Most settings which control how Malwarebytes protects your computer are located on the Protection tab. Settings are grouped by category. A screenshot is shown below, along with descriptions of all settings available on this tab.
Malwarebytes offers four different types of real-time protection. These features are available only to users of the Premium and Premium Trial modes. It is important to note that Premium Trial users who do not convert to a Premium subscription will lose all real-time protection features at the end of their trial.
Web Protection protects users by blocking access to/from Internet addresses which are known or suspected of engaging in malicious activity. This feature does not treat different protocols differently. It does not distinguish between your favorite game being served on one port and a potential malware source being served on another. Should you choose to disable this feature, you could inadvertently compromise your computer's safety. Please note that this option is disabled if you are using the Free version.
Exploit Protection uses multiple protection layers to guard against attempted exploits of vulnerabilities in legitimate applications. When applications are launched by the user, exploit protection is also launched as a shield. This protection will often detect and neutralize attacks that go undetected by other security applications. It is on by default for Premium/Premium Trial users.
Many popular applications have been pre-configured for shielding. A screenshot is shown above. To change the status of any application, either use the Protection slider, or double click either the Application or File Name. Premium/Premium Trial users may add protection for other applications, and edit specifications for any defined shield. The Add screen is shown here.
You may specify a Application Name which is easily recognizable, and the Application file name. You can also browse for the file. Select a Program Type which most closely resembles the purpose of the application. If you are unsure, select Other.
The same screen is used to edit existing entries.
In addition, Premium/Premium Trial users can modify advanced exploit protection settings. Several advanced settings are spread across four tabs, depending on the classification of protection they provide. One tab is shown here as an example.
Each advanced setting is available for up to six different application groups, the groups representing the method by which threats will attempt to exploit vulnerabilities in applications of that type. Protection may be turned on (checked), off (unchecked), or is not applicable for that group of applications (greyed out). While these settings provide very specific protection, they should only be changed when requested by a Malwarebytes Customer Success specialist. Incorrect settings may result in impaired protection.
Malware Protection may be turned on or off as needed by Premium/Premium Trial users. It is on by default. This feature protects against malware present in code/files that try to execute on your computer. These files may have been downloaded, or imported from a USB drive, or received as an email attachment. While we do not recommend disabling this protection mechanism, there may be times when it needs to be done to troubleshoot compatibility issues that arise with anti-virus updates or computer startup problems. If either situation does occur, start your computer in Safe Mode, disable Malwarebytes Malware Protection, isolate and correct the issue, then turn Malware Protection back on. Please note that this option is disabled if you are using the Free version.
Ransomware Protection provides Premium/Premium Trial users protection against the threat of ransomware. This protection is not available for users of Windows XP or Windows Vista. While all other protection features may provide some degree of protection against ransomware, well-crafted ransomware may be undetected until it attempts to initiate its attack. As many computer users have found, there is little or no remedy available after the fact. We strongly recommend that ransomware protection be turned on at all times. It is on by default. Please note that this option is disabled if you are using the Free version.
Scan for rootkits utilizes a specific set of rules and tests to determine if a rootkit is present on your computer. For readers who are unfamiliar with this term, an explanation may be handy. A rootkit is malicious software that can be placed on a computer which has the ability to modify operating system files in a manner that hides its presence. Malware detection methods that rely on hooks to the operating system for detection and analysis would prove ineffective if the hooks had been purposely manipulated by malware. Our testing method is more intensive and more effective, but including rootkit scans as part of your overall scan strategy increases the time required to perform a scan.
When Scan within archives is enabled, Malwarebytes will scan two levels deep within archive (ZIP, RAR, 7Z, CAB and MSI) files. If this option is disabled, the archive is excluded from scanning. Please note that encrypted archives cannot be fully tested.
We have introduced a new detection method called Shuriken 2.0, a signature-less technology. Shuriken takes advantage of machine learning to supplement existing detection methods.
In addition to malicious software detection and elimination, Malwarebytes also detects and acts upon two classes of non-malware. These are Potentially Unwanted Programs (PUP's) and Potentially Unwanted Modifications (PUM's). In many cases, PUP's appear in the form of toolbars and other application software which are installed on your computer as part of a bundle. You may have asked for one application, and it came with a second application that was not mentioned, or was mentioned, but you did not uncheck the checkbox next to it to prevent it from being installed at the same time. You may also want and use the PUP. We do not judge the merit of the program or its usability. We do offer a method of removing it if you choose to.
PUM's are a bit different. These are modifications that are typically related to the Windows registry. As a user you will generally not be making changes to the registry that would qualify as a PUM, though the possibility does exist. Because it does, we allow you to define your own rules when it comes to how they are treated. With regard to both types of modifications, we provide three handling methods. These are:
While PUP's and PUM's are both handled in the same manner, each is handled according to separate guidelines which you specify.
Users of Malwarebytes Premium and Malwarebytes Premium Trial have the ability to automatically check for protection updates, and to specify when those checks will be performed. The date range is adjustable between fifteen (15) minutes and fourteen (14) days, the increment depending on the range (minutes/hours/days). We recommend that you do not allow the rules database to become dated, as much damage can be caused by zero-day infections — those threats that are too new to be adequately protected against by anti-virus software. The default for this feature is on. You may also have Malwarebytes display a notification in the corner of your screen if protection updates are more than 24 hours old.
These settings define how Malwarebytes will behave when your computer starts. You may launch several applications at startup, and they may initiate startup processes which require Malwarebytes launch timing to be adjusted. Let's look at each setting in detail.
Users of Malwarebytes Premium and Malwarebytes Premium Trial may specify whether malware will be automatically quarantined when it is detected. The default setting is on. If the users declines to automatically quarantine malware, a notification will display in the lower right corner of the screen for each detection, and the user must specify whether the file is to be ignored once, ignored always (added to Exclusions) or quarantined.