Latest Version of Malwarebytes

[MoxieMomma]

Ha your correct it's 5 minutes
View attachment 353414

I'm sorry, but neither of the settings in that screen shot is the default.

The default setting for update checks is NOT "realtime", it is "hourly".
(Such "hourly" scheduled update checks are randomized +/- 15 minutes, to balance server load. That is why this is the default setting.)

Selecting "Realtime" is an end-user change to the configuration and settings.
And, yes, there is a drop-down menu of frequency options for realtime updates, but those are not default, either.
That is another end-user configuration change.

Here are links to the User Guide for version 2.1:
HTML
PDF

Thank you,

 

[ThrashZone]

Not for mine it's the default after install and it's the default for a new scheduled task.

 

[Lady Fitzgerald]

Thanks I believe the crazy default I was referring to is checking for updates every 10 minutes,

But the default your referring to just increases insures the chances of getting a bad update

The frequent updates we are referring to are database updates, not program updates. I've never heard of a bad database update.

 

[ThrashZone]

Okay :/
This is a non specific thread covering mbam 2.0 in general which you've said many times to be flawed
But it's all good,

I was simply pointing the default update task after activation and it's still the default task for a new task for updating "If" not manually changed which has been questioned by Moxie...

Can anyone else verify ? Task New/ Update/ RealTime is already pre-selected = 5 minutes as a default.

 

[Seffrid]

Thanks I believe the crazy default I was referring to is checking for updates every 10 minutes,

But the default your referring to just increases insures the chances of getting a bad update

The frequent updates we are referring to are database updates, not program updates. I've never heard of a bad database update.

It was a database update in April 2013 that disabled thousands of computers worldwide.

https://forums.malwarebytes.org/index.php?/topic/125182-yesterdays-database-update-issue/

That is why there is some concern about the auto-quarantine feature (especially when it kicks in after 40 seconds even if you have it disabled), as it was the auto-quarantine of multiple operating system files following a routine database update that brought down so many computers in the short time before MBAM realised there was a problem and pulled the update.

 

[Lady Fitzgerald]

Thanks I believe the crazy default I was referring to is checking for updates every 10 minutes,

But the default your referring to just increases insures the chances of getting a bad update

The frequent updates we are referring to are database updates, not program updates. I've never heard of a bad database update.

It was a database update in April 2013 that disabled thousands of computers worldwide.

https://forums.malwarebytes.org/index.php?/topic/125182-yesterdays-database-update-issue/

That is why there is some concern about the auto-quarantine feature (especially when it kicks in after 40 seconds even if you have it disabled), as it was the auto-quarantine of multiple operating system files following a routine database update that brought down so many computers in the short time before MBAM realised there was a problem and pulled the update.

I stand...er...sit corrected. Apparently, I lucked out and didn't get affected by that.

 

[DavidE]

Can anyone else verify ? Task New/ Update/ RealTime is already pre-selected = 5 minutes as a default.

Personally i never had the default as 5 minutes, but i have read many posts where people see this.
I think it's a quirk/bug that affects different PC's differently.
I believe both opinions are true depending on the PC ...

I have seen where my settings don't get carried forward correctly when doing a program update.
I've learned to go though all settings after a program update and make sure they are what they were, and what i want.

Yes, I've done the mbam-clean drill more times than i can count, and have sent info to MBAM support...

 

[ThrashZone]

Clean is useless I've done it seems a hundred times with the same negative results or the same bugs.
1.75... was flawless.
2.0... not at all.

 

[DavidE]

Regarding the "Auto-Quarantine" question/confusion, here is my understanding.

A Manual scan will never auto quarantine. This applies to the FREE and PAID version.

For Scheduled Scans, auto quarantine can be disabled in settings. Scheduled Scans are only in the PAID version.

With real-time protection, an auto-update of bad virus definitions can brick a PC immediately or within 40 seconds.
Real-time protection and auto updates are only in the PAID version.

These "rules" apply to all versions: 1.* and 2.*
If I'm wrong, let me know so i can edit this post and remove or correct bad info

 

[Lady Fitzgerald]

Clean is useless I've done it seems a hundred times with the same negative results or the same bugs.
1.75... was flawless.
2.0... not at all.

True. That's why I waited quite a while before updating to 2.x. So far, I haven't had any problems other than getting familiar with the new UI. I will also wait a while before updating to the newest version to recently come out.

 

[ignatzatsonic]

With real-time protection, an auto-update of bad virus definitions can brick a PC immediately or within 40 seconds.
Real-time protection and auto updates are only in the PAID version.

So the "auto-update of bad virus definitions" can brick a PC, without a scan of any type, assuming vital system files are quarantined? Purely because definitions are updated?

Can brick or will brick? Only if unattended?

I was bricked in the April 2013 unpleasantness. I had left my PC running and left the house for 2 or 3 hours and came back to a black screen as I recall. Not sure what I would have seen on screen had I been at home watching.

 

[kado897]

Surely this is not limited to Malwarebytes. A faulty virus update to any real time AV could brick Windows.

 

[DavidE]

With real-time protection, an auto-update of bad virus definitions can brick a PC immediately or within 40 seconds.
Real-time protection and auto updates are only in the PAID version.

So the "auto-update of bad virus definitions" can brick a PC, without a scan of any type, assuming vital system files are quarantined? Purely because definitions are updated?

Can brick or will brick? Only if unattended?

I was bricked in the April 2013 unpleasantness. I had left my PC running and left the house for 2 or 3 hours and came back to a black screen as I recall. Not sure what I would have seen on screen had I been at home watching.

Yes, it can brick a PC if it detects valid OS system files as malware just with real-time protection (no scan needed). That's what happened in 2013.

If you have Auto quarantine turned off you get 40 seconds to respond to prevent the quarantine.

It's for this reason i changed my auto update to every 4 hours rather than every 1 hour.
I figure i have less chance of getting a bad update if I get updates less often.
It's still a crap-shoot...

 

[Seffrid]

Yes, it can brick a PC if it detects valid OS system files as malware just with real-time protection (no scan needed). That's what happened in 2013.

If you have Auto quarantine turned off you get 40 seconds to respond to prevent the quarantine.

It's for this reason i changed my auto update to every 4 hours rather than every 1 hour.
I figure i have less chance of getting a bad update if I get updates less often.
It's still a crap-shoot...

It's why I rely on MSE for real-time protection (a lot of other AV programs having bugged me with false positives and performance issues over the years) plus twice-weekly manual scans with the free version of MBAM on which basis it can't force auto-quarantine. I also do a quick forum check to make sure there are no current issues with MBAM before running the updater prior to the scans.

 

[ignatzatsonic]

If you have Auto quarantine turned off you get 40 seconds to respond to prevent the quarantine.

During that 40 seconds, what choices are offered to you on the screen?

What's the decision process as the clock ticks?

I assume that it would be best to accept the quarantine since you'd have no way of knowing in that 40 seconds that it was a false positive that was going to brick the PC. That's possible but a relatively low probability and therefore a better choice.

 

[DavidE]

I've never had this happen, so i can't say for sure.
I found this in the documentation (Notification Window Examples), so i guess this is what you would see.

Source: Malwarebytes Anti-Malware 2.0 Help Documentation

 

[Seffrid]

If you have Auto quarantine turned off you get 40 seconds to respond to prevent the quarantine.

During that 40 seconds, what choices are offered to you on the screen?

What's the decision process as the clock ticks?

I assume that it would be best to accept the quarantine since you'd have no way of knowing in that 40 seconds that it was a false positive that was going to brick the PC. That's possible but a relatively low probability and therefore a better choice.

I think it's always preferable when prompted to quarantine a file to do a little research before allowing it, on a different machine if possible. Any quarantine tends to break whatever program/application it relates to, which is a nuisance even without it relating to the operating system which is clearly disastrous, therefore you really want to be sure it isn't a false positive by reference to the forums so long as you can establish that safely. However, 40 seconds doesn't really allow anything more than a mild panic attack at being told that your machine is compromised, and then the timer's up and the file is quarantined anyway. In any event, it would take me the full 40 seconds to read and inwardly digest either of the two notification boxes DavidE displayed!

 

[ignatzatsonic]

David:

I note that those pix from Macrium say "detected as a function of real-time protection". I wonder if that necessarily includes downloaded definition updates.

Maybe the ideal config would be to auto-quarantine the "malware detected" classification and not quarantine the "non-malware detected", but that's not available in the controls.

A 40 second window is so short as to be useless. No one can research anything in that time. It may as well be 5 seconds, to better avoid what might happen in that 35 second differential.

 

[jonnyhillow]

Has Mbam released a stable version thats newer than 2.04.1028 or is it still a beta ?

Thank you

 

[MoxieMomma]

A few points of clarification:

1) It is absolutely NOT the case that default update checks occur in "realtime" and "every 5 minutes". The default settings are "Hourly" and randomized +/- 15 minutes in a new installation. If a user sees any other configuration, then those changes were made by a user with access to the computer and the MBAM installation/settings. If they were retained after a version upgrade, then it would be because the previous version was not completely inactivated and was not completely, cleanly removed prior to the upgrade. (On-top upgrades will retain settings.) "Realtime", "Every 5 Minutes" update checks, by default, on millions of home computers, would unnecessarily bring the update servers to their knees. It simply is not configured that way by default.

2) The illustrations posted here are actually for the current version 2.1.4.1018, not for 2.0. But, as shown, there is an option to "Allow Once", if the user chooses to prevent the automatic quarantine one time, in order to research the detection, or to "Exclude Always" (IOW "Allow Always").

3) The reason for the 40-second timeout is explained in great detail by the former MBAM Product Manager here and in many other threads at the Malwarebytes forum.

4) If users are uncomfortable with the real-time protection or automatic updating of MBAM Premium, then opening the dashboard > "My Account" > "Deactivate" will convert the program to the free, manual, on-demand scanner.

Here are links to the User Guide for the current build:
HTML
PDF

Thank you,