Jump to content


Photo

Difference between Quick Scan and Full Scan


  • Please log in to reply
29 replies to this topic

#1 QuizMaster

QuizMaster

    Regular Member

  • Honorary Members
  • PipPip
  • 70 posts
  • Gender:Male
  • Location:Canada

Posted 26 January 2009 - 08:10 PM

What are the differences between a Quick Scan and a Full Scan besides speed? Should I use a Full Scan to make sure that everything's clean?

Avira AntiVir Personal | COMODO Firewall | Malwarebytes' Anti-Malware | SpywareBlaster | WOT

"There is a saying: yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called present."


#2 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 26 January 2009 - 08:13 PM

The quick scan will find any malware that's active on the system that MBAM is capable of detecting. The only real usefulness of the full scan is detecting the occasional trace that get's missed by the quick scan, and even that's pretty rare. According to one of the developers the quick scan catches 99.9% of the malware that MBAM will detect.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 QuizMaster

QuizMaster

    Regular Member

  • Honorary Members
  • PipPip
  • 70 posts
  • Gender:Male
  • Location:Canada

Posted 26 January 2009 - 08:14 PM

So what extra stuff does the Full Scan do?

Avira AntiVir Personal | COMODO Firewall | Malwarebytes' Anti-Malware | SpywareBlaster | WOT

"There is a saying: yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called present."


#4 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 26 January 2009 - 08:17 PM

All it does is scan more locations on the hard drive(s), thus allowing it to pick up traces it might have otherwise missed, but again, even that's rare because the quick scan is designed to look in all the places malware likes to hide.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 QuizMaster

QuizMaster

    Regular Member

  • Honorary Members
  • PipPip
  • 70 posts
  • Gender:Male
  • Location:Canada

Posted 26 January 2009 - 08:22 PM

Thanks. I'll be using Quick Scan instead for my weekly malware scan.

Avira AntiVir Personal | COMODO Firewall | Malwarebytes' Anti-Malware | SpywareBlaster | WOT

"There is a saying: yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called present."


#6 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 26 January 2009 - 08:27 PM

That's what I do. I think I've only used the full scan once, and it didn't find a thing.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 kimsland

kimsland

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 11 October 2009 - 10:41 PM

Sorry to wake up an old thread

But I need some more clarification here

Are you saying that a scan lasting sometimes around 30seconds to a minute or two, will detect all active Malwares (99.9%) on a user's computer?? Running a quick scan?

Incredible, I will need someone's further clarification on this, as I just can't believe it

waiting and hoping for a response...

#8 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,163 posts
  • Gender:Male
  • Location:US

Posted 11 October 2009 - 10:45 PM

Yes it's true.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#9 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 11 October 2009 - 10:46 PM

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

I have never needed the full scan to remove the malware I am researching and have not even run one on any of my research machines this year .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 kimsland

kimsland

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 11 October 2009 - 10:58 PM

Yes it's true.

So as an example

If I my machine had 5000 active Malwares in my personal folder C:\kimsland
And all those Malwares were zipped up (or not in the common exe; com; msi dll, type format)
And I had no other active Malwares installed anywhere else (ie Windows was clean)
Would malwarebytes remove all found Malwares on my drive?


Or maybe a better question
Where does Quick Scan actually look? (in its 3 mins of scan)
What further areas does a Full scan look at? (in its hour long scan)

Please note: These questions are of utmost importance to me as I help support on tech forums

#11 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,163 posts
  • Gender:Male
  • Location:US

Posted 11 October 2009 - 11:01 PM

No they would not be found probably even with a Full Scan. That is more the realm of Anti-Virus.
As for what it does please see above as that was already answered.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#12 kimsland

kimsland

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 11 October 2009 - 11:36 PM

All it does is scan more locations on the hard drive(s), thus allowing it to pick up traces it might have otherwise missed, but again, even that's rare because the quick scan is designed to look in all the places malware likes to hide.

I see so where malware does not normally reside a "Quick Scan" will not pick up

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

So a "Full Scan" seems to do all other locations ie even a User's personal folder that he uses to store downloaded programs :)


From what I am reading through this thread, if a member wanted to confirm that Malwarebytes has fully confirmed that no other Malwares exist on a user's computer, then that member should run a "full scan"
Otherwise they are only doing: memory , load points , all heuristic scans, and common Malware residing locations :)

But when looking at User's computers I notice numerous folder locations (ie not just My Documents or User folders)
Many User's tend to have gigs and gigs of data and programs residing almost anywhere
Actually many Users are also updating to Terabyte Drives because of the mass amount of data and other programs that could be installed just about anywhere.

Even many programs such as Camera software data locations; P2P software; even Games, and really much much more, all can reside in non-common locations. Even my "Games" folder is on its own

In this case should Users be told to run Full Scans ? Or should the whole world be informed to run "Quick scans" as this thread has stated and that has been used for linking reference from Malware removal members

I just want to be exactly clear on this
Should I ever run a Full scan?

#13 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,163 posts
  • Gender:Male
  • Location:US

Posted 11 October 2009 - 11:41 PM

Every known location where Malware can run and continue to infect you is scanned in a Quick Scan. Having non active Malware in a folder or zip file is of no threat unless you launch it and it's an actual installer for the Malware. Even being Malware but not an installer would still probably be of minimal risk in most cases.

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do. They locate orphaned or non active Malware and remove them as part of their system scans.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#14 kimsland

kimsland

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 11 October 2009 - 11:52 PM

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do.

Well just leaving the Antivirus out of the equation for the moment
And dealing with only Malwarebytes detectable active Malwares

If Quick Scan scans "Every known location" and a full scan is just for "an added feeling"
What is Full scan actually for? And what is the .01 % area exactly
And why is "Full Scan" even listed as an option, if it does... well nothing that you guys have informed me of yet?
Actually, if it does nothing then it should be removed, otherwise User's like me may accidentally run it

#15 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 12 October 2009 - 12:10 AM

There's nothing wrong with running the Full Scan as it does no harm, it just takes longer. I do recall this being addressed once by one of MBAM's developers where they said something to the effect that the Full Scan is there because some users would demand it, based on the idea that MBAM is like every other file scanner out there, which clearly it is not.

In my opinion, the Full Scan option should be removed. If you notice post #9 is from Bruce Harrison, one of MBAM's primary malware researchers and one of the creators of Malwarebytes' detection database. The .01% would be dormant traces, such as those that might be contained within a System Restore point, which should not be disinfected by any scanner as it would likely render the restore point useless. A better method for that type of cleanup would be to disable System Restore, reboot, turn System Restore back on then create a clean restore point. But again, anything in SR would be dormant, not active.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 kimsland

kimsland

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 12 October 2009 - 01:49 AM

Thanks for everyone's replies

Next time I have a fully Malwared infected computer, I will run a few "Quick Scans" to eventually confirm no other Malware exists (confirming all removed)
Then after Restart (and remaining offline to the Internet/network) I will run a "full" scan just to see what happens :)
Note: I am not concerned of System Restore or any other Windows (or Internet browser) "temp" files

If anyone else wants to try this out too, on a machine that is known to be badly infected it would be nice to hear the outcome
As generally Malwares are known to be residing in standard locations on a drive, many tests may need to be run

If the "malware researcher" has also concluded that there is no need for "full" scanning, then I will need to update a few Guides online, as I have always quoted "full scan" not a few minutes (sometimes seconds) Quick Scan

Basically I am still concerned about the exact validity of this, even though MBAM researches have said no need to do it

#17 yardbird

yardbird

    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,767 posts
  • Gender:Male
  • Location:Sedona. Arizona, USA

Posted 12 October 2009 - 01:53 AM

Ample explanation has been given regarding the recommendation of the Quick Scan over the Full Scan. The Full Scan is never necessary, paid or free version. That's because the Quick Scan is designed to check all active locations of malware that Malwarebytes' is capable of detecting. This has been stated by many several times, including the developers themselves. MBAM is not a typical file scanner like an AV, it doesn't detect a file based simply on a normal hash check. It uses heuristics for the bulk of its detections, looking for infection patterns that help it to accurately identify active infections.


quoted from 1 of mbam's experts

No trees were harmed in the posting of this message...however an extraordinarily large number of electrons were horribly inconvenienced.
 


#18 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,036 posts
  • Gender:Male
  • Location:USA

Posted 12 October 2009 - 11:55 AM

Good info there guys....

Now if they ever did away with the full scan, they would have to give us another way of scanning other drives.

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#19 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 12 October 2009 - 12:54 PM

Now if they ever did away with the full scan, they would have to give us another way of scanning other drives.

Unfortunately, because of the way MBAM's heuristics work it's likely not to detect malware on other drives. There's two sides of that sword. It may or may not hit on an infection on a secondary drive, depending on the type of malware and the type of detection MBAM uses on it. That's also the reason MBAM often misses most threats if stored dormant in an innocuous folder, it's designed to find it where it would be if the infection were active on the current system.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 12 October 2009 - 01:18 PM

@srtools: Not all members have access to that area :) .
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users