Malwarebytes question

[Jon Light (deceased)]

I recently bought the full Premium version ( 3.1.2.1733 )

Here is an excerpt of a scan report:

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled


My question is about Rootkits. In SETTINGS I definitely have Rootkit scan "ON" . The report confuses me. If I am misreading or misunderstanding the report, fine. I don't need to know what it means, as long as I can know that it is indeed scanning what I need it to scan.

Does this need my attention?

[Mitch Drumm]

Doesn't look right to me, Jon.

I show enabled next to rootkits.


I assume in settings/scan options/scan for rootkits, you have the toggle switch set to "on" and have closed the app and rebooted after confirming that setting.

If that's true, you might want to post at the Malwarebytes forum. I haven't checked there, but maybe it is a known issue.

[Jon Light (deceased)]

Thanks Mitch.

Yes, to your questions. I'll look into this.

[Jon Light (deceased)]

Great advice, Mitch.
It is a known thing, asked and answered in the forum. The selected settings (apparently) apply to manual scans. For automatic scheduled scans you have to click the scan in the schedule and make the selections in 'advanced settings'. My manual settings were good but the default in the scheduled scans is rootkits : disabled (for some reason).

Thanks for the help!

[Mitch Drumm]

Thanks for digging into that.

I just checked settings/scan schedule/edit button/advanced and found that "scan for rootkits" was checked under "scheduled options".

I guess you are saying that that is NOT the default?

I frankly can't recall if I had previously visited that location and made that setting manually. If it isn't the default, I guess I must have as my scan report says rootkits enabled, unlike yours.

[Jon Light (deceased)]

Your summary is correct although all I can only say for certain that my auto scan was defaulted to 'disabled' and that this is the situation that I found in the MBAM forum. Maybe this pertains only to new installations or something (I upgraded from the free version a couple of weeks ago)? I do not know and did not investigate that.

[Jack Stoner]

I have mine set to "defaults" and that is rootkits off.

[Jon Light (deceased)]

Jack--do you have some reasoning that would convince me to switch rootkit scanning off? I know/understand nothing and simply opt for 'more scanning is good' unless instructed otherwise.

[Wiz Feinberg]

Jack--do you have some reasoning that would convince me to switch rootkit scanning off? I know/understand nothing and simply opt for 'more scanning is good' unless instructed otherwise.

I'm not Jack, but will chime in here anyway.

Personally, I turn on scanning for rootkits. While they aren't an every day threat, they are out there in malware like the Petya virus. Petya scrambles the Master Boot Record (thus encrypting the entire disk) and uses a rootkit to reinstall if it is deleted. Petya is currently in the wild and uses some of the attack vectors used in Eternal Blue and WannaCry. While not particularly targeting normal computer users, we can become collateral damage. A rootkit detector goes a long way to stopping Petya and related malware.

Note that scanning for rootkits adds to the load on your computer during the scan and could interfere with its operation until the scanning has completed.

[Jon Light (deceased)]

Thanks Wiz. I schedule my scans for off hours so resource load is not an issue.
I'll keep everything enabled.

[Wiz Feinberg]

Malwarebytes has an info page devoted to the new Petya/NotPetya virus.