off?

Yes, they are not marketing, they are what changed in the software with an update, notifications.

Edited by Porthos
Link to post
Share on other sites

16 minutes ago, Badran said:

What difference does the self protection module early start make here?

Descriptions for each Advanced setting are as follows:

  • Launch Malwarebytes in the background when Windows starts up: Malwarebytes and Real-Time Protection layers start when Windows operating system starts. If disabled, Malwarebytes and Real-Time Protection layers do not start with Windows, but can be started manually by launching Malwarebytes.
  • Delay Real-Time Protection when Malwarebytes starts: When the startup of system services used by Malwarebytes conflicts with services required by other applications at boot time, enable this setting and adjust the delay timing. The delay setting is adjustable from 15-180 seconds, in increments of 15 seconds.
  • Enable self-protection module: This setting controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. Check this box to introduce a one-time delay as the self-protection module is enabled.
  • Enable self-protection module early start: When enabled, the self-protection module starts earlier in the computer's boot process. This changes the order of services and drivers associated with your computer's startup.

https://support.malwarebytes.com/hc/en-us/articles/360038984953

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites

35 minutes ago, Porthos said:

This changes the order of services and drivers associated with your computer's startup.

I’m guessing that’s why it causes blue screens

I”ll just keep the regular self-protection module enabled, since that one is enabled by default if I’m correct.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.