Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What software to use for scanning weekly/nightly


  • Please log in to reply
51 replies to this topic

#1 Enterprise256

Enterprise256

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 07 March 2015 - 04:30 PM

Due to the type of work I do, I go around alot of files on a daily basis and the sources are not exactly the cleanest.

 

What software do you guys recommend to do scans on a nightly and/or weekly basis? I leave the system running 24/7 and when not in use for a long time I leave it scanning with Norton 360 and MBAM together.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:31 AM

Posted 07 March 2015 - 04:33 PM

Hello there,

There is no "one size fits all" solution when it comes to AV software - you should be fine with Norton 360 and MBAM, if you practices safe computing.

Regards,
Alex

#3 Enterprise256

Enterprise256
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 07 March 2015 - 04:55 PM

Hello there,

There is no "one size fits all" solution when it comes to AV software - you should be fine with Norton 360 and MBAM, if you practices safe computing.

Regards,
Alex

I been doing the "safe practices" since I got into computing but I feel like Norton and MBAM is just not enough.



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:31 AM

Posted 07 March 2015 - 05:07 PM

Malwarebytes Anti-Malware is a favored tool by many here :) having it will cover your AM department. Are you using the free or paid version?

As for Norton, you can switch to a different AV solution if you wish to do so. However I assure you it is not necessary.

Alex

#5 Enterprise256

Enterprise256
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 07 March 2015 - 05:15 PM

Malwarebytes Anti-Malware is a favored tool by many here :) having it will cover your AM department. Are you using the free or paid version?

As for Norton, you can switch to a different AV solution if you wish to do so. However I assure you it is not necessary.

Alex

For MBAM I'm using the free version.

 

What I like about Norton is it's firewall and how it's easy to use. We've never really been using any other paid AV other than Norton.

 

EDIT: And I do run CCleaner from time to time.

 

Also running AdBlock.

 

But it just feels inadequate.


Edited by Enterprise256, 07 March 2015 - 05:16 PM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:31 AM

Posted 07 March 2015 - 05:28 PM

Since you are using MBAM Free, just remember to do regular scans manually. And never use CCleaner's registry cleaner option!

And here are some suggestions you may find useful to enhance your security:

- Remove Java, Flash and Silverlight if you do not use them.

- NoScript for Firefox: This will allow you to block malicious scripts while allowing legit ones. It can take a while to learn which ones to allow or block, but once you got the hang of it then it becomes a very effective tool.

Chrome has a similar tool called ScriptSafe.

- Web of Trust: Gives you a general idea of what is good and bad via community feedback. Take it with a grain of salt however, as it is not always accurate.

- Malwarebytes Anti-Exploit: This is a small app that prevents malware from using exploits - loopholes in apps that they can use - to infiltrate your machine. Just install the app and forget it, it'll do its job automatically.

- CryptoPrevent: This is an app that prevents the execution of crypto ransomware by placing software restrictions into places they are known to start from.

- HitmanPro.Alert: This is an offshoot of the AM scanner HitmanPro that monitors browsers and warns you if they are compromised by banking trojans. It also features the ability to neutralize active crypto ransomware and gives you the option to kill it with HitmanPro, and exploit mitigration similar to MBAE.

- Secunia Personal Software Inspector: This utility helps you in keeping your programs up-to-date by inspecting your machine for any outdated software.

If you have any questions, feel free to ask it here.

Regards,
Alex

#7 Enterprise256

Enterprise256
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 07 March 2015 - 05:48 PM

Since you are using MBAM Free, just remember to do regular scans manually. And never use CCleaner's registry cleaner option!

And here are some suggestions you may find useful to enhance your security:

- Remove Java, Flash and Silverlight if you do not use them.

- NoScript for Firefox: This will allow you to block malicious scripts while allowing legit ones. It can take a while to learn which ones to allow or block, but once you got the hang of it then it becomes a very effective tool.

Chrome has a similar tool called ScriptSafe.

- Web of Trust: Gives you a general idea of what is good and bad via community feedback. Take it with a grain of salt however, as it is not always accurate.

- Malwarebytes Anti-Exploit: This is a small app that prevents malware from using exploits - loopholes in apps that they can use - to infiltrate your machine. Just install the app and forget it, it'll do its job automatically.

- CryptoPrevent: This is an app that prevents the execution of crypto ransomware by placing software restrictions into places they are known to start from.

- HitmanPro.Alert: This is an offshoot of the AM scanner HitmanPro that monitors browsers and warns you if they are compromised by banking trojans. It also features the ability to neutralize active crypto ransomware and gives you the option to kill it with HitmanPro, and exploit mitigration similar to MBAE.

- Secunia Personal Software Inspector: This utility helps you in keeping your programs up-to-date by inspecting your machine for any outdated software.

If you have any questions, feel free to ask it here.

Regards,
Alex

I use Java, and Flash but not Silverlight that much.

 

I use Opera as my main browser.

 

I don't understand, what does MBAE exactly do?

 

Will CryptoPrevent and HitmanPro.Alert: run in the background like MBAE? I'd like to keep the number of programs running in the background to a minimum.

 

EDIT: https://www.virustotal.com/en/file/3e00f59ec080aa3c6112112a88a90abbccf434db7dcf4ed8691978b61415cd7f/analysis/1425768516/ Accurate?


Edited by Enterprise256, 07 March 2015 - 05:50 PM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:31 AM

Posted 07 March 2015 - 05:56 PM

Let's see if I can try to explain MBAE...

Basically a lot of applications that you use - your browser, Java, Flash, Silverlight - tend to have "holes" in them that can be used by malware to get into your machine unauthorized. In technical terms those are called "exploits".

MBAE works by watching applications and blocks attempts by malware to infect the machine using those holes.

CryptoPrevent is not resident (does not run in background) - see its FAQ here. HitmanPro.Alert is resident however due to its functions (warnings about compromised browsers, neutralize active crypto ransomware - and in version 3 release candidate, exploit mitigration).

Both MBAE and HitmanPro.Alert are lightweight, so they don't take up much resources even though both are resident.

Edit: 

EDIT: https://www.virustotal.com/en/file/3e00f59ec080aa3c6112112a88a90abbccf434db7dcf4ed8691978b61415cd7f/analysis/1425768516/ Accurate?


No, that's a false positive. I've never heard of the AV engine that detected it.

Regards,
Alex

Edited by Alexstrasza, 07 March 2015 - 05:59 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:31 AM

Posted 07 March 2015 - 07:08 PM

Expanding on Alex's comments....

Malwarebytes Anti-Exploit (MBAE), formerly ExploitShield by ZeroVulnerabilityLabs, is a security program that runs in the background as a standard Windows Service and protects against zero-day exploits that target browser and application vulnerabilities, blocks exploit kits and defends against drive-by download attacks.

Malwarebytes Anti-Exploit provides three layers of exploit protection (against Operating System security bypasses, memory caller protection, application behavior protection). MBAE continuously monitors popular applications, preventing vulnerabilities in software and browsers from being exploited, blocks unknown and known exploit kits, proactively preventing the exploit from installing its payload before it can do damage. This means that it will protect against code execution that uses a certain vulnerability in an application. MBAE leaves a small footprint...meaning it is not intrusive, does not utilize a lot of system resources and does not use a signature database so there is no need for constant updating.

Malwarebytes Anti-Exploit includes a 14-day trial mode for the Premimum version which you can enable during installation by checking the box when prompted. Malwarebytes Anti-Exploit Premium includes additional protecton (Shields) for PDF readers, Microsoft Office (Word, Excel, Powerpoint), Media players and allows the ability to add/manage custom shields. The Premium version requires a registration ID and purchase of a license key after the trial period expires.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:31 AM

Posted 07 March 2015 - 07:10 PM

CryptoPrevent is a security tool that writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. CryptoPrevent can be used to lock down any Windows OS to prevent infection by crypto ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. Due to the way that CryptoPrevent works, it protects against a wide variety of malware and ransomware. CryptoPrevent Premium offers automatic updates to the program and definitions, email alerts, and custom policy rules.

CryptoPrevent has a filter module (in the installer version) which allows you to apply (enable) or disable suspicious program filtering for .cpl, .scr and .pif files which are executable files. This option is found by opening CryptoPrevent and selecting Advanced > show Advanced Options at the top. The portable version does NOT include the Filter Module...you must get the installer version to use that feature.HitmanPro.Alert is a free security tool that checks browser integrity and alerts users when malware has intruded the browser. HitmanPro.Alert runs as a service and warns if the browser has been compromised and is unsafe to use for online banking or shopping. The alert will not block the malware itself from installing since the program is not designed to be an anti-virus or anti-malware tool. If suspicious behavior is detected, HitmanPro.Alert's CryptoGuard will block it...including the encryption of files. CryptoGuard is actually the name of the kernel driver compoment installed by HitmanPro.Alert that mitigates a crypto-ransomware attack...it is a filter driver which monitors the file system and looks for suspicious file operations at the file system level. When suspicious behavior is detected, the process's ability to rename, write or delete files is blocked and an Alert is presented to warn the user. So even while ransomware is active, CryptoGuard protects all documents and files on the computer and will block crypto attacks against them. To remove the malware infection, you have to download and run HitManPro or another anti-malware scanner.

There is an entire topic devoted to HitmanPro.Alert with CryptoGuard where erikloman, the Authorized SurfRight Rep. posts updates and answers questions. There is also a HitmanPro.Alert Support and Discussion topic here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 08 March 2015 - 03:21 AM

Also running AdBlock.


If you want, you can replace AdBlock by uBlock, which is way more light-weight and also have tons of customizable settings. I used to run AdBlock and AdBlock Plus but since I discovered uBlock and made the switch, I've seen how efficient it is and I save quite a good amount of RAM with it compared to the previous combinaison. Also, if you are to use Google Chrome as your web browser, the alternative to NoScript for Firefox mentionned by Alex is called ScriptSafe under Chrome. You can easily find it in the Chrome Web Store :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:31 AM

Posted 08 March 2015 - 07:35 AM

uBlock is not an ad blocker; it's a general-purpose blocker. uBlock blocks ads through its support of the Adblock Plus filter syntax. uBlock extends the syntax and is designed to work with custom rules and filters.

uBlock

It is not user friendly for the average person.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:12:31 AM

Posted 08 March 2015 - 09:08 AM

Enterprise256

 

I'm using the same combination as you with the exception that I'm running the paid MBAM "Pro" version.  I prefer the paid version since it offers real-time protection and it provides a schedule tool for unattended scans.

 

Win 7x64 Home Premium OEM version on 2 PC's.

 

I use the Standby ("Sleep") mode with my 2 PC's so that I can run daily overnight unattended AV & MBAM scans, then return the PC's back to Standby mode.

 

I use my backup program ("Acronis") that wakes up the PC's at 1:30am.  After a small backup job completes in about 2 minutes, my PC's run an MBAM "Quick" scan.

 

After that scan completes, my Norton N360 AV runs a "Full" scan.  When that completes, Norton returns the PC's back to Standby mode.


Edited by Scoop8, 08 March 2015 - 09:18 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:31 AM

Posted 08 March 2015 - 09:20 AM

I agree with Scoop8 and recommend the Premium (Pro) version of MBAM as well...see my comments in Supplementing your Anti-Virus Program with Anti-Malware Tools as to why..
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Enterprise256

Enterprise256
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 08 March 2015 - 10:20 AM

 

Also running AdBlock.


If you want, you can replace AdBlock by uBlock, which is way more light-weight and also have tons of customizable settings. I used to run AdBlock and AdBlock Plus but since I discovered uBlock and made the switch, I've seen how efficient it is and I save quite a good amount of RAM with it compared to the previous combinaison. Also, if you are to use Google Chrome as your web browser, the alternative to NoScript for Firefox mentionned by Alex is called ScriptSafe under Chrome. You can easily find it in the Chrome Web Store :)

 

I'm running Opera for most of the time and got the others for secondary accounts.

 

Enterprise256

 

I'm using the same combination as you with the exception that I'm running the paid MBAM "Pro" version.  I prefer the paid version since it offers real-time protection and it provides a schedule tool for unattended scans.

 

Win 7x64 Home Premium OEM version on 2 PC's.

 

I use the Standby ("Sleep") mode with my 2 PC's so that I can run daily overnight unattended AV & MBAM scans, then return the PC's back to Standby mode.

 

I use my backup program ("Acronis") that wakes up the PC's at 1:30am.  After a small backup job completes in about 2 minutes, my PC's run an MBAM "Quick" scan.

 

After that scan completes, my Norton N360 AV runs a "Full" scan.  When that completes, Norton returns the PC's back to Standby mode.

Are you using an external scheduling program for all that? I've got a few copies of Acronis that came with my SSD's but haven't used them.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users