Types of Malwarebytes Cloud Platform scans

Document created by bgoddard Employee on Sep 19, 2019Last modified by bgoddard Employee on Oct 7, 2019
Version 15Show Document
  • View in full screen mode

Malwarebytes Cloud Platform provides a quick Hyper Scan, a more in-depth Threat Scan, and customizable scans. You can also run an Asset Inventory Scan which updates endpoint information in the console. You can run scans manually across endpoints or schedule them for a time that works best for you.

 

Threat Scans

Threat Scans detect the majority of threats you may encounter, scanning common locations on your endpoints. We recommend running Threat Scans daily. Threat Scans use heuristic analysis to detect threats, protect against them, and stop them from reassembling.

 

Threat Scans check the following on your endpoints:

  • Memory Objects - Memory allocated by operating system processes, drivers, and other applications.
  • Startup Objects - Executable files and/or modifications during computer startup.
  • Registry Objects - Configuration changes made to the Windows registry.
  • File System Objects - Files which may contain malicious programs or code snippets.

 

Hyper Scans

A Hyper Scan is a quick scan that detects and cleans immediate threats. We strongly recommend running a Threat Scan if any threats are found by a Hyper Scan.

 

Hyper Scans check the following:

  • Memory Objects - Memory allocated by operating system processes, drivers, and other applications.
  • Startup Objects - Executable files and/or modifications during computer startup.

 

Custom Scans

Custom Scans enable you to specify precisely what to scan. When performing a Custom Scan, the following settings are available:

  • Quarantine found threats automatically - Allows you to immediately quarantine threats on detection or prompt you for action on each threat detected.
  • Scan memory objects - Scans memory used by operating system processes, drivers, and other applications. Threats with an active component in memory are still considered dangerous. We recommend scanning memory objects.
  • Scan startup and registry settings - Scans executables that are initiated at computer startup and registry changes that can alter startup behavior.
  • Scan within archives - If checked, archive files are scanned up to four levels deep. Encrypted archives cannot be tested. Supported archive types are ZIP, 7Z, RAR, CAB and MSI.
  • Rootkits - These are files invisible to the operating system. Rootkits may also influence system behavior.
  • PUPs/PUMs - Choose whether Potentially Unwanted Programs (PUPs) and Potentially Unwanted Modifications (PUMs) are considered malware or ignored.
  • Scan Path - This defines the top level of a folder for scanning.

 

Asset Inventory Scan

An Asset Inventory Scan retrieves information on all endpoints in a group and updates the Endpoint Properties screens for that group. The information gathered is determined by the Asset Management settings in each group's policy.

 

Adjust policy Asset Management settings

  1. Go to Settings > Policies > choose a policy > Windows or Mac > General.

  2. Scroll down to Asset Management.

  3. For each event that you want to be retrieved by Asset Inventory Scans, toggle the switch to ON.


  4. Repeat steps 2 and 3 for all platforms on this policy, Mac or Windows.

  5. Click SAVE.

 

Information collected during the scan is updated on the Endpoint Properties screen. Information scanned may include:

  • Storage Devices - Connected storage, USB storage, and other devices.
  • Memory Objects - Physical and virtual memory of the endpoints. 
  • Startup Programs - Registry entries for installed startup programs on the endpoint.
  • Installed Software - Software installed on the endpoint.
  • Software Updates - Software updates that occurred on the endpoint.

 

To view Endpoint Properties, go to Endpoints > Manage Endpoints > click on an endpoint name. Click through the available tabs on the Endpoint Properties screen to view more information on the endpoint.

 

For more information on the Endpoint Properties screen, see Manage Malwarebytes Cloud Platform endpoints.

Attachments

    Outcomes