Jump to content

Difference between Quick Scan and Full Scan

QuizMaster
 Share

Recommended Posts

exile360

exile360

Posted
Posted

The quick scan will find any malware that's active on the system that MBAM is capable of detecting. The only real usefulness of the full scan is detecting the occasional trace that get's missed by the quick scan, and even that's pretty rare. According to one of the developers the quick scan catches 99.9% of the malware that MBAM will detect.

Link to post
Share on other sites
  • 8 months later...
kimsland

kimsland

Posted
Posted

Sorry to wake up an old thread

But I need some more clarification here

Are you saying that a scan lasting sometimes around 30seconds to a minute or two, will detect all active Malwares (99.9%) on a user's computer?? Running a quick scan?

Incredible, I will need someone's further clarification on this, as I just can't believe it

waiting and hoping for a response...

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

I have never needed the full scan to remove the malware I am researching and have not even run one on any of my research machines this year .

Link to post
Share on other sites
kimsland

kimsland

Posted
Posted
Yes it's true.

So as an example

If I my machine had 5000 active Malwares in my personal folder C:\kimsland

And all those Malwares were zipped up (or not in the common exe; com; msi dll, type format)

And I had no other active Malwares installed anywhere else (ie Windows was clean)

Would malwarebytes remove all found Malwares on my drive?

Or maybe a better question

Where does Quick Scan actually look? (in its 3 mins of scan)

What further areas does a Full scan look at? (in its hour long scan)

Please note: These questions are of utmost importance to me as I help support on tech forums

Link to post
Share on other sites
kimsland

kimsland

Posted
Posted
All it does is scan more locations on the hard drive(s), thus allowing it to pick up traces it might have otherwise missed, but again, even that's rare because the quick scan is designed to look in all the places malware likes to hide.

I see so where malware does not normally reside a "Quick Scan" will not pick up

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

So a "Full Scan" seems to do all other locations ie even a User's personal folder that he uses to store downloaded programs :)

From what I am reading through this thread, if a member wanted to confirm that Malwarebytes has fully confirmed that no other Malwares exist on a user's computer, then that member should run a "full scan"

Otherwise they are only doing: memory , load points , all heuristic scans, and common Malware residing locations :)

But when looking at User's computers I notice numerous folder locations (ie not just My Documents or User folders)

Many User's tend to have gigs and gigs of data and programs residing almost anywhere

Actually many Users are also updating to Terabyte Drives because of the mass amount of data and other programs that could be installed just about anywhere.

Even many programs such as Camera software data locations; P2P software; even Games, and really much much more, all can reside in non-common locations. Even my "Games" folder is on its own

In this case should Users be told to run Full Scans ? Or should the whole world be informed to run "Quick scans" as this thread has stated and that has been used for linking reference from Malware removal members

I just want to be exactly clear on this

Should I ever run a Full scan?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Every known location where Malware can run and continue to infect you is scanned in a Quick Scan. Having non active Malware in a folder or zip file is of no threat unless you launch it and it's an actual installer for the Malware. Even being Malware but not an installer would still probably be of minimal risk in most cases.

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do. They locate orphaned or non active Malware and remove them as part of their system scans.

Link to post
Share on other sites
kimsland

kimsland

Posted
Posted
Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do.

Well just leaving the Antivirus out of the equation for the moment

And dealing with only Malwarebytes detectable active Malwares

If Quick Scan scans "Every known location" and a full scan is just for "an added feeling"

What is Full scan actually for? And what is the .01 % area exactly

And why is "Full Scan" even listed as an option, if it does... well nothing that you guys have informed me of yet?

Actually, if it does nothing then it should be removed, otherwise User's like me may accidentally run it

Link to post
Share on other sites
exile360

exile360

Posted
Posted

There's nothing wrong with running the Full Scan as it does no harm, it just takes longer. I do recall this being addressed once by one of MBAM's developers where they said something to the effect that the Full Scan is there because some users would demand it, based on the idea that MBAM is like every other file scanner out there, which clearly it is not.

In my opinion, the Full Scan option should be removed. If you notice post #9 is from Bruce Harrison, one of MBAM's primary malware researchers and one of the creators of Malwarebytes' detection database. The .01% would be dormant traces, such as those that might be contained within a System Restore point, which should not be disinfected by any scanner as it would likely render the restore point useless. A better method for that type of cleanup would be to disable System Restore, reboot, turn System Restore back on then create a clean restore point. But again, anything in SR would be dormant, not active.

Link to post
Share on other sites
kimsland

kimsland

Posted
Posted

Thanks for everyone's replies

Next time I have a fully Malwared infected computer, I will run a few "Quick Scans" to eventually confirm no other Malware exists (confirming all removed)

Then after Restart (and remaining offline to the Internet/network) I will run a "full" scan just to see what happens :)

Note: I am not concerned of System Restore or any other Windows (or Internet browser) "temp" files

If anyone else wants to try this out too, on a machine that is known to be badly infected it would be nice to hear the outcome

As generally Malwares are known to be residing in standard locations on a drive, many tests may need to be run

If the "malware researcher" has also concluded that there is no need for "full" scanning, then I will need to update a few Guides online, as I have always quoted "full scan" not a few minutes (sometimes seconds) Quick Scan

Basically I am still concerned about the exact validity of this, even though MBAM researches have said no need to do it

Link to post
Share on other sites
yardbird

yardbird

Posted
Posted

Ample explanation has been given regarding the recommendation of the Quick Scan over the Full Scan. The Full Scan is never necessary, paid or free version. That's because the Quick Scan is designed to check all active locations of malware that Malwarebytes' is capable of detecting. This has been stated by many several times, including the developers themselves. MBAM is not a typical file scanner like an AV, it doesn't detect a file based simply on a normal hash check. It uses heuristics for the bulk of its detections, looking for infection patterns that help it to accurately identify active infections.

quoted from 1 of mbam's experts

Link to post
Share on other sites
exile360

exile360

Posted
Posted
Now if they ever did away with the full scan, they would have to give us another way of scanning other drives.
Unfortunately, because of the way MBAM's heuristics work it's likely not to detect malware on other drives. There's two sides of that sword. It may or may not hit on an infection on a secondary drive, depending on the type of malware and the type of detection MBAM uses on it. That's also the reason MBAM often misses most threats if stored dormant in an innocuous folder, it's designed to find it where it would be if the infection were active on the current system.
Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

@ exile360

I have had good success with scans on other drives using an USB to IDE cable. I scan an infected HD, it finds some infections and I remove them. After that I am able to put it back in the original PC and do another scan and it gets the rest. I do this when it wont let me run MBAM. May be more work, but it seems to work OK.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

While you can certainly use that method, do keep in mind that system file protection is not used when scanning an inactive partition so if userinit.exe or any other essential system file should be infected and MBAM detects it it will remove it as opposed to just pointing out that it's infected. MBAM is not an AV and has no facility for actually disinfecting an infected file, it simply removes it when possible but has system file protection in place to help guard against making a system unbootable by removing essential system files on the active partition even when they're infected, in which case it will simply indicate that it's infected, show it marked for deletion, but not actually delete it so that you can take the steps necessary to either disinfect with an AV if possible or use an OS disc or the Recovery Console or similar technique to replace the infected file(s). It also won't kill infected registry entries for an offline partition as it has no remote registry loading capability. MBAM is ultimately designed to be a disinfection tool for active malware on a running OS. I'm not saying it's a bad method to do it the way you are, I'm just warning of the possible hurdles you might face in using it this way :) .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.