Jump to content


Scan Engine To Slow


  • Please log in to reply
16 replies to this topic

#1 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 03:17 PM

It's a fact that spyware/malware, etc., only shows up under certain extensions unless someone packs it into another extension.

With this thought in mind, I hope in the future Malwarebyte's can increase the engine speed.

I think it's an awesome program but the scanning engine is extremely slow.

As a tech when cleaning clients computers I need something that works and is fast, unfortunalty because of how slow Malwarebytes' is, I can't use it unless I'm dealing with an extremely small amount of data.

I peronsally don't get why the engine is so slow. As an example yesterday I had a client that wanted is portable USB drive scanned with data he backed up, because he wasn't sure if there was anything on it or not.

After 20 mins. Malwarebytes' had only scanned around 2-3GB of data. I don't know about you, but 20 mins to scan 3GB, this is terrible... :wub:

Don't take me wrong here, I love the program when you have the time to scan, but that's the problem, TIME!

#2 Tigger93

Tigger93

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,668 posts
  • Gender:Male

Posted 21 December 2008 - 03:18 PM

Are you scanning with the full scan? There is really no need, quick scan is designed to catch 100% of malware. :wub:

#3 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 03:21 PM

Are you scanning with the full scan? There is really no need, quick scan is designed to catch 100% of malware. :wub:



I right clicked on the USB drive to bring up the Context Menu and picked Malwarebytes' and scanned like this, which automatically starts Malwarebytes' scanning, you don't get to pick a type of scan like this...

#4 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 21 December 2008 - 03:23 PM

Are you scanning with the full scan? There is really no need, quick scan is designed to catch 100% of malware. :wub:

Yup, +1 to that because just as malware only uses certain file extensions, it also only hides in certain places (when active) and that's where the quick scan is designed to look. It typically takes between 1-5 mins. to do a quick scan which to me is completely reasonable, especially considering how effective it is.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 21 December 2008 - 03:26 PM

You could potentially just scan the Windows folder and Program Files folder if scanning a slave drive, but doing so instead of scanning a drive that's active means you miss anything that would normally be loaded into memory as well as the registry, which are key points MBAM uses to detect active infections on a system. I can understand slaving a drive to scan if you absolutely can't boot, but otherwise most tools work much better on a system that's booted, especially MBAM.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 05:09 PM

I'm putting the USB hard drive on a clean system, the only thing that needs to be scanned is this external drive. The only way I see you can then do this is to right click it, bring up the Context Menu, click Malwarebytes' and let it scan, but this scan is way to slow.

Call it what you want, but doing a scan this way, well all you're doing is scanning data on a drive, and it's slow... :wub:

#7 IT Expert

IT Expert

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 105 posts
  • Gender:Male
  • Location:Portland Oregon
  • Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2

Posted 21 December 2008 - 06:10 PM

I have done a controlled test. I ran malwarebytes quick mode, and full mode. On a VM box. After It was done doing the quick scan, I then ran the full scan. To my suprise it still found a few more infections the quick scan missed, so to say it finds 100% of malware in quick scan is false....
Malwarebytes Reseller

#8 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 06:22 PM

I have done a controlled test. I ran malwarebytes quick mode, and full mode. On a VM box. After It was done doing the quick scan, I then ran the full scan. To my suprise it still found a few more infections the quick scan missed, so to say it finds 100% of malware in quick scan is false....


I don't see how anyone can make this claim, because a Quick Scan does not go through every directory on the box.

You always have to do a full scan to be sure you found everthing.

#9 Tigger93

Tigger93

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,668 posts
  • Gender:Male

Posted 21 December 2008 - 06:43 PM

And could you please post those results? I'm willing to bet they were leftovers and nothing to worry about. I still say a full scan is not needed, quick scan is more than enough.

#10 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 06:53 PM

And could you please post those results? I'm willing to bet they were leftovers and nothing to worry about. I still say a full scan is not needed, quick scan is more than enough.


Just so people here can see this, please list the direcs that a Quick Scan does?

I don't recall seeing anything that says on the app, what programs this is?

Does the Quick Scan, scan the entire system, and only with a different scanning method?

According to the program, 'quick scanning technology' is the only thing it's saying, which makes you think the entire system is scanned?

THANKS

#11 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 21 December 2008 - 06:54 PM

Typo:

I don't recall seeing anything that says on the app, what programs this is? /what direcs this is?

P.S. We need to be able to EDIT our posts, where's the 'EDIT' function?

#12 Tigger93

Tigger93

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 1,668 posts
  • Gender:Male

Posted 21 December 2008 - 07:00 PM

Oh sorry, that was meant for IT Expert, not you.

We cannot allow people to edit posts, sorry, people have just abused the feature too much. :)

#13 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 22 December 2008 - 03:00 PM

Let me shed some light on this,

I have done a controlled test. I ran malwarebytes quick mode, and full mode. On a VM box. After It was done doing the quick scan, I then ran the full scan. To my suprise it still found a few more infections the quick scan missed, so to say it finds 100% of malware in quick scan is false....


Malware archives do not count! Please posts the results and we will see exactly what was detected.

P.S. We need to be able to EDIT our posts, where's the 'EDIT' function?


Yes, I apologize, there were some bad eggs that edited their posts after someone already read them and it was just a mess.

Anyway, the quick scan catches 99.9% of malware the full scan catches. The only reason are anomalies such as malware archives and new malware hiding in new locations (which we detect a few hours after it is detected). So basically, it is like Lysol. Lysol is a germ killing spray, but in the commercials they say they kill 99.9% of germs. Reason -- some mutant strains and they get sued. I know, I know, bad analogy, but you get the point :).
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#14 Guest_DasFox_*

Guest_DasFox_*
  • Guests

Posted 22 December 2008 - 05:50 PM

Let me shed some light on this,



Malware archives do not count! Please posts the results and we will see exactly what was detected.



Yes, I apologize, there were some bad eggs that edited their posts after someone already read them and it was just a mess.

Anyway, the quick scan catches 99.9% of malware the full scan catches. The only reason are anomalies such as malware archives and new malware hiding in new locations (which we detect a few hours after it is detected). So basically, it is like Lysol. Lysol is a germ killing spray, but in the commercials they say they kill 99.9% of germs. Reason -- some mutant strains and they get sued. I know, I know, bad analogy, but you get the point :).


Ok if the Quick Scan does the job, then why is the Full Scan even in the program as an option? See you are confusing users, LOL...

If it's not really need as you are pointing out then please remove it.

I'm a geek and a Tech, but I'm not a coder, so even at my level of experience I am seeing these as two choices. Do one when you don't have the time to get some of the nasties, do the other when you have more time to get the nasties the Quick Scan can't, or didn't pick up. See my point now?

THANKS

#15 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 22 December 2008 - 05:58 PM

Ok if the Quick Scan does the job, then why is the Full Scan even in the program as an option? See you are confusing users, LOL...

If it's not really need as you are pointing out then please remove it.

I'm a geek and a Tech, but I'm not a coder, so even at my level of experience I am seeing these as two choices. Do one when you don't have the time to get some of the nasties, do the other when you have more time to get the nasties the Quick Scan can't, or didn't pick up. See my point now?

THANKS

Full scan's best use as far as I can tell would be to scan for malware on a slaved hard drive from a PC that won't boot, and also to use the software's built in heuristics to detect malware in the rare case that it isn't in the default location. One thing you might notice though, is that unlike most security scanning tools, the default option is quick scan and not full scan. The first thing most AV/AS softwares want a user to do is update and perform a full scan to make sure the system is clean, primarily because they work based on file signatures only instead of the kinds of detection algorithms that MBAM uses, which is why MBAM is so efficient at scanning and why the database files are so small.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 IT Expert

IT Expert

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 105 posts
  • Gender:Male
  • Location:Portland Oregon
  • Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2

Posted 22 December 2008 - 07:33 PM

Oh sorry, that was meant for IT Expert, not you.

We cannot allow people to edit posts, sorry, people have just abused the feature too much. :)


I did not save the logs, but I will next time. I have long since formated over my infection box. I will keep an eye on it, I typically always scan quick first then scan full just to make sure everythings gone.
Malwarebytes Reseller

#17 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 22 December 2008 - 09:40 PM

The full scan cant catch any more malware that has the ability to enter memory because that portion of the scan is identical for both versions . Both versions use the same registry scanner , same heuristic checks , same load point checks and same memory checks . The only thing that full scan can do better is to catch a few extra traces .

I cant go into all the details but there are at least 5 ways we can hit files not inside of the usual quick scan locations so the smaller number of places we look has nothing to do with where we can hit a file , it only has to do with reducing the amount of time wasted looking at files that have no chance of being malware .

Someone asked why have a full scan option then , that is simple , people (even knowing the full specs) would rather have the ability to catch these occasional traces then to have that option taken away from them .


This next statement I stand behind 100% as the lead researcher for Malwarebytes Corp .

I have not even one single time needed to run a full scan with MBAM while researching new malware to completely kill its ability to enter memory on reboot .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users