Scan types in Malwarebytes for Windows v4

Document created by jgolomb Employee on Oct 10, 2019Last modified by jgolomb Employee on Nov 4, 2019
Version 12Show Document
  • View in full screen mode

Malwarebytes for Windows provides three methods you can use to scan your computer: Threat Scan, Custom Scan, and Quick Scan. The scan method you choose determines how comprehensive of a scan Malwarebytes for Windows runs on your computer.

 

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button. To choose a scan method, instead click the larger Scanner card. The Scanner menu expands to present you with the Scan button, and also Advanced scanners to choose either Quick Scan or Custom Scan. Each scan type is described below.

 

Threat Scan

Threat Scans are the most comprehensive type but may take the longest. We recommend you run a Threat Scan daily. If you have a Malwarebytes Premium subscription, a Threat Scan is scheduled to run once per day by default. Areas and methods tested include:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup Objects: Executable files or modifications which initiate at computer startup.
  • Registry Objects: Configuration changes which may have been made to the Windows registry.
  • File System Objects: Files stored on your computer's local disk drives which may contain malware.
  • Heuristic Analysis: Methods used by Malwarebytes in the previously described objects and other areas to detect and protect against threats, and assure those threats cannot reassemble themselves.

 

Custom Scan

With a Custom Scan, you can choose what and where you want Malwarebytes for Windows to scan. To customize a scan, click the Scanner card, then click Advanced scanners, then click Configure Scan. An example of the Configure Custom Scan page is shown below.

Image of the Configure Custom Scan screen in Malwarebytes for Windows.

 

Custom Scan options

These settings allow you to determine the areas of your device you want Malwarebytes to scan. These are described as follows:

  • Scan memory objectsMemory allocated by operating system processes, drivers, and other apps. Threats detected during scans are still considered threats even if they have an active component in memory. To be safe, memory objects should be scanned.
  • Scan registry and startup items: Executable files or modifications which initiate at computer startup, as well as registry-based configurations that can alter your device's startup behavior.
  • Scan within archives: If this box is checked, archive file types such as zip, 7z, rar, cab and msi are scanned up to two levels deep. Password protected archives cannot be tested.
  • Scan for rootkits: Rootkits are files stored on your computer's local disk drives which are invisible to the operating system. These files may influence system behavior. 
  • Potentially Unwanted Programs (PUPs): This setting allows you to choose how Potentially Unwanted Programs are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.
  • Potentially Unwanted Modifications (PUMs): This setting allows you to choose how Potentially Unwanted Modifications are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.

 

The right side of the Custom Scan screen also shows a list of directories, sub directories to scan. By default, no directory is checked in a Custom Scan. You can check the box next to a directory, then all sub-folders will automatically check for scan as well. You can un-check individual directories that you don't want scanned.

 

Quick Scan

Quick Scans check for threats in your Memory and Startup objects, where threats commonly take place. A Quick Scan is faster than a Threat Scan but less comprehensive. Only Malwarebytes Premium or Trial users can use this scan type. Areas and methods tested include:

  • Memory objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup objects: Executable files or modifications which initiate at computer startup.

 

If a Quick Scan detects malware, we strongly recommend running a Threat Scan afterward in case there are more threats in other areas of your device. By default, any threats detected during a scan are quarantined. For information on Quarantine, see Quarantine or restore items with Malwarebytes for Windows v4 

 

If you have Malwarebytes for Windows Premium installed you can schedule a Threat, Custom, or Hyper Scan to run automatically. For instructions, see Set up automatic scans in Malwarebytes Premium on Windows v4 

 

 

Return to the Malwarebytes for Windows guide v4 

Attachments

    Outcomes