Analysis of the protection of Malwarebytes

Malwarebytes is a software created to detect and remove malware. It was broadcast for the first time to the general public in January 2008.

Malwarebytes Image 1 624x258

A free version of Malwarebytes is available, scanning and destroying malware (mainly Trojans and spyware). This free version of Malwarebytes will be the focus of our analysis.

Malwarebytes also exists in paid version   It allows you to run scheduled scans and provides real-time protection and online browsing protection (blocking malicious pages). In its premium version, Malwarebytes acts as an anti-virus in its own right. Its use remains compatible in complementarity with another anti-virus software.

Be guided in this analysis of the protection of Malwarebytes for Windows.

1. How to download Malwarebytes

Our usual recommendation would be to download your software directly from their publishers.

Malwarebytes is broadcast by the California company … Malwarebytes Corporation based in San Jose. You can download your software directly from their website https://www.malwarebytes.com/.

Malwarebytes is a free software with integrated purchases, it can be downloaded from technology information sites or download. It is imperative to favor sites with high notoriety such as 01net.com , or commentcamarche.com or clubic.com.

Do not download Malwarebytes from suspicious sites, free downloads, or servers that share files. These are real nests housing all kinds of adware and malware.

2. General structure of Malwarebytes

Malwarebytes - Image 2

The Malwarebytes main menu (left column) is organized around five functions:

– Dashboard ;

– Analysis;

– Quarantine;

– Reports ;

– Settings.

A. Dashboard

State pane

The status pane of your dashboard provides an overview of the program . It allows you to run a quick scan (by clicking Scan Now ). We will see in the following sections how to set up this analysis.

Real-time protection

You’ll also find the Real-time Protection options, which is only available with the premium version of Malwarebytes, and includes:

– Web protection :

Detects spyware before they can steal your identity.

– Protection against exploits :

Protection against malicious sites when you surf the web.

– Protection against malware :

Automatically blocks malware attacks.

– Protection against ransomware :

Prevents ransomware from locking your files.

State of the analysis

Gives you information about the scans : the date of the last scan and the date of the next scheduled scan, and the number of infected objects detected during the scan.

System

You can manage Malwarebytes updates in this tab.

B. Analysis

Malwarebytes - Image 3

The Analysis function allows you to quickly launch an analysis, and manage the planning of your analyzes.

Type of analysis

Three modes of analysis are proposed:

– Threat Analysis :

Most complete analysis. It analyzes all locations that may harbor malware, including memory, boot, registry, and file system objects.

– Custom analysis :

Custom analysis allows you to choose the objects (memory, boot and register) and locations to scan. You can customize Program Processing (PUP) and Potentially Unwanted Modification (PUM).

– Quick analysis :

This function is only available with the premium version of Malwarebytes. It allows you to run a quick scan of memory and startup objects for active malware.

Analysis planning

Malwarebytes - Image 3.2

This tab allows you to manage how often and how scheduled scans run on your system.

C. Quarantine

When you start an analysis and Malwarebytes detects suspicious items, it quarantines them. Once in quarantine, they are no longer a threat. You can restore or delete these items. Items deleted from Quarantine will be permanently deleted from your computer.

Note that these are only items considered suspicious. They are not necessarily a threat.

D. Proceedings

Malwarebytes - Image 5

The Reports pane displays a list of real-time protection scans and detections in reverse chronological order. The analysis reports are reports summarizing the specified analysis . All other reports listed on this screen are details of detections made by real-time protection, and therefore available only with the paid version of Malwarebytes.

Viewing reports

You can view any report by clicking the log to select it, and then clicking the View Log button.

– Summary

You will find here the summary of the report of your analysis .

Malwarebytes - Image 5.2

Please note that an Export button is displayed in the lower left corner of this screen. This allows you to make a copy of the log for use by other programs. You can export to your clipboard or to a text file (TXT).

– Advanced

Malwarebytes - Image 5.3

Newspaper detail

This section groups the results of the scan , the date and time of the scan , the location of the log file, and the user who ran the scan .

System information

Information about your system (operating system, processor, type of file system and user).

Analysis options

Options selected during the scan : Memory, Boot, File System, Archive, Rootkits, Heuristic, PUP and PUM.

Software information

Information about the version of Malwarebytes used (version, type of license, …).

Summary of the analysis

This is where the information about the analysis is located : type of analysis, origin of the launch (manual or schedule), results, number of objects scanned, threats detected, quarantined, and elapsed time.

Deleting reports

To delete the logs, select the check box corresponding to the logs that you want to delete, and then click the Delete button. Computers with significant threat activity will have larger logs. You should periodically check the amount of disk space used for the logs so that they do not affect the normal operation of your computer.

E. Settings

Application

Malwarebytes - Image 6

Application Updates

This is where you manage the Malwarebytes update options .

The first toggle switch lets you choose to automatically download and install application component updates.

The second toggle switch lets you be notified when full version updates of Malwarebytes are available.

Click Install Application Updates to check for available updates or program upgrades.

– Notifications

Here you can manage your notification settings .

– Impact of the analyzes on the system

Here you can choose to give priority to manually initiated scans . By choosing this option, you reduce the duration of manually initiated scans, however at the expense of background tasks. On the contrary, you can reduce the priority of manual scans to improve multitasking.

– Windows context menu

Displays a Malwarebytes icon in Windows Explorer.

– Show language

Choose the language of the program.

– Event log data

This setting provides additional information about program actions that go beyond the user’s usual needs. If you have a technical problem with Malwarebytes, service engineers may ask you to enable this setting to provide additional troubleshooting information. The default setting is disabled.

– Proxy server

You can specify here whether you are using a proxy server.

 

Did you know ?

Generally used on a corporate network, the proxy server has two main purposes. The first is to channel communications to and from the outside world via a single point of connection, ensuring the anonymity of all computers on the internal network. The second goal is to cache the content. This means that the external content that was recently downloaded is saved locally for a period of time and subsequent requests from that user (or others) will be able to use the newly saved data. This maintains a high bandwidth, which reduces operating costs.

 

By default, Malwarebytes does not use a proxy. If you enable this option, the bottom panel will change to provide the configuration options.

You can now specify the IP address or name of a proxy server, as well as the appropriate port number. If a proxy is used, the name and port number must be specified by the person who controls access to the proxy server. It will also tell you if authentication is required to use the server and, if necessary, provide you with a username and password.

– User access

Available only with the premium version of Malwarebytes .

– Windows Notification Center

Available only with the premium version of Malwarebytes .

– Beta application updates

Available only with the premium version of Malwarebytes .

– Statistics on use and threats

This tab allows you to choose whether you want to share your usage data with Malwarebytes for program improvement purposes.

You can view their privacy policy if you want to know more about sharing data.

You can restore the default settings of the Application tab at any time.

Protection

Malwarebytes - Image 8

– Real-time protection

Available only with the premium version of Malwarebytes .

– Analysis options

Search for rootkits

Rootkit search uses a specific set of rules and tests to determine if a rootkit is present on your computer . For readers who do not know this term, an explanation can be helpful. A rootkit is malicious software that can be placed on a computer and has the ability to modify operating system files in a manner that hides its presence. By enabling rootkit scanning , the scan method is more intensive and more efficient , but the time required to perform an analysis increases .

Analyze archives

When Analyze archives is enabled, Malwarebytes analyzes four levels of depth in archive files (ZIP, RAR, 7Z, CAB, and MSI). If this option is disabled, the archive is excluded from the scan. Please note that encrypted archives can not be fully tested.

Use signature-independent anomaly detection for enhanced protection

This is a new detection method called Shuriken 2.0 (so catchy). This technology uses machine learning to complement existing detection methods.

– Protection against potential threats

In addition to malware detection and removal, Malwarebytes also detects and acts on two classes of non-malicious software . These are potentially unwanted programs (PUPs) and potentially unwanted modifications (PUMs). In many cases, PUPs appear as toolbars and other application software installed on your computer as part of a bundle. You may have asked for an app, and she came up with a second app that was not mentioned, or that was mentioned, but you did not uncheck the box next to it to prevent it from being installed at the same time. You can also use the PUP. No judgment.

The PUM are a little different. These are changes that are usually related to the Windows registry. As a user, you will not generally make changes to the registry that could be considered PUM. No offense.

For both types of modifications, three methods of manipulation are proposed:

Ignore detections

No action during detection and you will not be alerted.

Warn the user

You will be notified of the detection and you can choose to ignore it, create an exclusion or treat it as malicious software.

Always detect PUP / PUM

The detection will be treated as malware and corrective actions will occur.

While both PUPs and PUMs are treated the same, each is managed according to separate guidelines that you specify.

– Updates

Available only with the premium version of Malwarebytes .

– Startup options

Available only with the premium version of Malwarebytes . You can still choose to launch (or not) Malwarebytes at Windows startup.

– Automatic quarantine

Available only with the premium version of Malwarebytes .

You can restore the default settings of the Protection tab at any time.

Analysis planning

Malwarebytes - Image 9

This is where you can manage the planning of your analyzes.

exclusions

Malwarebytes - Image 10

Here you can manage the list of items that will be excluded from detection.

Account Information

Malwarebytes - Image 11

Here you will find information about the account:

Your device name, Malwarebytes edition used, status and expiration date. You will find a link to your online account, which allows you to upgrade Malwarebytes.

About

Malwarebytes - Image 12

All information relating to Malwarebytes, the company, …

3. Premium version

Malwarebytes Premium includes four levels of real-time protection :

– They automatically block malware attacks .

– They prevent ransomware from locking your files .

– They protect you from malicious sites when you surf the web.

– They detect spyware before they can steal your identity.

Malwarebytes Premium automatically informs you of malicious threats detected.

Also, by upgrading to the premium version of Malwarebytes, you can customize and program your analyzes .

4. What conclusion for Malwarebytes?

Malwarebytes is a small free tool of complementary protection to your antivirus . Easy to use , it allows you to quickly launch a scan to detect possible infections that your anti-virus would not have noticed. In our case, which is that of the average and moderate individual, no threat has been detected. In other words, as part of a “normal” activity, your anti-virus alone is enough. Malwarebytes is therefore especially useful for computers that have risky activities and are therefore subject to attack.

Malwarebytes has nevertheless detected some PUM and PUP actually obsolete. The free version therefore remains relevant for any type of user . And then, a little scan on occasion never hurts.

5. Advice and assistance

Various edited publications can complement the content of this article on related or related topics:

CCleaner: clean your PC

PC cleaning with Clean Master

Antivirus folder – How to protect your PC?