MBAM 2.0.3 Too Agressive?

Has anyone had any problems with MBAM 2.0.3 being too agressive and / or having false positives … or trashing something in your computer after quarantining threat items found?

As some of you all might remember, last week my sister’s computer ended up with no Internet access after I quarantined the 39 PUPs that MBAM found. I subsequently regained Internet access after I restored all those PUPs.

Ssss so, yesterday I was again at my sister’s house. My brother-in-law immediately informed me that actually, AT & T had found a problem on their (AT & T’s) end and the Internet was all fixed now. So, the first thing I proceeded to do was to run MBAM again. I figured that with the Internet all fixed up, there should be no problem with those restored PUPs being quarantined again. MBAM found 24 PUPs. I quarantined them all and … BAMM! The computer again wound up with no Internet access. I restored all the PUPs and again Internet access was restored.

I had never had any problems before with any previous MBAM versions trashing anything on any computer until this latest version.

My own personal opinion is “yes” MBAM is too aggressive when it comes to PUP detection.
I have the PUP setting disabled in MBAM Premium. I suffered through issues like but, not to
the extent that you have. After that I don’t allow MBAM to scan for PUPs at all.

I don’t think this is just 2.0.3, MBAM Premium 2.x has been a resource hog from day one, but I wouldn’t say it is too aggressive.

I though it shouldn’t be quarantining things unless you elect to do that after the scan.

That said I have resident protection in the MBAM Premium 2.0.3 version so I have abandoned on-demand scans in the same way I have abandoned on-demand scans in avast.

  • With a resident on-access antivirus like avast (or anti-malware like MBAM Premium 2.x or later), the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield (MBAM) would be scanning them before being created, modified, opened or executed.

I have all features of MBAM Pro active on my three systems here and I never hear a peep out of them, no PUP’s or IP blocks.

My fathers system occasionally gets an IP block when using Skype but it doesn’t affect his use so it’s obviously doing it’s job correctly there and my mothers system also never gets a peep from MBAM Pro so we must all have reasonably good browsing habits and not run any obscure software I guess :slight_smile:

It may detect remnants of old pup ADWARE in temp files. Like DavidR says MBAM is a bit over-aggressive.
It may have played part in my last cold reconnaissance scanning machine crash also.
As CraigB states under normal circumstances it may lay dormant and not give any bleeps.

But whenever there are minor software conflicts these butterfly wing motions may lead to a big storm later on.
So it is absolutely vital to know what your configuration toleration is and tweak the scanner accordingly.

Scanrot is a mighty adversary. That is why I have avast! always perform a full user folder scan.
Takes some time but especially former Webshield alerts can stay in memory and act up.
So just as with incomplete uninstall routines it is going over this again and again.

I am not essexboy with his experience to give a machine a clean bill of health,
however for website security scanning I like to rival with the best.

polonus (volunteer website security analyzer)

I also have my share of problems too. BSOD during heuristic scan. After finding out that there was nothing wrong with my sys; chkdsk, ramtest, sfc /scannow, clean health of bill ( no infections ), etc… the scan started to work fine out of the blue.

On MY computer, I haven’t had any problems with MBAM 2.0.3, but then again, I’m like most of you guys, the regulars. I have good browsing habits and thus, MBAM 2.0.3 hasn’t found anything on my computer.

On my sister’s computer, I just might switch to disabling the check for PUPs. I guess that would be the PUPs “Ignore detections” setting. I’m now too leery of FUBARing their computer with anymore PUPs quarantining. Or I guess I could even uninstall MBAM 2.0.3 on my sister’s computer and reinstall MBAM 1.75.

Oh, I did perform the quarantining manually AFTER the scan.
I didn’t have it set to “Treat detections as malware” or whatever it is.

This was one of those cases whereby it definitely paid to not remove threats found … but, rather quarantine them.
I would have been up a creek if I had removed instead of quarantine.
Since I have no idea which particular PUP quarantining was responsible for the loss of Internet, I have no idea if a System Restore would have returned Internet access had the PUPs no longer been in quarantine.

Posting Logs and let Essexboy have a look may help.

Hi Pondus,

Cannot it also be that the complicated nature of recent anti-malware solutions in general could work out these incompatibility issues?
Test and beta versions become shorter and shorter, the developers are under heavy pressure to deliver for marketing and share-holders alike wanting their share. We cannot shut our eyes to these issues as well and sometimes security and user friendliness gets bend a little during the process. Some as the majority of the run of the mill users will never get bitten by these issues, others have a less favorite experience.

polonus

I will at the very least try to get the MBAM log for Essexboy to look at since the quarantining of MBAM’s findings is what’s causing the loss of Internet. Maybe Essexboy can pinpoint which exact PUP is likely to be the culprit.

It might be until sometime next week when I go to my sister’s house again.

And I guess depending on what Essexboy finds, it might turn out to be something I need to inform MBAM over at their forum if it’s something that needs to be fixed.