|
There are isolated problems with current patches, but they are well-known and documented on this site. |
You tube video here Do you have a deep security scanning tool that you use when you want to do a deep scan of your computer? I was reminded of this wh
[See the full post at: Tasks for the weekend – March 13 – what security scanner do you use?]
Susan Bradley Patch Lady
In an earlier topic Internet Security Providers at https://www.askwoody.com/forums/topic/internet-security-providers/ it was established that, of the 21 voices contributing to the thread, ESET Internet Security received the most positive response followed by Bitdefender Internet Security, Norton 360 Deluxe, and finally Windows Defender.
Avast Premium Security and AVG Internet Security were nonstarters.
Consistent with United States Defense Department and other Federal agencies recommendations Kaspersky Cyber Security was eliminated from consideration.
Kaspersky Cyber Security was eliminated from consideration.
Eliminated from consideration due to false accusations that never has been proved.
I use Kaspersky security software.
Against all advice about using two AVs…I use both Defender and Malwarebytes Premium in tandem with Defender as the registered AV. I’ve never had an infection and it works fantastic for me.
Out of curiosity I tried the Kaspersky tool. Seemed to work but all it flagged where Nir-Soft utilities (which most AVs flag) and my Links to start up PowerShell in Admin mode. One thing I found frustrating is there is no way to print the results for later investigation. I did get it to write a file to my C: drive but then I couldn’t find a program to open the proprietary file format, really Kaspersky!
HTH
Against all advice about using two AVs…I use both Defender and Malwarebytes Premium in tandem with Defender as the registered AV. I’ve never had an infection and it works fantastic for me.
Long ago I decided to ignore “all advice” and do Windows my way. I concur, Malwarebytes Premium and Windows Defender (and before that MSE) work together hand-in-glove, so to speak. I’ve never had an issue or conflict, and also not had any malware of any kind.
It’s not real time protection, it’s a one off scanner and in this particular case it was recently updated to look for specific attacks on servers that may not normally have a/v installed or been tuned to exclude certain folders and subdirectories.
Susan Bradley Patch Lady
Security Essentials (rebranded Windows Defender, and lately re-rebranded Windows Security) is a complete security program, with real-time protections and scanning features. It maintains and updates its scanning engine and database of definitions and heuristics rules on your computer.
Safety Scanner is a stand-alone, downloaded program with a set of definitions which cannot be updated locally. Its scanning engine also does not update. So you need to download a fresh copy each time you use it, and discard the previous (outdated) copy.
Windows Defender Offline (WDO) launches in an outside of Windows preboot environment from which it downloads the current definitions files, updates itself and its definitions, then runs a scan with Windows not active, thus avoiding any rootkits, services or drivers which might prevent a scan from succeeding. Removal can be handled outside of Windows as well, avoiding interference with removals. A report is generated and sent to the local drive from whence it can be retrieved and reviewed. That all works on some systems, but not on others.
All three of these versions use the same definitions database. The engines are different. Windows Security is the most up to date and generally useful AV engine Microsoft maintains. But the other two can perform scans and removals of tougher malware which Windows Security can’t handle.
Then there’s the mysterious Microsoft Malicious Software Removal Tool (mrt.exe) which gets updated every month (or not) and downloads and runs (“installs”) with Microsoft Updates every month (or not).
I’ve never seen mrt.exe detect anything, except a few times when there were known issues which produced false positives in the results. (Thanks to AskWoody and other sites, I didn’t get fooled into removing these false detections!)
-- rc primak
. Reason: clarity of identity of products
.
MSRT is quarterly:
The MSRT is released on the second Tuesday on a quarterly cadence (February/May/August/November).
Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830)
Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge
I use Kaspersky security software.
Does it still have that ‘squeal’ alert when malware is detected? That used to make me jump out my skin back in the day 😀
Don’t know. Sound is of on my PC unless I need it for music, video.
Kaspersky Cyber Security was eliminated from consideration.
Eliminated from consideration due to false accusations that never has been proved.
I use Kaspersky security software.
Similar accusations by United States Defense Department and other Federal agencies..
These are the same US departments that found evidence to ‘weapons of mass destruction’ in Iraq.
Court ruling suspends U.S. ban on investment in Xiaomi
A U.S. federal judge on Friday temporarily blocked the Department of Defense from forcing American investors to divest from Chinese smartphone maker Xiaomi Corp on the grounds the company has ties to China’s military….
U.S. District Judge Rudolph Contreras in Washington, D.C., said on Friday that the court “concludes that defendants have not made the case that the national security interests at stake here are compelling.”..
Kaspersky loses Court of Appeals battle to reverse US government ban
The court maintains the threat of the Russian-based antimalware company is real
(Our site software flags outside links as spam, so copy/paste into your browser to see the article.)
-- rc primak
Just the possibility that the charges against Kaspersky are true is — for me — sufficient reason to avoid it when there are plenty of good alternates out there. No one will be harmed as a result (except maybe Kaspersky).
Meanwhile, a few things happened since 2018…
This article (published today) is a useful insight to put things in perspective and sums it up nicely: the so-called “cloud protection” feature may be turned off without adversely affecting or impacting the overall performance, protection and disinfection capabilities of the product. Privacy concerned users might want to consider that aspect because similar cloud-based protection features do exist, too on the reputable and US friendly, sanctioned and approved security products from most other vendors.
Recent posts from Kaspersky (admittedly biased) might also help to draw a clearer picture of how the legitimate, but unproven claims are being dealt with.
https://usa.kaspersky.com/transparency-center
https://usa.kaspersky.com/about/press-releases/2021_na-kaspersky-ranked-top-in-canalys-channel-satisfaction-benchmark-for-second-year
https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-nearly-half-of-companies-prohibit-sharing-threat-intelligence-findings-with-professional-communities
https://usa.kaspersky.com/about/press-releases/2021_na-kaspersky-ranked-top3-cybersecurity-solution-in-81-of-benchmarking-tests
https://www.kaspersky.com/top3
Disclaimer: I’ve no affiliation whatsoever with Kaspersky and I’m not trying here to “advertise” their product (moderators, feel free to edit my post and remove the above links if you consider they don’t add any value to the post and/or by posting them I’m unwillingly breaking in any way the current rules, norms and guidelines of what can or cannot be posted on the website and the forums – I don’t think so and I certainly hope not as it’s not my intention, at all, to do that). Like Alex I just don’t buy that things are as black and white as we’ve been told: there are many shades of grey and things to consider (context, political an economic interests, product settings and use cases, etc).
I did a little testing of the Microsoft Security Scanner (msert.exe). I found out I could run it from a Macrium Reflect Boot USB stick using the Command icon at the bottom left. This lets me run it with out the main Windows OS being active. Make sure you know where on your system the MSERT.exe file is as you’ll have to type the full path. The down side is you have to do either a quick scan or full scan. You can select Custom Scan but it won’t let you select a directory and there isn’t a command line switch that allows you to specify one either.
The results are posted to your C:\Windows\Debug\msert.log file so you have access to it after your reboot into regular Windows.
Here’s a sample output using the /H switch:
---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.333, (build 1.333.417.0)
Started On Sun Mar 14 14:06:48 2021
Engine: 1.1.17900.7
Signatures: 1.333.417.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode
Full Scan Results:
------------------
Threat Detected: HackTool:Win32/Passview!MSR, not removed.
Action: NoAction, Result: 0x00000000
file://G:\BEKDocs\NonInstPrograms\NirSoftx64\bulletspassview.exe
SigSeq: 0x0000166758194437
Threat Detected: HackTool:Win64/ProductKey.G!MSR, not removed.
Action: NoAction, Result: 0x00000000
file://G:\BEKDocs\NonInstPrograms\NirSoftx64\produkey.exe
SigSeq: 0x00009C78022FED20
Threat Detected: HackTool:Win32/Passview!MTB, not removed.
Action: NoAction, Result: 0x00000000
file://G:\BEKDocs\NonInstPrograms\NirSoftx64\wirelesskeydump.exe
SigSeq: 0x00002667F0ABB439
Results Summary:
----------------
Found HackTool:Win32/Passview!MSR, not removed.
Found HackTool:Win64/ProductKey.G!MSR, not removed.
Found HackTool:Win32/Passview!MTB, not removed.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sun Mar 14 15:58:52 2021
Return code: 7 (0x7)
Note: the found “malware” is actually Nir-Soft Utilities!
I started a full scan on my main machine but after 40 minutes the progress bar had hardly moved. That’s on tap for overnight starting at bed time!
HTH 😎
Just does a scan it does NOT remove any files! HTH 😎
I use Kaspersky Internet Security for full time protection. I have it run a full scan every week. If I suspect something, I run the Kaspersky stand alone scanner from a USB drive. The stand alone scanner now does only a limited scan by default, but you can set it for a full scan. Kaspersky has been at or near the top of almost every lab test of protection software for years. They also provide very good support.
Have the identical experience with KIS, Kaspersky Internet Security. Low system impact and good phone support. Have had to escalate issues when the Level 1 had no clue. Even had a Level 3 remote into my system and fix a problem with Safe Money and Firefox. Proved it works as the tech had to get my feedback as he couldn’t see the secure browser either. 😉
In addition to my everyday AV, I use the HitmanPro one-off manual deep clean scanner, along with the real-time (no signatures) anti-exploit HitmanPro.Alert to prevent attacks. The license for Alert includes the HitmanPro scanner.
Windows 10 Pro 22H2
W10 Pro but a home user. I use Defender and Malwarebytes AdwCleaner. Don’t know how deep but it’s fast.
Until reading about the Microsoft Safety Scanner Tool here, I was not aware of it. It took about 51 minutes to check everything on my system and found no issues. Now that I’m aware of it, I will be using it as a periodic double check with Windows Security.
I know that some people like Malwarebytes Anti-Malware, but my own experience with it has not left me impressed with it’s usefulness. When I have used it in the past to try and clean infected systems, I found that it did a not so great job of cleaning those systems and having to use other software to finish the job. Not trying to start a war, just stating my experience with it.
In my working days, I found Kaspersky to work best on infected systems. I find the US government position on Kaspersky to be without merit, but I can see how that might persuade some to pass it by – I understand.
Again, thanks to Susan, I have discovered a new tool to back up Windows Security. Thanks.
I know that some people like Malwarebytes Anti-Malware, but my own experience with it has not left me impressed with it’s usefulness. When I have used it in the past to try and clean infected systems, I found that it did a not so great job of cleaning those systems and having to use other software to finish the job…
Hi klang:
That might have been a deliberate decision on Malwarebytes’ part, depending on the type of malware you were trying to remove. I’ve been told that Malwarebytes will not to try to wipe the last traces of certain classes of malware off your system (especially those that hook themselves deep into the Windows kernel) so that the automated removal doesn’t damage your operating system. In some cases Malwarebytes will detect and remove the dropper (a hidden helper program that delivers and installs other malware) so the infection can’t do any further damage, but complete removal sometimes requires the assistance of one of their trained malware removal specialists in their free Malware Removal Help & Support board to ensure the last traces are removed safely.
I used Norton Security as my AV for several years and there have been many reports in the Norton Community about false positives detections by their “deep dive” tool Norton Power Eraser (NPE) that corrupted third-party software or left a user’s system unbootable. The Norton Power Eraser home page at https://us.norton.com/support/tools/npe.html even has a warning which states in part “Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal…“. See my 08-Jan-2020 post <here> in the Norton forum about the possible dangers of running the Norton Power Eraser.
————
64-bit Win 10 Pro v2004 build 19041.804 * Firefox v86.0.1 * Windows Defender v4.18.2102.3 * Malwarebytes Free v4.3.0.98-1.0.1217
IMO there is altogether too much effort wasted on worry about malware. It’s what the industry wants us to worry about, and buy better computers to run their ever less efficient assume you’ll get infected “solutions”.
Just between us chickens, there are highly effective mechanisms for keeping it off our computers in the first place that don’t cost money or computer resources, have been known for decades, leverage others’ experience – yet in 2021 it’s still left up to us to piece them together into a working solution.
I’ve never gotten malware on any of my Windows systems in all the many decades I’ve been running PCs. You just have to think a little bit, understand that everyone has an angle and there’s no free lunch, and implement some techniques to simply keep your computer away from sites that are known to deliver malware. The simplest might be to add an anti-adware add-on like uBlock or similar to your browser.
And oh darn if you can’t reach every single questionable website with the greatest of ease, or see ALL the glitz. That’s the price of being prudent. Always remember that EVERY website is questionable, for a variety of different reasons.
I ran across this the other day, which to me seems to sum up today’s state of the art in anti-malware practices nicely from several perspectives:
-Noel
P.S., MalwareBytes AntiMalware Free is my go-to feel-good scanner. But to really know if something’s running wrong, it pays to be familiar with what’s running and what should be running. That’s much harder than it used to be when Windows only needed a core of 30 or 40 processes running. Windows 10 has been purposefully made overcomplicated because Microsoft wants us to begin to believe that only they could possibly manage your computer system properly. OCSAAS (OverComplicated Software As A Service).
-Noel
Noel Carboni: It’s the same with Macs, it seems. Hard to count them, but my guess is that some 400 processes are running in mine right now. They are doing very little, most of them, taking, at least when I looked just now, 0% of CPU. As to whose jobs these are, I am blamed for a lot of them. I must have a terrible memory these days, must be that my brain has finally caught up with my great age, because I do not remember launching most of those, or even what I wanted to do with them.
Also: “IMO there is altogether too much effort wasted on worry about malware. It’s what the industry wants us to worry about, and buy better computers to run their ever less efficient assume you’ll get infected “solutions”. ”
Amen, brother!
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
OCSAAS (OverComplicated Software As A Service).
Your point of view is challenging and possible too. Really, and I hope to find the way to answer in a proper way; plain and simple ITsecurity and ITprivacy is normaly not very populair in the ITworld I used to live.
The only virus I’ve ever gotten on any of my machines was in the late ’90’s and came from a floppy disk given to me by an IT Pro. He was thoroughly embarrassed. I restored a drive image (from Colorado Backup Tape Drive), no harm, no foul.
In Windows 7 Pro I used Malwarebytes Premium and MSE. In Windows 10 I use Malwarebytes Premium and Windows Defender. These work flawlessly together. I also dual boot Windows 10, so one of my installations is always offline.
Any unsolicited email goes to the Junk folder, the sender gets blocked, then the email deleted. Any unexpected email attachment gets deleted along with the email. I feel no need for any additional scanning. I can run msert.exe from the Windows Recovery Environment (it’s in my boot menu) if I so desire.
MSRT is quarterly:
The MSRT is released on the second Tuesday on a quarterly cadence (February/May/August/November).
Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830)
For whatever reason, my Windows 7 systems this year have been getting the MRT every month:
or that Windows 7 is more mature and stable that needs more security care for MSFT’s best OS.
I just finished running Microsoft Safety Scanner with the /N switch. It took nearly 5 hours. Just before it finished, I looked at the MSERT dialog box, which reported that it had scanned 5,881,073 files and that 20 files were infected so far. But, then, the last information in the dialog box (the one that said it was finished) said that “the scan completed successfully and no viruses, spyware, and other potentially unwanted software were detected.” I also checked the logfile, where the results summary stated that no infections were found.
I wish I had taken a screenshot of the dialog box showing ’20 infections found’ as it was scanning near the end , but here are screenshots of the last information in the dialog box and the logfile.
How can it report 20 infections during the scan and then no infections at the end?
I believe that the “20 infections” includes potentially unwanted software that are later found to be harmless and hence, “no infections.” When I ran MSERT on my system, I found that the same thing happened. There are some pretty sharp people here at AskWoody, perhaps they have some additional ideas?
Like this?
Hi WCHS:
Rob Koch’s 12-Mar-2021 reply in the MS Answers thread What is Wrong with the Microsoft Safety Scanner Status Information and Logging? has a possible explanation.
“…The “Files Infected” count displayed on the Microsoft Safety Scanner, scan in progress screen or any of their other security products for that matter, is actually just a preliminary status indication that there are items which may contain malware. In many cases these specific items have been found in the past to be related to malware, but they are all really just small fragments that have matched signatures, but aren’t yet truly confirmed as the specific malware that might include them.
Near the end of the scanning process around 95% complete, the Microsoft scanners all perform a MAPS (Microsoft Active Protection Service) request via internet to the the Microsoft cloud servers in order to upload their initial findings and request confirmation that these findings are either truly malware or instead possible false positive detections or incomplete fragments of inactive malware…“
Ok folks, as promised I ran a full scan using MSERT.exe running from my Macrium Relfect Boot Media.
My setup contained the following storage devices:
Physical Disk Information: Drive Rotation No. Name Serial Number Status RPMs ----- ----- -------------- ------- -------- 0 Samsung SSD 960 0025_3853_81B0_B2EB. Healthy 0 1 Samsung SSD 850 PRO 256GB S39KNX0J687882W Healthy 0 2 Samsung SSD 850 PRO 256GB S39KNX0J688151N Healthy 0 Logical Disk Information: Drive Volume File Drive Compr Disk Size Free Space Drv Letter Name System Type essed / GB / GB No Boot ------ ----------- ------ --------- ----- --------- ---------- ---- ----- C: NVME NTFS Fixed False 207.34 120.08 0 G: Data NTFS Fixed False 214.63 134.92 2 H: Misc NTFS Fixed False 214.63 155.77 1
Also included was the 8Gb SanDisk Crusier Blade I booted from.
Results Summary:
Time to Run: 12:03 Note: that’s Hours & Minutes!
Items Found: 2 items (multiple locations) both Nir-Soft utilities!
Below is the full msert.log file created in X:\Windows\Debug and copied to my G: drive before exiting back to regular Windows.
---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.333, (build 1.333.417.0)
Started On Mon Mar 15 21:28:45 2021
Engine: 1.1.17900.7
Signatures: 1.333.417.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode
Full Scan Results:
------------------
Threat Detected: HackTool:Win32/Passview!MSR, not removed.
Action: NoAction, Result: 0x00000000
file://G:\TempPE\Media\boot.wim->\Users\Utilities\bulletspassview.exe
SigSeq: 0x0000166758194437
file://G:\Pewim\boot.wim->\Users\Utilities\bulletspassview.exe
SigSeq: 0x0000166758194437
file://G:\BEKDocs\NonInstPrograms\NirSoftx64\bulletspassview.exe
SigSeq: 0x0000166758194437
file://C:\boot\macrium\WA10KFiles\media\sources\boot.wim->\Users\Utilities\bulletspassview.exe
SigSeq: 0x0000166758194437
containerfile://G:\TempPE\Media\boot.wim
containerfile://G:\Pewim\boot.wim
containerfile://C:\boot\macrium\WA10KFiles\media\sources\boot.wim
Threat Detected: HackTool:Win32/Passview!MTB, not removed.
Action: NoAction, Result: 0x00000000
file://G:\TempPE\Media\boot.wim->\Users\Utilities\wirelesskeydump.exe
SigSeq: 0x00002667F0ABB439
file://G:\Pewim\boot.wim->\Users\Utilities\wirelesskeydump.exe
SigSeq: 0x00002667F0ABB439
file://G:\BEKDocs\NonInstPrograms\NirSoftx64\wirelesskeydump.exe
SigSeq: 0x00002667F0ABB439
file://C:\boot\macrium\WA10KFiles\media\sources\boot.wim->\Users\Utilities\wirelesskeydump.exe
SigSeq: 0x00002667F0ABB439
containerfile://G:\TempPE\Media\boot.wim
containerfile://G:\Pewim\boot.wim
containerfile://C:\boot\macrium\WA10KFiles\media\sources\boot.wim
Results Summary:
----------------
Found HackTool:Win32/Passview!MSR, not removed.
Found HackTool:Win32/Passview!MTB, not removed.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Tue Mar 16 09:31:46 2021
Return code: 7 (0x7)
For those who might be interested I used some PowerShell to compute the run time.
It required I reorder the reported date time strings to place the year before the time but that was all.
$Start = Get-Date("Mar 15 2021 21:28:45")
$End = Get-Date("Mar 16 2021 09:31:46")
$Elapsed = $End - $Start
$Elapsed.Hours.ToString("00") + ":" + $Elapsed.Minutes.ToString("00")
HTH 😎
I have the same setup and I just do the Dismiss route. It will pop up again in about a week but it’s only a couple of clicks, no biggie IMHO.
HTH 😎
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
