Malwarebytes Nebula provides a quick Hyper Scan, a more in-depth Threat Scan, and custom scans. The Asset Inventory Scan updates endpoint information in the console. This article explains the types of scans and the options available for each.
Scans may be run manually across endpoints or scheduled at a time that works best for you. Options for scans are set within a policy.
- For more details on setting up scans, see Scan Options in Configure Settings options in Malwarebytes Nebula.
- For more information on scheduled scans, see Set scan schedules in Malwarebytes Nebula.
Threat Scans
Threat Scans detect the most common threats by scanning conventional locations on an endpoint where threats can occur. Threat Scans use heuristic analysis, a technique that looks for certain malicious behaviors in files that Malwarebytes hasn’t seen before. Run a daily Threat Scan to keep your endpoints safe.
Threat Scans check the following on your endpoints:
- Memory Objects: Memory allocated by operating system processes, drivers, and other applications.
- Startup Objects: Executable files and/or modifications made during computer startup.
- Registry Objects: Configuration changes made to the Windows registry.
- File System Objects: Files which may contain malicious programs or harmful code snippets.
You may also select:
- Quarantine found threats automatically: Lets you immediately quarantine threats when they’re detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.
Hyper Scans
A Hyper Scan is a quick scan that detects and cleans immediate threats. If a Hyper Scan finds any threats, run a Threat Scan to check for threats at a deeper level.
Hyper Scans check the following:
- Memory Objects: Memory allocated by operating system processes, drivers, and other applications.
- Startup Objects: Executable files and/or modifications made during computer startup.
You may also select:
- Quarantine found threats automatically: Lets you immediately quarantine threats when they’re detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.
Custom Scans
Custom Scans enable you to specify precisely what to scan. This scan is configured on the Settings > Schedules screen. When choosing a Custom Scan, the following settings are available:
- Quarantine found threats automatically: Lets you immediately quarantine threats when they’re detected. If not selected, Malwarebytes asks you to choose an action for each threat detected.
- Scan memory objects: Scans memory used by operating system processes, drivers, and other applications.
- Scan startup and registry settings: Scans executables that are started at boot and changes to the registry that can affect startup behavior.
- Scan within archives: Archive files are scanned, up to four levels deep. Encrypted archives are not scanned. Archive file types include ZIP, 7Z, RAR, CAB and MSI.
- Rootkits: Scans for rootkits, files invisible to the operating system that can influence system behavior.
- PUPs/PUMs: Choose whether Potentially Unwanted Programs and Potentially Unwanted Modifications are considered malware or ignored.
- Scan Path: The top level folder for the Custom Scan.
Asset Inventory Scan
An Asset Inventory Scan looks at which Asset Management settings are enabled in the group policy. The scan then retrieves the specified information from each endpoint and updates the endpoint details in the console. These details are found on the Endpoint Properties screen.
Adjust Asset Management settings in a policy
- Go to Settings > Policies > choose a policy > choose Windows, Mac, or Linux > General.
- Scroll down to Asset Management.
- For each event that you want to be updated by an Asset Inventory Scan, toggle the switch to ON.
- Repeat steps 2 and 3 for all platforms that use this policy.
- Click SAVE.
Information collected during the scan is updated on the Endpoint Properties screen. Information scanned may include:
- Storage Devices: Connected storage, USB storage, and other devices.
- Memory Objects: Physical and virtual memory of the endpoints.
- Startup Programs: Registry entries for installed startup programs on the endpoint.
- Installed Software: Software installed on the endpoint.
- Software Updates: Software updates that occurred on the endpoint.
To view Endpoint Properties, go to Endpoints and click on an endpoint name. View more information on the endpoint by selecting the tabs at the top of the Endpoint Properties screen.
For more information on Endpoint Properties, see Manage Malwarebytes Nebula endpoints.
Return to the Malwarebytes Nebula Administrator Guide.
Source : Official Malwarebytes Brand
Editor by : BEST Antivirus KBS Team