Scan for rootkit is disabled by default because rootkit scanning takes substantially longer - it is a more thorough and essentially deeper scan of your system. However, rootkit scanning is an important part of the protection offered by Malwarebytes Anti-Malware. As such, we recommend that users schedule a weekly scan that incorporates rootkit scanning in addition to their existing scans.
To add a weekly rootkit scan:
- Open Malwarebytes Anti-Malware and click on Settings
- Click on Automated Scheduling
- Click Add
- Pick which type of scan you would like to schedule from the Operation Type menu. Note that rootkit scanning is not available for Hyper Scans:
Threat Scan: Scans known locations that malware may reside
Custom Scan: Scans entire drives of your choice
- Choose the date and time you would like the scan to start
- Pick how often you would like the scan to happen
- Click Advanced
- Check Scan for Rootkits
- Ensure Quarantine all threats automatically is unchecked*
- Click OK
We recommend leaving the Quarantine all threats automatically option unchecked because some Rootkit infections may have unexpected results when removed. Typically most detections can be quarantined, but if you see the threat Unknown.Rootkit in your scan results, please do not remove it. Instead, uncheck these detections in your scan, and click Ignore Once to finish the scan. Once finished, please contact our Support team immediately and we will provide additional analysis and assistance to remove this detection.
This weekly scan should suffice for most users - If you are finding that your computer repeatedly is detecting rootkit infections, we strongly suggest you contact our Support Team, and we will be happy to assist in determining why this keeps happening.