Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Greatly varying performances of AV apps


  • Please log in to reply
16 replies to this topic

#1 Cumulo

Cumulo

  •  Avatar image
  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 04 June 2024 - 09:16 AM

I got caught up int the recent BP hacking event and it has flagged up a worrying inability of some mainstream antii-malware apps to detect threats.

 

Interestingly, I only use this email address for this site so I suggest the breach must have come from an infection on my local machine.

 

I thought I was well protected as I had MWB and Avast antivirus premium versions installed, with MWB scheduled to run daily scans. All had been quiet - or so it seemed.

 

After receiving an email from BP admin yesterday about the malware attacks, I ran both AV apps \and again they showed no infections.

 

However to be extra sure I ran ESET online scanner and it showed up 57 infections, mostly Trojans, all in my email app.   

 

I have uninstalled Avast as it was coming to the end of the subscription anyway and am now trying to figure out how to install Windows Defender, as it is defaulting to MWB. But I am not looking for support here about that 

 

Anyhow, what is going on for such a well-respected app as MWB to apparently miss all those infections?  


Edited by hamluis, 04 June 2024 - 10:00 AM.
Moved from Malware Forum to AV/AM - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  •  Avatar image
  • Moderator
  • 20,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:12 AM

Posted 04 June 2024 - 10:23 AM

Post the Eset scan results. Did you allow Eset to remove what it found?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
If we are to have another contest in the near future of our national existence, I predict that the dividing line will not be Mason and Dixon’s, but between patriotism and intelligence on the one side, and superstition, ambition, and ignorance on the other. Ulysses S. Grant...Republican president who correctly predicted the cause of Trump's attempted coup.

 

 


#3 garioch7

garioch7

    RCMP Veteran


  •  Avatar image
  • Malware Response Instructor
  • 6,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hastings, Nova Scotia, Canada
  • Local time:10:12 AM

Posted 04 June 2024 - 11:50 AM

Cumulo:

 

Malwarebytes is not a genuine anti-virus program, despite some marketing to that effect.

 

https://forums.malwarebytes.com/topic/311423-scanning-pdf-files-for-malware/?do=findComment&comment=1633149

 

https://www.bleepingcomputer.com/forums/t/739910/is-malwarebytes-also-an-antivirus-program/#entry5107542

 

 

To enable Windows Defender, launch Malwarebytes, go Settings, General, and disable "Always register Malwarebytes in the Windows Security Center."  Then reboot your computer.  Windows Defender should activate automatically.

 

 

Malwarebytes does not scan emails or attachments.  It will block certain attachments, but only when they are executed and "go active."

 

https://forums.malwarebytes.com/topic/306549-is-malwarebytes-scanning-ms-outlook/?do=findComment&comment=1610306

 

 

I hope this helps.  Have a great day.

 

Regards,

Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 04 June 2024 - 04:07 PM

Malwarebytes Premium has the capability to register in Windows Security Center (Security and Maintenance), allowing users to configure Malwarebytes as their primary security solution or to run alongside their third party antivirus application. By default, Malwarebytes Premium automatically decides whether or not to register itself with Windows Security Center (Windows Defender) settings based on your system so you need to follow garioch7's instructions.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#5 Cumulo

Cumulo
  • Topic Starter

  •  Avatar image
  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 05 June 2024 - 04:08 AM

Thanks Phil, it halps far more than MS Answers.

 

I actually found the setting you mention under Settings>Security but now Defender is indeed my dfeualyt AV app.

 

Cumulo:

 

Malwarebytes is not a genuine anti-virus program, despite some marketing to that effect.

 

https://forums.malwarebytes.com/topic/311423-scanning-pdf-files-for-malware/?do=findComment&comment=1633149

 

https://www.bleepingcomputer.com/forums/t/739910/is-malwarebytes-also-an-antivirus-program/#entry5107542

 

 

To enable Windows Defender, launch Malwarebytes, go Settings, General, and disable "Always register Malwarebytes in the Windows Security Center."  Then reboot your computer.  Windows Defender should activate automatically.

 

 

Malwarebytes does not scan emails or attachments.  It will block certain attachments, but only when they are executed and "go active."

 

https://forums.malwarebytes.com/topic/306549-is-malwarebytes-scanning-ms-outlook/?do=findComment&comment=1610306

 

 

I hope this helps.  Have a great day.

 

Regards,

Phil


Edited by Cumulo, 05 June 2024 - 04:08 AM.


#6 Cumulo

Cumulo
  • Topic Starter

  •  Avatar image
  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 05 June 2024 - 04:14 AM

Thanks for yur reply.

 

I cannot for the life ofr me see any sign of a scan log. I notice the Settings menu that is shown in ESET online tutorial is absent from my version, I wonder  if this is because it is a trial version?

 

I did set it to remove detected items btw. Ran another scan yesterday and it dound just oine infrection. 

 

 

Post the Eset scan results. Did you allow Eset to remove what it found?



#7 garioch7

garioch7

    RCMP Veteran


  •  Avatar image
  • Malware Response Instructor
  • 6,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hastings, Nova Scotia, Canada
  • Local time:10:12 AM

Posted 05 June 2024 - 11:29 AM

Cumulo:

 

You are welcome for my assistance.  You might still be running Version 4 of Malwarebytes Premium.  I am using Version 5, which has a different GUI.  All computers with Version 4 will be automatically updated to Version 5 over the next month or two.

 

Have a great day.

 

Regards,

Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 Cumulo

Cumulo
  • Topic Starter

  •  Avatar image
  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 07 June 2024 - 02:20 AM

It's 4.6*...but now no longer the default AV app :)



#9 garioch7

garioch7

    RCMP Veteran


  •  Avatar image
  • Malware Response Instructor
  • 6,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hastings, Nova Scotia, Canada
  • Local time:10:12 AM

Posted 08 June 2024 - 11:35 AM

Cumulo:

 

Thank you for your post.  Well that explains why you didn't find the Windows Security Center option where I indicated it was, since I am running Malwarebytes 5.

 

You are much more secure with this "new" configuration of Windows Defender, plus Malwarebytes Premium.  You will find that configuration recommended by experts in the Malwarebytes Forums.

 

Personally, I don't know why Malwarebytes usually registers itself in the Windows Security Center as a default action.  Perhaps that is just a part of their AV-replacement advertising, but that is just my speculation.

 

Have a great day, and stay safe in cyberspace.

 

Regards,

Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 08 June 2024 - 02:49 PM

According to my notes, the folks at Malwarebytes previously said the program will register itself in Windows Security Center by default in order for Windows to recognize it as security software.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#11 garioch7

garioch7

    RCMP Veteran


  •  Avatar image
  • Malware Response Instructor
  • 6,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hastings, Nova Scotia, Canada
  • Local time:10:12 AM

Posted 08 June 2024 - 03:15 PM

quietman7:

 

 

 

By default, Malwarebytes Premium automatically decides whether or not to register itself with Windows Security Center (Windows Defender) settings based on your system so you need to follow garioch7's instructions.

 

 

 

Thank you for your latest post.  I was unwilling to contradict your assertion that MBP "decided" whether or not to register itself.  I thought it always did, but I was not about to question you because I don't have your knowledge and experience.

 

Thank you for clarifying.

 

Have a great day.

 

Regards,

Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 08 June 2024 - 05:21 PM

You're welcome garioch7
 
Most of the knowledge I have in regards to Malwarebytes is from notes I collected from staff/topics at their forum over the years and a few FAQS/knowledge based articles the development team released. I believe it was exile360 who indicated in a posting there were three options to choose from which I wrote it down for future reference:
1. Force Malwarebytes to register.
2. Not register.
3. Allow Malwarebytes to automatically decide to register or not based on its default setting.
 
According to V3 FAQS, Malwarebytes installed alongside Defender by default and would only register in Windows Security Center if there was a third-party antivirus registered. If only Defender was registered and active, Malwarebytes would not register itself in Windows Security Center. V4 gave Malwarebytes itself the capability to register itself in Windows Security Center as noted here.
 
Like you, my experience has been that Malwarebytes automatically registers itself by default (in order for Windows to recognize it as security software) and the user can then configure what they want after that.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#13 garioch7

garioch7

    RCMP Veteran


  •  Avatar image
  • Malware Response Instructor
  • 6,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hastings, Nova Scotia, Canada
  • Local time:10:12 AM

Posted 09 June 2024 - 01:40 PM

quietman7:

 

Thank you for your clarification.  I am a frequent visitor to the Malwarebytes Forums and have seen multiple posts by @Porthos, who now seems to be their senior and most prolific "Trusted Advisor" counselling MB users to disable MB from registering in the Windows Security Center.

 

From that, and my own experience, I inferred what we have both noted: that MB is registering itself by default, and thereby potentially compromising users of Windows Defender as their AV solution because when MB registers, WD turns its real-time protection off.  Personally, I think Marcin should reconsider this behavior of his MB product.

 

As you have noted in your invaluable posts here, MB is not a genuine AV solution.

 

https://www.bleepingcomputer.com/forums/t/739910/is-malwarebytes-also-an-antivirus-program/#entry5107542

 

A more recent post on the Malwarebytes Forums confirms that nothing has changed.

 

https://forums.malwarebytes.com/topic/311423-scanning-pdf-files-for-malware/?do=findComment&comment=1633149

 

This confirms the information in the link by David Lipman that you cite in my first link of this post to one of your posts.

 

In any event, all is good.  We are on the same page. :)  I just wanted to ensure that I am always providing correct information to our BC clients.

 

Have a great day.

 

Regards,

Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 62,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 09 June 2024 - 02:51 PM

Yes, Porthos does indicate nothing has changed in regards to what David Lipman previously explained to us. Porthos does visit BC from time to time and weights in on various topics especially those related to Malwarebytes.
 
I too think Marcin should reconsider the behavior of Malwarebytes registering itself by default

 

As for what we have discussed here, we definitely are on the same page.  :thumbup2:

 

You have a great day yourself.

 

Russ


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#15 Cumulo

Cumulo
  • Topic Starter

  •  Avatar image
  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 PM

Posted 11 June 2024 - 03:37 AM

ESET seems to have done a good job of clearing up the infections but cannot deelete one Trojan.

 

I he been unable to locate scan logs in the trial version and am trying to get clartification anourt that from the ESET forums.

 

Anyhow I di not know if this screenshot is any good but the atatchment gives some imfo about the detection.

 

How would I deal with this? Presumany delete it manually, but would that not risk deleting needed files?  

 

EDIT: Cannot see the option ot add an Attachemnt(?) 


Edited by Cumulo, 11 June 2024 - 03:52 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users