Types of scans in Malwarebytes Cloud Platform

Document created by bgoddard Employee on Sep 19, 2019Last modified by bgoddard Employee on Nov 11, 2019
Version 23Show Document
  • View in full screen mode

Malwarebytes Cloud Platform provides a quick Hyper Scan, a more in-depth Threat Scan, and custom scans. The Asset Inventory Scan updates endpoint information in the console. This article explains the types of scans and the options available for each.

 

Scans may be run manually across endpoints or scheduled at a time that works best for you. Options for scans are set within a policy.

 

 

Threat Scans

Threat Scans detect the most common threats by scanning conventional locations on an endpoint where threats can occur. Threat Scans use heuristic analysis, a technique that looks for certain malicious behaviors in files that Malwarebytes hasn't seen before. Run a daily Threat Scan to keep your endpoints safe.

 

Threat Scans check the following on your endpoints:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other applications.
  • Startup Objects: Executable files and/or modifications made during computer startup.
  • Registry Objects: Configuration changes made to the Windows registry.
  • File System Objects: Files which may contain malicious programs or harmful code snippets.

 

You may also select:

  • Quarantine found threats automatically: Lets you immediately quarantine threats when they're detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.

 

Hyper Scans

A Hyper Scan is a quick scan that detects and cleans immediate threats. If a Hyper Scan finds any threats, run a Threat Scan to check for threats at a deeper level.

 

Hyper Scans check the following:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other applications.
  • Startup Objects: Executable files and/or modifications made during computer startup.

 

You may also select:

  • Quarantine found threats automatically: Lets you immediately quarantine threats when they're detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.

 

Custom Scans

Custom Scans enable you to specify precisely what to scan. When choosing a Custom Scan, the following settings are available:

  • Quarantine found threats automatically: Lets you immediately quarantine threats when they're detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.
  • Scan memory objects: Scans memory used by operating system processes, drivers, and other applications.
  • Scan startup and registry settings: Scans executables that are started at boot and changes to the registry that can affect startup behavior.
  • Scan within archives: Archive files are scanned, up to four levels deep. Encrypted archives are not scanned. Archive file types include ZIP, 7Z, RAR, CAB and MSI.
  • Rootkits: Scans for rootkits, files invisible to the operating system that can influence system behavior.
  • PUPs/PUMs: Choose whether Potentially Unwanted Programs and Potentially Unwanted Modifications are considered malware or ignored.
  • Scan Path: The top level folder for the Custom Scan.

 

Asset Inventory Scan

An Asset Inventory Scan looks at which Asset Management settings are enabled in the group policy. The scan then retrieves the specified information from each endpoint and updates the endpoint details in the console. These details are found on the Endpoint Properties screen.

 

Adjust Asset Management settings in a policy

  1. Go to Settings > Policies > choose a policy > choose Windows or Mac > General.

  2. Scroll down to Asset Management.

  3. For each event that you want to be updated by an Asset Inventory Scan, toggle the switch to ON.


  4. Repeat steps 2 and 3 for all platforms that use this policy.

  5. Click SAVE.

 

Information collected during the scan is updated on the Endpoint Properties screen. Information scanned may include:

  • Storage Devices: Connected storage, USB storage, and other devices.
  • Memory Objects: Physical and virtual memory of the endpoints. 
  • Startup Programs: Registry entries for installed startup programs on the endpoint.
  • Installed Software: Software installed on the endpoint.
  • Software Updates: Software updates that occurred on the endpoint.

 

To view Endpoint Properties, go to Endpoints and click on an endpoint name. View more information on the endpoint by selecting the tabs at the top of the Endpoint Properties screen.

 

For more information on Endpoint Properties, see Manage Malwarebytes Cloud Platform endpoints.

 

See also

 

 

Return to the Malwarebytes Cloud Platform Administrator Guide 

Attachments

    Outcomes