Jump to content

How realtime protection works


Recommended Posts

:)

When you enable real-time protection for MBAM, if you click on something thats malicous and you just downloaded, MBAM real-time protection sometimes catches it and asks you if you want to quarintine it. If you press quarintine you won't have to restart. But if you scan with MBAM and it finds a virus, in order to quarintine it you MUST restart. Why is that? Is it because for real-time protection when it detects it, it has never has never been run on your pc but the file is still there, so it won't be hard to quarintine it....? And how come when your removing adware after a scan you don't have to restart? Could someone please tell me when MBAM requires you to restart and why? :)

Link to post
Share on other sites

A restart is required by the scanner because it likely discovered the process already running in memory, something that will prevent it from being completely deactivated and removed until reboot. The same is true for dll's and other files loaded into other processes. The protection module is actually blocking a threat from executing before it is actually running in memory, that's why it can quarantine the file without requiring a restart, because the file is not truly active, and thus will not be locked from being deactivated and deleted :).

In cases where the file is not running, the scanner still prompts for a restart just to be certain that the threat is removed just in case it or a component of it was running in memory.

Link to post
Share on other sites

A restart is required by the scanner because it likely discovered the process already running in memory, something that will prevent it from being completely deactivated and removed until reboot. The same is true for dll's and other files loaded into other processes. The protection module is actually blocking a threat from executing before it is actually running in memory, that's why it can quarantine the file without requiring a restart, because the file is not truly active, and thus will not be locked from being deactivated and deleted :).

In cases where the file is not running, the scanner still prompts for a restart just to be certain that the threat is removed just in case it or a component of it was running in memory.

ohh thats kind of what i was thinking if it works that way but i wasnt really sure. but what about adware? everytime u remove adware from a scan u dont have to restart.

Link to post
Share on other sites

Adware is a pretty vague term, if it's a file or process detected by MBAM in a scan, a reboot is generally required. If it's a registry entry then I believe the registry entry's location determines whether or not a reboot is required (as some keys will not update/refresh until after a reboot, depending on which hive they're in, ie HKLM vs HKCU etc).

Link to post
Share on other sites

Hi IDK -

Adware (as such) is not always Malware - It can at times be just a pest (like tracking cookies) since this program deals with Malware only -

However if you have enough adware to remove SUPERAntiSpyware will ask for a reboot -

Thank You

Are adware pop-ups??? because once i had a pop-up everytime u go to a new page on the internet and firefox, and when i scanned with MBAM, it found 1 trojan downloader, and 56 adware... so i think it must be the adware that caused all the pop-ups.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.