Skip to main content

Scan types in Malwarebytes for Windows v4

Malwarebytes for Windows version 4 provides three methods you can use to scan your computer: Threat Scan, Custom Scan, and Quick Scan. The scan method you choose determines how comprehensive of a scan Malwarebytes for Windows runs on your computer.

Threat Scan

Threat Scans detect threats in the most common system locations. If you have a paid subscription, a Threat Scan is scheduled to run once per week by default. Areas and methods tested include:

  • Memory Objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup Objects: Executable files or modifications that initiate at computer startup.
  • Registry Objects: Configuration changes that may have been made to the Windows registry.
  • File System Objects: Files stored on your computer's local disk drives which may contain malware.
  • Heuristic Analysis: Methods used by Malwarebytes in the previously described objects and other areas to detect and protect against threats and ensure those threats cannot reassemble themselves.

To run a Threat Scan

  1. Click the blue Scan button.
  2. To choose a scan method click the larger Scanner card.
  3. The Scanner menu expands to present you with the Scan button. 

Custom Scan

With a Custom Scan, you can choose what and where you want Malwarebytes for Windows to scan on your system. Depending on what locations you specify to be scanned, these scans can take a long time to complete. To avoid long wait times, we recommend you use Threat Scans unless there is a specific location on your device you want to scan.

To customize a scan:

1. Click the Scanner card.

2. Click Advanced scanners. 

3. Click Configure Scan.

An example of the Configure Custom Scan page is shown below.

DOC-3539-1.png 

Custom Scan options

These settings allow you to determine the areas of your device you want Malwarebytes to scan. These are described as follows:

  • Scan memory objects: Memory allocated by operating system processes, drivers, and other apps. Threats detected during scans are still considered threats even if they have an active component in memory. To be safe, memory objects should be scanned.
  • Scan registry and startup items: Executable files or modifications that initiate at computer startup, as well as registry-based configurations that can alter your device's startup behavior.
  • Scan within archives: If this box is checked, archive file types such as zip, 7z, rar, cab and msi are scanned up to two levels deep. Password protected archives cannot be tested.
  • Scan for rootkits: Rootkits are files stored on your computer's local disk drives which are invisible to the operating system. These files may influence system behavior.
  • Potentially Unwanted Programs (PUPs): This setting allows you to choose how Potentially Unwanted Programs are treated if detected. Use the drop-down menu to select either Ignore detectionsWarn user about detections, or Treat detections as malware.
  • Potentially Unwanted Modifications (PUMs): This setting allows you to choose how Potentially Unwanted Modifications are treated if detected. Use the drop-down menu to select either Ignore detectionsWarn user about detections, or Treat detections as malware.

The right side of the Custom Scan screen also shows a list of directories and sub-directories to scan. By default, no directory is checked in a Custom Scan. You can check the box next to a directory; then, all sub-folders will automatically check for scan. You can un-check individual directories that you don't want scanned.

Quick Scan

Quick Scans check for threats in your Memory and Startup objects, where threats commonly take place. A Quick Scan is faster than a Threat Scan but less comprehensive. Only Malwarebytes Premium or Trial users can use this scan type. Areas and methods tested include:

  • Memory objects: Memory allocated by operating system processes, drivers, and other apps.
  • Startup objects: Executable files or modifications that initiate at computer startup.

If a Quick Scan detects malware, we strongly recommend running a Threat Scan afterward in case of more threats in other areas of your device. By default, any threats detected during a scan are quarantined. For information on Quarantine, see Restore or delete quarantined items in Malwarebytes for Windows.

If you have the paid version of Malwarebytes for Windows installed, you can schedule a Threat, Custom, or Quick Scan to run automatically. For instructions, see Set up automatic scans in Malwarebytes for Windows.

 

Return to the Malwarebytes for Windows guide.

Related articles