Different scan methods in Malwarebytes for Windows v3

Document created by parche Employee on May 24, 2017Last modified by jgolomb on Nov 25, 2019
Version 15Show Document
  • View in full screen mode

Malwarebytes for Windows provides three methods you can use to scan your computer: Threat Scan, Custom Scan, and Hyper Scan.  The scan method you choose determines how comprehensive of a scan Malwarebytes for Windows runs on your computer. To choose a scan method open Malwarebytes for Windows, then click the Scan tab. You are presented with the three different scan types described below.

Image of Scan menu in Malwarebytes on Windows devices.

 

Threat Scan

Threat Scans are the most comprehensive type but may take the longest. We recommend you launch a Threat Scan daily. If you have a Premium license activated, a Threat Scan is scheduled to run once per day by default. Areas and methods tested include:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup Objects: Executable files or modifications which initiate at computer startup.
  • Registry Objects: Configuration changes which may have been made to the Windows registry.
  • File System Objects: Files stored on your computer's local disk drives which may contain malware.
  • Heuristic Analysis: Methods used by Malwarebytes in the previously described objects and other areas to detect and protect against threats, and assure those threats cannot reassemble themselves.

 

Custom Scan

With a Custom Scan, you can choose what and where you want Malwarebytes for Windows to scan. To customize a scan, click the Custom Scan option, then click Configure Scan. An example of the Custom Scan configuration page is shown below.

Image of custom scan configuration page in Malwarebytes for Windows.

 

Custom Scan options

These settings allow you to determine the areas of your device you want Malwarebytes to scan. These are described as follows:

  • Scan Memory ObjectsMemory allocated by operating system processes, drivers, and other apps. Threats detected during scans are still considered threats even if they have an active component in memory. To be safe, memory objects should be scanned.
  • Scan Startup and Registry Settings: Executable files or modifications which initiate at computer startup, as well as registry-based configurations that can alter your device's startup behavior.
  • Scan within archives: If this box is checked, archive file types such as zip, 7z, rar, cab and msi are scanned up to two levels deep. Password protected archives cannot be tested.
  • Scan for rootkits: Rootkits are files stored on your computer's local disk drives which are invisible to the operating system. These files may influence system behavior. 
  • Potentially Unwanted Program (PUP): This setting allows you to choose how Potentially Unwanted Programs are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.
  • Potentially Unwanted Modifications (PUM): This setting allows you to choose how Potentially Unwanted Modifications are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.

 

The right side of the Custom Scan screen also shows a list of directories, sub directories, and individual files to scan. Other than the Desktop, every location on your device is selected for scan by default. You may un-check individual files or directories that you don't want to be scanned.

 

Hyper Scan

Hyper Scans check for threats in your Memory and Startup objects, where threats commonly take place. A Hyper Scan is faster than a Threat Scan but less comprehensive. Only Malwarebytes Premium or Malwarebytes Trial users can use this scan type. Areas and methods tested include:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup Objects: Executable files or modifications which initiate at computer startup.

 

If a Hyper Scan detects malware, we strongly recommend running a Threat Scan afterward in case there are more threats in other areas of your device.

 

If you have Malwarebytes for Windows Premium installed you can schedule a Threat, Custom, or Hyper Scan to run automatically. For instructions, refer to the article Set up automatic scans in Malwarebytes Premium on Windows devices.

 

See also

Attachments

    Outcomes