New
#1
MBAM Premium Settings
Hey all,
In the Detection and Protection settings page, "Scan for rootkits" is not ticked by default.
Should I tick this option? Why would it be un-ticked in the first place?
Thanks in advance.
Hey all,
In the Detection and Protection settings page, "Scan for rootkits" is not ticked by default.
Should I tick this option? Why would it be un-ticked in the first place?
Thanks in advance.
Hi,
Usually you would only use that setting once and before doing a custom full scan of the C and any other partitions and or connected alternate storage drives,
Otherwise it's a one time scan option,
Cheers.
Hi:
Actually, it's not necessarily a "one -time" option.
It's un-ticked by default for a couple of reasons:
- It will add a bit of time to the scan -- this bothers some users who are obsessed with scan times.
- On some encrypted drives (especially those encrypted with certain 3rd-party software), anti-rootkit (ARK) scanning is not supported and can lead to errors. This is a technical limitation imposed by the encryption methodology. Having said that, it's hard (though not impossible) to get a rootkit on an encrypted drive. So, it's OK to leave that option disabled.
So, if your drive is NOT encrypted, it's perfectly fine to enable that setting.
If your drive IS encrypted, you can enable the setting, unless doing so causes errors.
Just a friendly reminder: the main protection of MBAM Premium is the real-time protection to help PREVENT infection.
Scans are a "second line of defense" that can only remove malware that has already made it past the AV and MBAM onto the system.
A daily Threat scan is the default setting and is sufficient for most users under most circumstances.
Routine, "custom" of full scans of all mounted drives and volumes is a task better suited to your AV.
More info about v2.1.6 HERE
User Guide ONLINE -- User Guide PDF -- FAQ: Common Questions, Issues, and their Solutions
Hope this helps,
Hey, thanks for the reply both of you.
No encryption here, so I will just enable it, if the time bothers me much I can untick again.
By the way, of course real-time is enabled (for both MBAM Pro and ZA Extreme Security).
I will start a new custom scan for C with rootkit detection now.
Hi,
Yep at least once those should be checked
If you make a monthly system image you can repeat it
But I was referring to the everyday scheduled scanning if you do that adding rootkit is not necessary unless you feel the need too :/
Obsessed with scan times is a weird thing to say Moxie..
When 2.0.. was first release it was just freaking slow is the bottom line.
There's nothing obsessive about that fact.
Hi:
You're most welcome.
I'm glad I could help.
For the record, a routine, frequent "Custom" scan of the entire C: drive is neither necessary nor recommended.
A Threat scan -- which is the default and recommended scan type -- will look in all places live malware hides.
And it's up to you whether or not to enable the ARK (anti-rootkit) scan for routine scanning.
It's not unreasonable to run a full scan of C: drive or of the entire system once, upon first installing MBAM, and from time to time, just to be sure.
But it is unlikely to find anything other than old, dead remnants, could lead to decreased life expectancy of your hard drive, and is a task better suited to your antivirus.
Cheers,
Yea like I first said both Custom and rootkit should only need to be used once.
After that threat scan should be fine
Without data (e.g. scan logs before and after the upgrade), it's hard to confirm or refute that statement.
Having said that, all security products improve their scanning technology and engines over time. This is true for MBAM, too.
There will always be a trade-off between thoroughness and speed.
By necessity, ARK will lengthen scan times. If that's an issue, then the user is free to leave that setting disabled.
Also, scheduled scans run silently from the system account. On a modern system with decent resources, this is "transparent" to the user.
Many factors impact scan times -- some of them are more easily controlled than others.
Some tend to shorten the scan time, & others may tend to lengthen it.
These include:
Size of disk
Disk type
Disk speed
Disk caching
CPU speed
Controller type and speed
Operating System version
Number of files (including temp files!)
Number of folders
Number of archived files such as zip, rar, sfx, etc. (if this is enabled)
Rootkit scan or not (if this is enabled)
PUM/PUP scans
Other security programs running at the same time that may potentially be monitoring all file accesses by any other process
Drive integrity - if a drive is failing it can take a long time to ignore and bypass sectors on a disk or simply fail period and hang the scan
Other ongoing disk I/O processes
System infection
MBAM database size
Thank you,
It has been 1 hour and still continuing the scan, however I noticed that the rootkit scan completed rather fast. The File System scan is taking it's sweet time :)
As you say, it is transparent and I barely notice it. Max 15-20% CPU time.
I do make weekly full backups with daily differential (saved to internal backup which I manually copy to external also), and a clone of SSD every 3-4 weeks. I guess I am covered
I normally don't perform custom scans though, just wanted to scan this one time after enabling the ARK. Then I will be back to Threat Scan as usual.
Hi:
The first scan during a given Windows user session will always take "longer".
Subsequent scans (either Threat or Custom) during that same Windows user session may take a wee bit less time, due to "disk caching", all other factors being equal (e.g. the approximate number of files being scanned, etc.).
Cheers,