Malwarebytes Pro does not detect malware in realtime when unzipping malware samples

Discussion in 'other anti-malware software' started by ifacedown, Nov 11, 2013.

Thread Status:
Not open for further replies.
  1. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    I tested the compatability of Windows Defender and MBAM Pro 1.75 in
    Windows 8.1. I set the exclusions properly in Windows Defender. MBAM Pro's
    Realtime Protection is enabled.

    I downloaded a 2-day old 104 malware samples from Malwaretips.com.
    I extracted the viruses into a folder using 7-zip. To my surprise, NO
    REACTION at all from MBAM until ALL the malwares were extracted. Windows
    Defender did some cleaning, only to quarantine one file.

    Then I right-click on the folder of malwares and did a on-demand scan on
    MBAM. 100 malwares were detected and cleaned and it required a restart.

    Why did MBAM Pro did not react at all when I was extracting the malwares?
    Why was Windows Defender unable to really clean the malwares?
    Are they conflicting?

    Or will MBAM Pro only detect the malware when I DOUBLE-CLICK on them?
    MBAM Pro should detect the malware instantly when they are written on the drive. That is how Antimalware should work. I have waited for 5 minutes for MBAM Pro to respond but no response - even if I disable Windows Defender.

    I am truly disappointed.
     
    Last edited: Nov 11, 2013
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I believe it's on-execution for compatibility with on-access antivirus programs. Plus there's IP blocking.
     
  3. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    On-Execution...that would mean by running/double-clicking the malware?
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yes, but there may be other areas I forgot. Someone else should clarify.
     
  5. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    It detects on-execution. ;)

    BTW, are you ok there?
     
  6. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Ok. Thanks. now I am trying out Panda Could Free 2.3... Does Panda Cloud Free offers enough protection when offline?
     
  7. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
    No, it's not how it should work but rather how people expect it to work. Scanning before execution only is actually a rather smart choice and sadly no longer the case with most anti-malware solutions. It's even more sad that there is an ongoing trend to remove even the option to set the scanner to on execution only.
     
  8. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    What do you prefer then? Scanning only on execution or on writing?
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
    I would prefer scanning only before execution.
     
  10. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    211
    Location:
    Greece
    Yes by running/double clicking. It has protection only on-execution because it needs to be compatible with other antiviruses..
     
  11. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Would you dare trust Panda Cloud Antivirus 2.3 Free even if offline? That is what I am using now.
     
  12. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    The cloud tag doesn't necessarily mean the program doesn't store signatures on your pc for offline use.
     
  13. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    I disabled Panda Cloud Active protection to see if MBAM Pro will detect malwares as I double-click on them.

    I double-clicked about six of them, four of them disappeared - maybe quarantined/deleted by MBAM Pro, but MBAM never showed me any notification. I also didn't see the records on quarantine/logs.
     
  14. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Of course I know that.

    What I am asking is that if it offers good protection when offline.
     
  15. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    First of all, what security programs do you have installed right now?
    Not what is active/running but what is installed.
    Do you have PCAV (deactivated partially), Windows Defender and MBAM PRO installed?
    If so, first enable all PCAV features to default, uninstall it, reboot and start testing again.
    Having certain PCAV drivers still active can skew results. Disabling a/certain program features doesn't necessarily kill all functionality.
    Also, check all MBAM settings. (Probably you already have but sometimes you tend to overlook the most obvious).
     
  16. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines

    I am using Windows 8.1 so of course Windows Defender is installed.
    Panda Cloud Free is installed.
    MCShield (for scanning removable media is installed)
    MBAM Pro is installed (filesystem protection enabled, web shield disabled)
    K9 Web Protection installed (against porn and malware sites)

    and why should I uninstall Panda? I am testing out the functionality of MBAM Pro ALONGSIDE other antimalware products. I only disabled Panda to test if MBAM Pro would react. In fact it is just fine if I test MBAM Pro even if Panda is enabled.
     
  17. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
    I'm a bit puzzled.
    Does that mean MBAM free is useless?
    The free version doesn't scan real-time, and if malware is detected only on-execution, it won't be detected.
    So what's the point of doing on-demand scan with MBAM?
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    The free version is on-demand only. It provides no protection other than manual scanning. We are discussing the paid MBAM Pro.
     
  19. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    That would mean that both MBAM developers and users of the free version have been completely dumb all this years.

    The reality is that MBAM 'pseudo-executes' the files before scanning them. That's way many antiviruses go crazy if you don't add MBAM to their real time exclusion list.
     
  20. ifacedown

    ifacedown Registered Member

    Joined:
    Oct 12, 2013
    Posts:
    120
    Location:
    Philippines
    Yes, of course using MBAM on-demand scanning is helpful. But of course I would like to fully utilize the strength of MBAM Pro by enabling its realtime protection to supplement my AV.
     
Loading...
Thread Status:
Not open for further replies.