Malwarebytes for Windows provides three methods you can use to scan your computer: Threat Scan, Custom Scan, and Quick Scan. The scan method you choose determines how comprehensive of a scan Malwarebytes for Windows runs on your computer.
To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button. To choose a scan method, instead click the larger Scanner card. The Scanner menu expands to present you with the Scan button, and also Advanced scanners to choose either Quick Scan or Custom Scan. Each scan type is described below.
Threat Scan
Threat Scans are our recommended scan method that detects threats in the most common system locations. We recommend you run a Threat Scan daily. If you have a Malwarebytes Premium subscription, a Threat Scan is scheduled to run once per day by default. Areas and methods tested include:
- Memory Objects: Memory allocated by operating system processes, drivers, and other apps.
- Startup Objects: Executable files or modifications which initiate at computer startup.
- Registry Objects: Configuration changes which may have been made to the Windows registry.
- File System Objects: Files stored on your computer's local disk drives which may contain malware.
- Heuristic Analysis: Methods used by Malwarebytes in the previously described objects and other areas to detect and protect against threats, and assure those threats cannot reassemble themselves.
Custom Scan
With a Custom Scan, you can choose what and where you want Malwarebytes for Windows to scan on your system. Depending on what locations you specify to be scanned, these scans can take a long time to complete. To avoid long wait times, we recommend you use Threat Scans unless there is a specific location on your device you want to scan.
To customize a scan, click the Scanner card, then click Advanced scanners, then click Configure Scan. An example of the Configure Custom Scan page is shown below.
Custom Scan options
These settings allow you to determine the areas of your device you want Malwarebytes to scan. These are described as follows:
- Scan memory objects: Memory allocated by operating system processes, drivers, and other apps. Threats detected during scans are still considered threats even if they have an active component in memory. To be safe, memory objects should be scanned.
- Scan registry and startup items: Executable files or modifications which initiate at computer startup, as well as registry-based configurations that can alter your device's startup behavior.
- Scan within archives: If this box is checked, archive file types such as zip, 7z, rar, cab and msi are scanned up to two levels deep. Password protected archives cannot be tested.
- Scan for rootkits: Rootkits are files stored on your computer's local disk drives which are invisible to the operating system. These files may influence system behavior.
- Potentially Unwanted Programs (PUPs): This setting allows you to choose how Potentially Unwanted Programs are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.
- Potentially Unwanted Modifications (PUMs): This setting allows you to choose how Potentially Unwanted Modifications are treated if detected. Use the drop-down menu to choose either Ignore detections, Warn user about detections, or Treat detections as malware.
The right side of the Custom Scan screen also shows a list of directories, sub directories to scan. By default, no directory is checked in a Custom Scan. You can check the box next to a directory, then all sub-folders will automatically check for scan as well. You can un-check individual directories that you don't want scanned.
Quick Scan
Quick Scans check for threats in your Memory and Startup objects, where threats commonly take place. A Quick Scan is faster than a Threat Scan but less comprehensive. Only Malwarebytes Premium or Trial users can use this scan type. Areas and methods tested include:
- Memory objects: Memory allocated by operating system processes, drivers, and other apps.
- Startup objects: Executable files or modifications which initiate at computer startup.
If a Quick Scan detects malware, we strongly recommend running a Threat Scan afterward in case there are more threats in other areas of your device. By default, any threats detected during a scan are quarantined. For information on Quarantine, see Restore or delete quarantined items in Malwarebytes for Windows.
If you have Malwarebytes for Windows Premium installed you can schedule a Threat, Custom, or Quick Scan to run automatically. For instructions, see Set up automatic scans in Malwarebytes for Windows.
Return to the Malwarebytes for Windows guide.