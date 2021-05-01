Geekzone: technology news, blogs, forums
Microsoft Windows Unwanted software defences - Malwarebytes found what Defender did not prevent
OldGeek

645 posts

Ultimate Geek

ID Verified
Lifetime subscriber

#284572 1-May-2021 11:08
Send private message

I am running WIN 10 home on a laptop with 20H2 installed.

 

Currently my wife's PC has two users - her and our grandson.  Both have separate user IDs, both with MS accounts with family settings intended to limit grandson's website access.  She is an adminstrator, grandson is not so cannot install software.  Both are sensitive to which user ID they use - grandson does not want grandmother's user profile 'interfering' with his game-playing 'experience', however my wife started to get nags from a pop-up when she logged on, to install the 'full version' of some software (I dont recall the name now - short-term memory failure at play here) at a substantial cost.  This software was related to Steam so it is likely my grandson was involved.  He may have been inadvertently playing using my wife's user ID so could have done something that resulted in the nagware being installed.

 

I ran a Windows Security full scan, nothing found.

 

I downloaded a trial version of Malwarebytes.  This found and removed the nagware.

 

I am therefore no longer confident that Defender provides all the protection needed, which is contrary to the advice given here by many contributors. I would welcome any guidance on why this happened and in the given circumstances whether a paid version of Malwarebytes should be used on my wife's PC.




-- 

OldGeek.

andrewNZ
2487 posts

Uber Geek
Inactive user


  #2700425 1-May-2021 11:48
Send private message

I'd be curious to know what the software was. Did you attempt to uninstall software the regular way?

Malwarebytes picking it up as "malware" sounds like it could be just their opinion rather than fact. Antivirus style software should only be detecting software that poses some kind of a risk to me, not just something one of their staff thinks is annoying.

MadEngineer
3062 posts

Uber Geek

Trusted

  #2700445 1-May-2021 12:26
Send private message

With Microsoft Family settings, disable all browsers except Edge. This in itself has many benefits with the Family function including potentially finding what site that was installed from though the reports. After that, check here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus 




You're not on Atlantis anymore, Duncan Idaho.

OldGeek

645 posts

Ultimate Geek

ID Verified
Lifetime subscriber

  #2700448 1-May-2021 12:32
Send private message

The software was not listed as an installed app.

 

I wish I had posted this at the time, when I could have supplied a screen shot of the nag.

 

Malwarebytes detected a entity that it removed.  I don't recall what that entity was called but there was no mention of steam in the name.  However steam was mentioned in the nag that popped up every time my wife logged on.




-- 

OldGeek.



MadEngineer
3062 posts

Uber Geek

Trusted

  #2700449 1-May-2021 12:42
Send private message

PUA does not mean app in the usual sense. The link I provided explains all




You're not on Atlantis anymore, Duncan Idaho.

Linux
9098 posts

Uber Geek

Trusted
Lifetime subscriber

  #2700457 1-May-2021 12:47
Send private message

Might be a false positive

OldGeek

645 posts

Ultimate Geek

ID Verified
Lifetime subscriber

  #2700462 1-May-2021 13:00
Send private message

MadEngineer: PUA does not mean app in the usual sense. The link I provided explains all

 

That link goes way over my head when it comes to configuring endpoints for Defender.  I had never heard of Intune or Endpoint Configuration Manager until now.  Although I have chromium-based Edge, my grandson uses Firefox predominantly, so browser-based settings are not effective in this case.




-- 

OldGeek.

Batman
Mad Scientist
28010 posts

Uber Geek

Trusted
Lifetime subscriber

  #2700463 1-May-2021 13:07
Send private message

There is no 100% pick up

Defender is nowhere near that. Neither is most.

Leave defender and occasionally do a deep scan with one to three other scanners.




Involuntary autocorrect in operation on mobile device. Apologies in advance.



MadEngineer
3062 posts

Uber Geek

Trusted

  #2700554 1-May-2021 21:02
Send private message

Without seeing the nag I'm going to guess that it was a browser notification.  Very common on kids laptops unfortunately.  The MS Family function you have can't control Firefox, aside from blocking it altogether.




You're not on Atlantis anymore, Duncan Idaho.

mdav056
547 posts

Ultimate Geek

Subscriber

  #2700567 1-May-2021 21:20
Send private message

I swear by MalwareBytes, which has for me picked up a lot of nasty things before they get onto my machine; but having said that, Defender seems to find a lot of Potentially Unwanted Programs (PUPs) that it wants to remove-- and I let it.




gml

Lias
4885 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2700775 2-May-2021 13:25
Send private message

mdav056:

 

Defender seems to find a lot of Potentially Unwanted Programs (PUPs) that it wants to remove-- and I let it.

 

 

I'm the opposite.. I've found Defender to be great, but it's gotten really bad at removing wanted things that it thinks are PUA's. Microsoft aren't the only ones with a bad habit of that, but they seem to have gotten particularly bad lately.




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

Hammerer
2378 posts

Uber Geek

Lifetime subscriber

  #2701197 3-May-2021 13:48
Send private message

OldGeek:

 

I downloaded a trial version of Malwarebytes.  This found and removed the nagware.

 

I am therefore no longer confident that Defender provides all the protection needed, which is contrary to the advice given here by many contributors. I would welcome any guidance on why this happened and in the given circumstances whether a paid version of Malwarebytes should be used on my wife's PC.

 

 

For many years, it has been common to use Windows Defender real-time scanning alongside Malwarebytes for on-demand scanning. This would also have removed your problem.

 

The main reason for this setup is that it is free and gives broad protection. Windows Defender is primarily an anti-virus and picked up most immediate threats. Malwarebytes, which has historically focused on spyware, trojans and PUPs, mopped up the rest. If you check the websites for both products you should be able to see their different focus.

 

You may be advised that running two real-time anti-virus programs is notorious for slowing down systems, not just for the double scanning, but also because they are competing for the same resources and can, in the worst case, produce deadlocks. However, I did run them both for real-time scanning without stalling my system when I had a Malwarebytes paid subscription which unlocks real-time scanning. 

 

https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/

 

 

 

 

tchart
2125 posts

Uber Geek

ID Verified
Trusted

  #2701208 3-May-2021 14:09
Send private message

mdav056:

 

I swear by MalwareBytes, which has for me picked up a lot of nasty things before they get onto my machine; but having said that, Defender seems to find a lot of Potentially Unwanted Programs (PUPs) that it wants to remove-- and I let it.

 

 

+1 for the longest time (since XP days) I relied on Defender and refused to pay for AV software.

 

However about 2 years ago I had something crop up that it wouldnt find/block. Malwarebytes did find it and nuked it. So for the past 2 years Ive paid for Malwarebytes.

 

AFAIK the only difference between free and paid is that you have to manually run scans with the free version. So Defender + Malwarebytes "Free" is a good compromise.

 

Also YMMV but recently Ive found the start up scan for Malwarebytes bashes the CPU for a few minutes which is annoying. Probably serves me right for doing a full shut down.

mdav056
547 posts

Ultimate Geek

Subscriber

  #2701209 3-May-2021 14:11
Send private message

Hammerer:

 

For many years, it has been common to use Windows Defender real-time scanning alongside Malwarebytes for on-demand scanning. This would also have removed your problem.

 

The main reason for this setup is that it is free and gives broad protection. Windows Defender is primarily an anti-virus and picked up most immediate threats. Malwarebytes, which has historically focused on spyware, trojans and PUPs, mopped up the rest. If you check the websites for both products you should be able to see their different focus.

 

You may be advised that running two real-time anti-virus programs is notorious for slowing down systems, not just for the double scanning, but also because they are competing for the same resources and can, in the worst case, produce deadlocks. However, I did run them both for real-time scanning without stalling my system when I had a Malwarebytes paid subscription which unlocks real-time scanning. 

 

https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/

 

  I've used Defender and paid Malwarebytes, both in real time, for many years on my successive I5 desktops, and haven't ever seen any obvious slowdown.  I recommend this to everyone who is running a newish and reasonably fast processor with a decent around of RAM (I have 8 gig).




gml

1101
3052 posts

Uber Geek


  #2701222 3-May-2021 14:37
Send private message

mdav056:

 

  I've used Defender and paid Malwarebytes, both in real time, for many years on my successive I5 desktops, and haven't ever seen any obvious slowdown.  I recommend this to everyone who is running a newish and reasonably fast processor with a decent around of RAM (I have 8 gig).

 

 

Sorry , thats TERRIBLE advice. :-)

 

NEVER have 2 AV's running at the same time.
What happens is they will ~fight each other~ is malware is detected , so one will stop the other cleaning it (by blocking access).
Ive seen that happen.

 

One needs to be disabled .

 

As to Mbytes finding stuff that defender missed.....
You need to look carefully at the logs . Some 'malware' detections are relatively harmless (or not even malware) or sometimes even just cookies.
Never been a fan of Defender regardless .

