The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
There are three scan types which can be executed — Threat Scan, Custom Scan, and Hyper Scan. Hyper Scan is only available to users of the Premium or Premium Trial modes. Please note that global scan settings used by Threat Scans and Hyper Scans are selected in Settings. Following are more detailed descriptions of each of the scan modes.
This method of scanning detects a large majority of threats that your computer may be faced with. Areas and methods tested include:
The Threat Scan is the scan method which we recommend for daily scans. While it will not scan every file on your computer, it will scan the locations which most commonly are the launch point for a malware attack.
You may also choose to run a custom scan. A custom scan allows you to scan according to specifications which you define at the time of the scan. These settings will override scan settings defined elsewhere. A screenshot of the custom scan configuration screen is shown below.
Custom Scanning Options
These settings provide capability to determine the functional areas that will be scanned. They are as follows:
Potentially Unwanted Programs/Modifications
These settings allow the user to choose how Potentially Unwanted Programs (PUPs) and Potentially Unwanted Modifications (PUMs) will be treated if they are detected.
Folders to be Scanned
This setting allows the user to include or exclude directories, subdirectories, and individual files from scans. It utilizes a Windows Explorer-like presentation model. In the screenshot shown above, every directory except Desktop is selected for a custom scan. You may scan parent directories separately from child directories based on individual selections.
This scanning option is only available to users of Malwarebytes Premium and Malwarebytes Premium Trial versions. This method of scanning is limited to detection of immediate threats. Areas and methods tested include:
While a Hyper Scan will clean any threats which have been detected, we strongly recommend that a Threat Scan be performed if a Hyper Scan has detected threats.
This tab allows users of the Premium and Premium Trial versions to add, edit and remove scheduled scans to be executed by Malwarebytes. This feature is not available to users of the Free version. A screenshot of this tab is shown below.
One scheduled scan is defined when Malwarebytes is installed. Premium and Premium Trial users are free to modify or delete scans at will. Please note that if the initial task is deleted without a replacement task being defined, Malwarebytes will not deliver the positive results that you expect. The same methods are used here to add a new task as well as to edit an existing task, so let's Add a new task in Basic mode.
A screenshot of the basic Add Schedule screen is shown here.
You can choose the specific task to be added on the left side of the screen, in the Scheduled Task area. You may choose from the following tasks:
Scan types have been previously discussed in the Scan section of this guide. Please refer to that page for further information if desired. The Frequency and Settings section allows you to define the timeframe (Schedule Frequency) that a task will be executed, and how often (Recurrence). For scans, this translates to:
At the bottom left corner of the Add Schedule window is the Advanced button. Click that to expand the Add Schedule window to expose several more options. A screenshot is shown below.
In Advanced Mode, we add options which allow you to tailor the task more to your liking. Let's look a little deeper, beginning with the advanced options for scans.
Advanced Scan Options
Scheduled Task defines what task (scan/update) is to be added/edited, and when that task should begin, specifying both the date and time. Scheduled Options provides several added capabilities to the basic settings which have already been described. Here's a rundown on the advanced options.
Frequency and Settings was discussed in the previous section (Advanced Mode). Please refer to that section for more detail. Recovery Options allow you to recover from a missed task (e.g. your computer was off at the time a scan was to take place). A scheduled task — if missed — will run at its next opportunity as long as it is within the duration specified by the Recover if missed by selector and the Recover missed tasks checkbox is checked.
Watching Scan Progress
Each scan method requires a different amount of time to complete. Unless significant changes have occurred on your local disk, a Hyper Scan or Threat Scan should each be rather consistent from scan to scan. A custom scan time interval may vary widely each time, based on the areas scanned, the number of files involved, and the size and complexity of the files. The screenshot below is an example of a scan in progress.
The progress bar shows milestones for each phase of the scan, with each milestone represented by a green or gray symbol. In this screenshot, some milestones are shown with green checkmarks, indicating that phase of the scan has been completed. Scan Memory is represented by an animation which indicates that this phase of the scan is currently being performed. The remainder of the tasks are shown as grey hourglasses, and are yet to be started.
You may also pause a scan while it is in process by clicking the Pause button. The scan phase in progress will change to indicate that the scan has been paused. Click Resume to continue the scan where it left off. You may also click Cancel at any time to terminate the scan. Results of the scan will be reported as if the scan ran to completion.
After a scan has been executed, scan results are displayed as shown here. In this scan, three threats were detected.
You may move threats to Quarantine by selecting the threat (using checkboxes to the left of the threat's name) and clicking Quarantine Selected. If any threats are not selected to be moved to Quarantine, you will be prompted to Ignore Once, Ignore Always, or Cancel. Ignore Once will result in the threat once again being reported as a threat during the next scan execution. Ignore Always causes the threat to be added to Exclusions. A threat which has been added to Exclusions will no longer be reported as a threat unless there is reason to believe that it has been tampered with. You must provide a disposition for each threat displayed on this screen.
Threats which have been moved into Quarantine cannot harm your computer. They are neutralized as part of the quarantine process. Please see Quarantine for further information.
The final screen to be displayed as part of a scan is the Scan Summary. It provides summary information about the scan, and allows you to view scan detail on screen, or export scan summary or scan detail to a text file. A screenshot of the Scan Summary is shown below.
Clicking the View Report button displays the Scan Report for the scan just completed. It is shown here as well.
When threats are detected during a scan, the user must decide how these threats should be handled. The following series of screenshots detail this flow. In the first screenshot, three threats have been detected. By default, all are selected for removal. Please note that the total number of detected threats is shown above the list of threats, and the number of threats that have been selected for removal is shown in red on the same line (near the right edge of the screen).
In order to demonstrate the behavior of this screen, we will uncheck the third threat. This indicates that only the first two threats are to be removed. Clicking the Quarantine Selected button results in the screen shown below.
The threat that was not selected still requires remediation, based on input supplied by the user. In this case, the choices available are Ignore Once, Ignore Always and Cancel. Clicking the Ignore Once button temporarily ignores the threat, although it will be shown as a threat on subsequent scans. Selecting Ignore Always results in the threat being added to the Exclusion List. It would not be scanned in the future. Clicking Cancel keeps you on this screen until you choose how to handle the detected threat. Once a disposition has been selected for all detected threats, the screen below will be displayed.
Although a threat has been quarantined, you must restart the computer to assure the threat removal process is complete.