Author |
Topic: Malwarebytes question |
Jon Light
From: Saugerties, NY
|
Posted 27 Jun 2017 4:21 am
|
|
I recently bought the full Premium version ( 3.1.2.1733 )
Here is an excerpt of a scan report:
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
My question is about Rootkits. In SETTINGS I definitely have Rootkit scan "ON" . The report confuses me. If I am misreading or misunderstanding the report, fine. I don't need to know what it means, as long as I can know that it is indeed scanning what I need it to scan.
Does this need my attention? |
|
|
|
Mitch Drumm
From: Frostbite Falls, hard by Veronica Lake
|
Posted 27 Jun 2017 5:13 am
|
|
Doesn't look right to me, Jon.
I show enabled next to rootkits.
I assume in settings/scan options/scan for rootkits, you have the toggle switch set to "on" and have closed the app and rebooted after confirming that setting.
If that's true, you might want to post at the Malwarebytes forum. I haven't checked there, but maybe it is a known issue. |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 27 Jun 2017 5:25 am
|
|
Thanks Mitch.
Yes, to your questions. I'll look into this. |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 27 Jun 2017 5:37 am
|
|
Great advice, Mitch.
It is a known thing, asked and answered in the forum. The selected settings (apparently) apply to manual scans. For automatic scheduled scans you have to click the scan in the schedule and make the selections in 'advanced settings'. My manual settings were good but the default in the scheduled scans is rootkits : disabled (for some reason).
Thanks for the help! |
|
|
|
Mitch Drumm
From: Frostbite Falls, hard by Veronica Lake
|
Posted 27 Jun 2017 7:18 am
|
|
Thanks for digging into that.
I just checked settings/scan schedule/edit button/advanced and found that "scan for rootkits" was checked under "scheduled options".
I guess you are saying that that is NOT the default?
I frankly can't recall if I had previously visited that location and made that setting manually. If it isn't the default, I guess I must have as my scan report says rootkits enabled, unlike yours. |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 27 Jun 2017 7:33 am
|
|
Your summary is correct although all I can only say for certain that my auto scan was defaulted to 'disabled' and that this is the situation that I found in the MBAM forum. Maybe this pertains only to new installations or something (I upgraded from the free version a couple of weeks ago)? I do not know and did not investigate that. |
|
|
|
Jack Stoner
From: Kansas City, MO
|
Posted 28 Jun 2017 4:18 am
|
|
I have mine set to "defaults" and that is rootkits off. _________________ GFI Ultra Keyless S-10 with pad (Black of course) TB202 amp, Hilton VP, Steelers Choice sidekick seat
Cakewalk by Bandlab and Studio One V4.6 pro DAWs, MOTU Ultralite MK5 recording interface unit (for sale) |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 28 Jun 2017 4:47 am
|
|
Jack--do you have some reasoning that would convince me to switch rootkit scanning off? I know/understand nothing and simply opt for 'more scanning is good' unless instructed otherwise. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
Posted 28 Jun 2017 8:55 am
|
|
Jon Light wrote: |
Jack--do you have some reasoning that would convince me to switch rootkit scanning off? I know/understand nothing and simply opt for 'more scanning is good' unless instructed otherwise. |
I'm not Jack, but will chime in here anyway.
Personally, I turn on scanning for rootkits. While they aren't an every day threat, they are out there in malware like the Petya virus. Petya scrambles the Master Boot Record (thus encrypting the entire disk) and uses a rootkit to reinstall if it is deleted. Petya is currently in the wild and uses some of the attack vectors used in Eternal Blue and WannaCry. While not particularly targeting normal computer users, we can become collateral damage. A rootkit detector goes a long way to stopping Petya and related malware.
Note that scanning for rootkits adds to the load on your computer during the scan and could interfere with its operation until the scanning has completed. _________________ "Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From: Saugerties, NY
|
Posted 28 Jun 2017 9:18 am
|
|
Thanks Wiz. I schedule my scans for off hours so resource load is not an issue.
I'll keep everything enabled. |
|
|
|
Wiz Feinberg
From: Mid-Michigan, USA
|
|
|
|