Jump to content


Photo

Boot-Time Scan


  • Please log in to reply
17 replies to this topic

#1 BrainyTehBrain

BrainyTehBrain

    New Member

  • Members
  • Pip
  • 11 posts

Posted 15 July 2010 - 03:56 PM

As malwarebytes is one of the most effective antimalware programs out there. I think it would be really useful to have a boot time scan feature like Avast. It would load before Windows so any malware interfering would not be loaded yet. Will this ever be implemented?

#2 malware destroyer

malware destroyer

    linux is awesome

  • Honorary Members
  • PipPipPipPipPip
  • 664 posts
  • Gender:Male
  • Location:UK
  • Interests:Programming, Security, Pentesting, Making music

Posted 15 July 2010 - 04:14 PM

+1 i would like to see this is well
password for my uploaded malware samples infected
Protection: Kaspersky Internet Security-MBAM PRO-Sandboxie Free-OpenDNS
On Demand:Superantispyware-Windows Defender-Dr WebCureIt-MRT

#3 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 15 July 2010 - 08:20 PM

Not a bad idea as long as loading that early doesn't interfere with AV software when loading as they typically load up every early in the boot process as well.

Thanks for the suggestion, I'll pass it along to the developers :angry:.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 malware destroyer

malware destroyer

    linux is awesome

  • Honorary Members
  • PipPipPipPipPip
  • 664 posts
  • Gender:Male
  • Location:UK
  • Interests:Programming, Security, Pentesting, Making music

Posted 15 July 2010 - 09:52 PM

Thanks exile360 for passing it on :angry:
password for my uploaded malware samples infected
Protection: Kaspersky Internet Security-MBAM PRO-Sandboxie Free-OpenDNS
On Demand:Superantispyware-Windows Defender-Dr WebCureIt-MRT

#5 Boyfriend

Boyfriend

    New Member

  • Members
  • Pip
  • 18 posts
  • Gender:Male

Posted 23 July 2010 - 05:44 AM

Good idea but will increase boot time and might conflict with some startup items/programs. I think it should be optional only, not to interfere with startup items on users computer.

#6 Marcus

Marcus

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 592 posts
  • Gender:Male
  • Location:London, UK

Posted 23 July 2010 - 10:13 PM

Not a bad idea at all...I also feel that if it's implemented it should be optional only.

#7 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,049 posts
  • Gender:Male
  • Location:USA

Posted 23 July 2010 - 10:37 PM

Yes optional, to have it scan on reboot for example especially when the malware is preventing it from running..... It could run on the next boot up and clean the infections.

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#8 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 24 July 2010 - 09:46 AM

Agreed Firefox, that's basically what I was thinking, sort of like an "In case of emergency, break glass" kind of feature to rescue a system badly crippled by infections.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,049 posts
  • Gender:Male
  • Location:USA

Posted 24 July 2010 - 10:34 AM

Agreed Firefox, that's basically what I was thinking, sort of like an "In case of emergency, break glass" kind of feature to rescue a system badly crippled by infections.

Posted Image yes exactly that!

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#10 malware destroyer

malware destroyer

    linux is awesome

  • Honorary Members
  • PipPipPipPipPip
  • 664 posts
  • Gender:Male
  • Location:UK
  • Interests:Programming, Security, Pentesting, Making music

Posted 24 July 2010 - 06:23 PM

but you could scan your system with it once as some malware can not be found with the os booted up if you under stand what i mean firefox
password for my uploaded malware samples infected
Protection: Kaspersky Internet Security-MBAM PRO-Sandboxie Free-OpenDNS
On Demand:Superantispyware-Windows Defender-Dr WebCureIt-MRT

#11 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,049 posts
  • Gender:Male
  • Location:USA

Posted 25 July 2010 - 09:29 PM

@ malware destroyer.....

Yes I understand

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#12 iisjman07

iisjman07

    New Member

  • Members
  • Pip
  • 21 posts

Posted 13 August 2010 - 11:43 AM

I'm an IT tech and I have always been told MBAM works best in 'normal mode' as opposed to Safe Mode because it works best when all the malware is currently running (among other reasons that I can't remember) and this problem is exacerbated when scanning a slaved hard drive. My question is how will a boot time scanner avoid these issues?

#13 Haider

Haider

    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 1,823 posts
  • Gender:Male

Posted 14 August 2010 - 07:29 AM

Certainly a good idea – as long as MBAM doesn’t become bloated resource hog
"Learning is the only thing the mind never exhausts, never fears, and never regrets"

#14 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 14 August 2010 - 01:39 PM

I'm an IT tech and I have always been told MBAM works best in 'normal mode' as opposed to Safe Mode because it works best when all the malware is currently running (among other reasons that I can't remember) and this problem is exacerbated when scanning a slaved hard drive. My question is how will a boot time scanner avoid these issues?

It will partially avoid the Safe Mode issue because, since it isn't Safe Mode, it can use its driver while scanning, but it won't avoid the issue of not having the malware running (ie, it can't detect what's in memory if it isn't in memory), so it would have to rely totally on detecting infections in the registry and files/folders etc. It avoids the issues with slaved drives because it's still scanning the system drive (usually C:) where Windows is installed, that means all of our whitelisting etc will still be in place, thus massively decreasing the likelihood that we'll delete something that could make the drive unbootable and we'll also be able to scan the registry (something we can't do with slaved hard drives or running from a CD).

The only real issue that would remain would be catching malicious processes since they aren't running, something that might hurt detection rates a bit, but everything else would be in place, thus allowing us (hopefully) to kill the majority of the nasties, allowing the system to be bootable in normal mode, and avoiding the majority of pitfalls that scanning in Safe Mode, from a bootable CD or scanning a slaved drive all bring into the picture :D.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 malware destroyer

malware destroyer

    linux is awesome

  • Honorary Members
  • PipPipPipPipPip
  • 664 posts
  • Gender:Male
  • Location:UK
  • Interests:Programming, Security, Pentesting, Making music

Posted 14 August 2010 - 07:13 PM

but when you boot up into normal mode you would then do another scan that would scan for things in memory so then if something is in memory you then could remove it so exile 360 i dont think detection rates will get hurt at all
password for my uploaded malware samples infected
Protection: Kaspersky Internet Security-MBAM PRO-Sandboxie Free-OpenDNS
On Demand:Superantispyware-Windows Defender-Dr WebCureIt-MRT

#16 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 16 August 2010 - 06:43 PM

That's quite true malware destroyer, unless of course we've already disabled or removed the nasties before they're ever able to run again, which certainly wouldn't be a bad thing anyway :).
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 malware destroyer

malware destroyer

    linux is awesome

  • Honorary Members
  • PipPipPipPipPip
  • 664 posts
  • Gender:Male
  • Location:UK
  • Interests:Programming, Security, Pentesting, Making music

Posted 17 August 2010 - 10:26 AM

indeed it wouldn't be bad at all and also i think if this is going to get emplemented i think it should be in the free version is well not just for the paid version
password for my uploaded malware samples infected
Protection: Kaspersky Internet Security-MBAM PRO-Sandboxie Free-OpenDNS
On Demand:Superantispyware-Windows Defender-Dr WebCureIt-MRT

#18 westek12

westek12

    New Member

  • Members
  • Pip
  • 1 posts

Posted 12 October 2010 - 12:19 AM

Yes, please do this. Since the more serious malware is designed to attack MBAM and disable it as it infects the rest of your system I say that a boot scan is imperative.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users