MBAM Pro settings - how to automatically get "missed updates"?

Page 1 of 2 12 LastLast

  1. Posts : 2,752
    Windows 7 Pro x64 (1), Win7 Pro X64 (2)
       #1

    MBAM Pro settings - how to automatically get "missed updates"?


    I've been struggling with this problem (clearly must be a settings issue), but cannot seem to figure out what to do in order to avoid the problem symptom. Either that, or it's a program bug (which I will report on the MBAM forum, but I hate to post there because of "attitude").

    I would like outside opinions HERE (where people respond intelligently) on which one it is, and if it's simply a settings problem then please tell me what to change.

    Thoughts?


    The problem is that I shut down (i.e. truly "shut down") one of my machines every night. Then sometime the next morning (or maybe even days later) I power it back on. This clearly means MBAM was not able to do its automatic scheduled database updates during those hours/days when the machine was powered off.

    I would expect that at the next opportunity (i.e. when the machine is next powered on and the Windows startup boot process runs), that the program would automatically catch up with all missed database updates. I shouldn't be bothered by any notifications or prompts, nor should I have to do anything manual myself. It should just "catch up" automatically and quietly.

    Note that there's no problem if the machine is left on forever. Automatic scheduled updates occur regularly, and without any involvement from me. It's only after this other situation when the machine was powered off past its scheduled update (and perhaps very long past that scheduled update) that the expected automatic update or "catch-up update" doesn't occur automatically.

    So, what have I done wrong in my settings? Or, is this a program issue which should be reported to MBAM??


    Here's what appears upon the next re-boot following a long powered-off period: The little red exclamation mark notifying me that there's a problem.




    And if I open the program it tells me "database is out of date". I know that, but I wanted the program to simply "catch up" automatically in this situation, not require me to get involved manually to fix the problem.




    And here are my settings: I believe I'm requesting database updates 4 times per day, i.e. every 6 hours.






    NOTE: I have set 60-seconds as my "protection delay" interval at Windows startup, just to try and ensure that internet access is available when the machine is rebooted and MBAM is started. I thought this might help, but it doesn't seem to make an impact.

      My Computer


  2. Posts : 17,796
    Windows 10, Home Clean Install
       #2

    You have it set to notify if out of date by more than one day.
      My Computer


  3. Posts : 2,752
    Windows 7 Pro x64 (1), Win7 Pro X64 (2)
    Thread Starter
       #3

    richc46 said:
    You have it set to notify if out of date by more than one day.
    Are you sure this is the relevant setting to change? The one that says "notify user if database is out of date for more than X days"?

    1 day was already checked there, and that's the minimum. Alternate values are 2, 3, etc. Per your suggestion I've changed it to 2, though I honestly don't think it's going to accomplish a solution to this issue.

    But really I don't ever want to be notified about the database being out-of-date... ever, no matter how out-of-date it is, even if it's from being powered-OFF for a week or two if I'm away. I just want the program to automatically "catch up" and update the database WHENEVER it learns it's out-of date, quietly and automatically. For example that's how MSE and other anti-virus software works.

    Doesn't that make more sense for this particular item? Why should I have to get involved with database updates at all?


    Now I don't know for sure (which is why I'm asking for suggestions here), but I'd intuitively expect the relevant setting to more likely be "Recovery options", i.e. "recover missed tasks". I have "recover if missed by 8 hours" set, so maybe that means "ONLY RECOVER the missed scheduled update if you miss it by 8 hours or more, but if you miss it by less than 8 hours don't recover it and instead show the red exclamation mark an notify the user". Maybe that was my problem, that if the machine was only off less than 8 hours before being powered on again, that this value was actually preventing it from doing the expected automatic catch-up update.

    I've now just changed that setting to be the minimum value of 1 hour. There's nothing less than that to set... LIKE WHY NOT HAVE A VALUE OF ZERO, TO ALWAYS PERFORM ANY MISSED UPDATE???

    Here's hoping that means "recover the missed scheduled update if it was missed by at least 1 hour". which of course would cover me in my overnight-OFF situation.


    Again, personally I don't know why I would need to or want to have so many seemingly overlapping and interacting user-specified settings governing automatic updates of the database. Maybe I would want some control over scans, but database updates???

    Anyway, we'll see what happens tomorrow morning.
      My Computer


  4. Posts : 2,752
    Windows 7 Pro x64 (1), Win7 Pro X64 (2)
    Thread Starter
       #4

    First, I just noticed that I mistakenly called it "MBAM Pro" whereas it's correctly named "MBAM Premium". Sorry for the confusion.


    Next, according to this page on the Malwarebytes site that describes "Automated scheduling" settings, Recovery Options allows you to perform a database update if you missed your scheduled one, and define what constitutes overdue.

    So it looks like I was on the right track. I'm guessing that my 8 hour value was too large, in that it described "overdue" as only when the scheduled database update was missed by 8 hours or more. But if it was missed by less than 8 hours, it was not considered "overdue" and thus was not needed to be "recovered" as a missed update. To me, this all seems quite convoluted and unnecessary, and I really would NEVER want this behavior, but I guess that's how it should be interpreted.

    So I'm guessing that changing this value to 1 hour as I've now done should guarantee that ANY missed update by at least 1 hour (which will almost certainly always be the case when powering my machine back ON from its overnight OFF state) should trigger the automatic recovery of the "overdue missed update", and hopefully I should never again be bothered by that notification.

    We shall see in the morning.
      My Computer


  5. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #5

    Hi,
    Besides the notification confirmation which is a bug for most that are not receiving the notification of a successful update,
    The only way I've found to actually get updates on startup is to switch to real time and not hourly...
    But all mbam has suggested is mbam clean to fix any issues,
    So get ready for it
    https://forums.malwarebytes.org/inde...al-process-2x/
    Attachment 322570
    Last edited by ThrashZone; 22 Feb 2015 at 19:57.
      My Computer


  6. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #6

    I don't think you have a problem with your settings.
    I see the same thing, MBAM alerts out of date when I start/wake a PC that has been off for day(s).

    MBAM has always had a problem where it will try to connect to the server to update definitions before the network connection is re-established.
    In V 1.75 an error is logged in the protection log, I think it is error code 100.
    In V 2.x I have never seen a log entry for this error.
    I think I was told it should be there, but I've never seen it in a V 2.x log...

    I asked if the "update failed" error was fixed in V2 during BETA testing, and was told no.
    If this issue has been been fixed since I asked, I don't know - I haven't read it's been fixed ...
    You have "Protection delayed on startup", but does that also delay attempting to update the virus definitions ?
    I don't know, I never used that option ... this would be a question best answered by MBAM.

    As a workaround to this issue in V 1.75 I created a scheduled task to update definitions that ran 1 minute after startup/wakeup.
    In V 2.x "command processing" has not been implemented, so a scheduled task is not possible (yet).
    If "command processing" has been since added to V 2.x, I don't know, I haven't read anywhere that has been implemented yet.

    I mostly login to Windows with a Standard (Limited) account.
    In V 1.75 I did not get the "Out of date" alert, and I could not manually update definitions from the tray icon.
    To manually update required Admin authority.
    For me V 2.x is better as I now get alerted (tray icon) and can manually update from the tray icon, without running MBAM with "Run as administrator".

    I'd like to see "command processing" in V2.x so I can add a scheduled task if I want to.
    I'd like to see different (better imho) logging in V2.x.
    For me, accepting these "deficiencies" for a Lifetime License is one thing.
    For me, accepting these "deficiencies" for an Annual License is something else.
    I have Lifetime Licenses, so I can live with it "as-is" for the protection cost/benefit value.
    Hopefully these will be addressed in a future release.

    You can also add another Scheduled Update that "Runs on system start" and see if that helps.
    I added this, but it doesn't help me, I don't normally shut down, I use Sleep.
    I don't think "Runs on system start" includes waking from sleep, from what I have seen.
    I never asked.

    Please post back with what you find with your latest change.
    I've got MBAM real-time on 5 OSs right now, so I've tested this every way I can think of...
    I'm thinking of buying another license right now for a VM OS I might install, so I'm very interested.

    Thanks,
    David
      My Computer


  7. Posts : 4,566
    Windows 10 Pro
       #7

    You need to think about this from a security perspective.

    It is never a good thing to expect your security software to "just work". That is the apple way and is the least secure way. It causes the most problems as well.

    What I mean is, if the program never notified you about being out of date, malware could easily disable the updating function, and since there would be no alert that you are out of date; you are compromised immediately and would have no idea anything is wrong. You would scan your system for threats as usual and they would not find anything, as the new malware that took over and stepped it from updating is not in its definitions meaning it can do whatever it wants without being detected. It is To the equivalent of having a year old trial antivirus on your system. It just is not good practice.

    #1 Goal of malware: Keep hidden from the user
    #2 Disable the updating function of the security software, or disable it completely if possible to be done silently.
    #3 Trick the user into accepting something or already start the process of what it intends to do.

    Updates are the life line of a security product. To ignore these notifications, or expect the product to do it without notifying you of it being out of date is simply foolish and unwise.

    Also: If you leave malwarebytes alone for a little bit, it will update and the notification will go away once it updates on its own. But the warning is a very good reminder to keep tabs on making sure you are up to date so you can be protected of the latest threats.
      My Computer


  8. Posts : 2,752
    Windows 7 Pro x64 (1), Win7 Pro X64 (2)
    Thread Starter
       #8

    andrew129260 said:
    It is never a good thing to expect your security software to "just work". That is the apple way and is the least secure way. It causes the most problems as well.

    What I mean is, if the program never notified you about being out of date, malware could easily disable the updating function, and since there would be no alert that you are out of date; you are compromised immediately and would have no idea anything is wrong. You would scan your system for threats as usual and they would not find anything, as the new malware that took over and stepped it from updating is not in its definitions meaning it can do whatever it wants without being detected. It is To the equivalent of having a year old trial antivirus on your system. It just is not good practice.
    I understand what you're saying, and I agree. It's one of the reasons I'm part of the "anythingbutipod.com" user community (I own a Cowon J3 player, 32GB+63GB=96GB, to support my FLAC music collection).

    But appropriately MBAM has its own additional independent "notify user if database is out-of-date by more than X days" setting, which I've kept at the minimum value of 1 day. Presumably this test for out-of-date age is performed after (not before) the scheduled database update is performed, including the "catch-up recovery update" of a missed scheduled update.

    So if MBAM does somehow get prevented by malware from actually doing its scheduled automatic updates (every 6 hours for me) or the "recovery update at next opportunity" if the scheduled update is missed, then if the database does finally get to be more than 1 day out-of-date you will now appropriately be notified (with the red exclamation mark). Whatever it was that caused the unexpected failure to do the scheduled updates, benign or malignant, notification of the user is now appropriate. I would then investigate the cause and take appropriate corrective action, including possibly hunting for malware if this condition should not have occurred naturally.

    However in my opinion this notification for an out-of-date condition is unrelated to simply performing the automatic database "recovery of missed task" update that got missed because of perfectly normal conditions, such as the machine being powered off. And that's exactly why MBAM offers the other "recovery of missed tasks" options, to ensure that if/when an automatic database update is missed it will automatically be performed at the next opportunity.

    Yes, you'd of course like to know if malware has actually somehow moved in to prevent database updates (including this special "recovery" update) so that it could persist, and that WILL be advised if/when the "notify user if database is eventually out-of-date by more than X days" setting is actually ever reached. This can't happen normally as long as normal scheduled updates are still being performed, and also if the "recovery of missed update" is performed immediately at the next opportunity... BEFORE testing for out-of-date database.

    Because simply powering off a machine at night and powering it on sometime the next morning is by far the more common situation these settings (and especially the "recovery from missed update") are dealing with, I just want the missed overnight update(s) to be performed quietly and automatically at the next normal opportunity. I don't want to be notified or required to be involved in doing that update. And once it's performed, and the out-of-date test performed (which shouldn't any longer be out-of-date), I should not be notified of anything at all... and nothing is amiss.


    Anyway, to report the results of last night's test, sure enough when I powered the machine on earlier today I was NOT notified (with the red exclamation mark) of the out-of-date condition!!

    YAY!! I will of course watch this over the next few days until I'm convinced I've resolved it.

    But based at least on this first test it does appear that changing the "recover missed update if missed by X hours" value to 1 (i.e. something sure to be LESS THAN the number of hours the machine is powered off overnight) correctly triggers the automatic "recovery update" when the machine is next powered on. And then the presumably later-tested out-of-date condition (of 1 day or more) is not met, so that I did NOT get the red exclamation mark.

    It's not really clear whether my setting of 60 second delay before starting (to try and ensure enough time for my network connection is established during Windows startup) is relevant or not, but I have that delay value set on anyway.


    I'll confirm if the next few days work just as well as this morning did.
      My Computer


  9. Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       #9

    Give this a try. I set up two Updates - one at bootup and the other at 1 hr intervals.

    Will see if it works in the morning.

    MBAM Pro settings - how to automatically get "missed updates"?-mbam-1.png

    Jim
      My Computer


  10. Posts : 2,752
    Windows 7 Pro x64 (1), Win7 Pro X64 (2)
    Thread Starter
       #10

    Well, I went away for a few hours with the machine still ON (as it's been for the past 4 hours or so) ever since starting up earlier today. When it was powered on 4 hours ago it did NOT produce the out-of-date notification after emerging from being in its power-OFF state for at least 10 hours, so I thought my "recover if missed by 1 hour" change had been successful.

    I just assumed it had performed the missed overnight update and was totally satisfied that the database was up-to-date.


    Well, imagine my surprise when I looked at the screen and discovered the following:



    And looking at the dashboard to see just what the database version was, it looked like this:




    I then ran the requested update and when finished the database version looks as follows:




    So its now updated to 06.21.10, whereas before it was at 06.21.02. I'm not sure of this, but assuming MB provides updates every hour and since the machine was powered ON about 4 hours ago, that would mean it did NOT, as originally assumed, perform the missed overnight update during its 8 hours of power-OFF state (remember, I have it scheduled to update every 6 hours) when it was powered up 4 hours ago!!!

    Well I don't know what the "recover missed updates" setting of 1 hour is supposed to do if not "run the missed update if you miss it by at least 1 hour" which I obviously had, but apparently it did NOT trigger the anticipated catch-up update when I booted the machine 4 hours ago. Presumably it would have updated to 06.21.06 maybe.

    Even more mysterious, it's only been 4 hours since the machine was powered on, and the last out-of-date test run. So if the database was 06.21.02 only 4 hours ago and was apparently NOT out-of-date by more than 1 day, why is it now out-of-date only 4 hours later, and with a now most-current database version of only 06.21.10 (which presumably means only 8 hours newer than the previous 06.21.02 on my machine)????


    This is just silliness. It shouldn't be so complicated to get the program to just do automatic database updates whenever scheduled, or if not possible when scheduled then simply at the next available opportunity.

    In my opinion there is no reason to have the user get so involved trying to pick what presumably is the magically correct combination of values to cause the program to behave the way it should simply be programmed to behave with no user-settings at all.

    I'm obviously missing the point here. I guess it's almost time to post this question to the MBAM forum, something I'm really not anxious to do.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:31.
Find Us