[Untertaker555]

I installed MalwareBytes, left it running in background for a while, and I think it did some scheduled scans, which results I just ignored.
Then I uninstalled MalwareBytes without even checking it out once.

But if there were some files in quarantine, what happened to them?
Did they get restored, or are they back in their folders now?

Basically: What happens to quarantined files if I uninstall MalwareBytes?


EDIT: I just searched a bit more, and found out in another forum, that it will delete all the quarantined files when uninstall. So I just will learn from that mistake and hope there were no false positives.

 

[SpywareDr]

https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows

 

[Untertaker555]

https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows

Yes, thank you, but the problem is that I uninstalled MalwareBytes, so I can't restore the items anymore.
If you uninstall MalwareBytes while files are in quarantine, it will delete the quarantines files. That is what I learned now.

 

[SpywareDr]

You're welcome.

And yes, MalwareBytes deletes them during its uninstall routine.

Tip: On a Windows system, MalwareBytes stores the files it quarantines in: C:\ProgramData\Malwarebytes\MBAMService\Quarantine. On Linux it is: /var/lib/mblinux/quarantine

 

[Untertaker555]

You're welcome.

And yes, MalwareBytes deletes them during its uninstall routine.

Tip: On a Windows system, MalwareBytes stores the files it quarantines in: C:\ProgramData\Malwarebytes\MBAMService\Quarantine. On Linux it is: /var/lib/mblinux/quarantine

Thanks for the info, that could be useful at some point.

But may I ask a bonus-question, which is related to my original post?
So let's say I kept MalwareBytes running in the background, and it indeed quarantined some false positives, that I actually wanted to keep.
After it got quarantined, I uninstalled MalwareBytes, and it deleted these files.

So, how would I find out which files were deleted?
Is there any indicator from Windows side?
Or is there any log that would tell me about this?

MalwareBytes would have such a log, but as I said, it's uninstalled, and I am very sure the logs got deleted too.

 

[spunk.funk]

MBAM rarely quarantines False Positive files. There is no log left after you uninstall MBAM.
Check your apps and if anything is not working, then reinstall it. If Windows is acting weird, Open a Command Prompt as Admin and copy and paste or type
DISM /Online /CLEANUP-IMAGE /RestoreHealth and press Enter. When that completes Type
SFC /scannow and press Enter. These commands will replace any missing system files.

 

[Untertaker555]

MBAM rarely quarantines False Positive files. There is no log left after you uninstall MBAM.
Check your apps and if anything is not working, then reinstall it. If Windows is acting weird, Open a Command Prompt as Admin and copy and paste or type
DISM /Online /CLEANUP-IMAGE /RestoreHealth and press Enter. When that completes Type
SFC /scannow and press Enter. These commands will replace any missing system files.

Thanks.
I don't worry about system files or installed software though, I worry more about my "Setup drive", because I kept it in while MalwareBytes did some scheduled scans.
On that drive are some installations from programs like ccleaner, which in the past has been quarantined by MalwareBytes because of the dishonest methods of sneaking Opera or other unwanted software on the computer.

The problem is not getting these setups, the problem is, when I need the files and I realize that they are not there anymore..


I've got another idea:
MalwareBytes by default has Notification on Windows enabled.
So I think I would just need to find some logs about the Notifications in Windows, and like that I can see the filenames of quarantined items, if I'm lucky.
Maybe someone knows where I can find a log / archive about my Notifications?
^
EDIT: Won't work. Again it's not possible because MalwareBytes already got uninstalled.

 

[spunk.funk]

For free apps (ie) MBAM, CCLeaner, ADWCleaner etc that are often updated and are a small download file that can be downloaded at anytime, you don't need to keep an outdated setup file. It's better to download a fresh updated Setup file.
MBAM will only Quarantine a Setup file if has Malware in it or is a Cracked version of a software program. You can also Exclude any files you want MBAM to skip https://support.malwarebytes.com/hc...xclude-detections-in-Malwarebytes-for-Windows

 

[Untertaker555]

For free apps (ie) MBAM, CCLeaner, ADWCleaner etc that are often updated and are a small download file that can be downloaded at anytime, you don't need to keep an outdated setup file. It's better to download a fresh updated Setup file.
MBAM will only Quarantine a Setup file if has Malware in it or is a Cracked version of a software program. You can also Exclude any files you want MBAM to skip https://support.malwarebytes.com/hc...xclude-detections-in-Malwarebytes-for-Windows

I was wrong about the CCleaner being detected by MalwareBytes.
It was Defender which detected it as "potentially unwanted application (PUA)", and not MalwareBytes.

I think it was because a while ago it carried some sneaky setups of Opera or some VPN software.

 

[spunk.funk]

Turn off Controlled Folder Access Malwarebytes and Windows Defender

 

[Untertaker555]

Sorry to come back to this topic, but I have a new approach how to find out if something got quarantined / deleted.

Again, I have the bad habit of talking lots and describing often too detailed stuff, I just post the main question here and add the full description to a spoiler:

If I copy a bunch of files from one USB drive to another (by using Explorer), and MBAM detects+quarantines some malware - will the Explorer give some kind of error saying "File could not be copied"?
Because if MBAM intercepts the copying of the files, the original file from the original USB drive will get quarantined, right? Which means there should have been some kind of "File not found" error message, if I am not wrong.

Spoiler: Longer description of the situation

So, as I said, I was worried about some files, that they maybe got removed by a scheduled scan.
But I forgot to think about the fact, that the files are stored on an external USB drive.

As far as I understand, the default scheduled scan of MBAM does not include such external drives by default settings.
Because I didn't open MBAM once, it should be obviously not changed and should run just the basic scan by default.

That's good news, but I got bad news too.
On exactly that device I created a backup of that USB drive that I mentioned, and that exactly in that timeframe...

So not even the scheduled scan should make me worried, instead it should be the real time protection from MBAM.
But for that case I got a clear and direct question, which could solve all my problems:

If I copy a bunch of files from one USB drive to another (by using Explorer), and MBAM detects+quarantines some malware - will the Explorer give some kind of error saying "File could not be copied"?
Because if MBAM intercepts the copying of the files, the original file from the original USB drive will get quarantined, right? Which means there should have been some kind of "File not found" error message, if I am not wrong.

 

[Gary R]

Best place to ask questions about Malwarebytes is .... Malwarebytes Forums .... the Staff members on that forum are generally involved with its development, so will be most able to answer any queries you have about their product.

 

[Untertaker555]

Best place to ask questions about Malwarebytes is .... Malwarebytes Forums .... the Staff members on that forum are generally involved with its development, so will be most able to answer any queries you have about their product.

I already thought about that, but that here was more like a Windows-related question.
To be specific, it was a question about the Windows Explorer, how it behaves if any antivirus software's realtime protection intercepts the copying of some files.

If the realtime protection detects malware in some files while copying, it will quarantine the files immediately, as far as I understand.
I think the Explorer would just continue copying the rest of the files, and then at the end of the copying give some error like "14 files not found - Try again - Cancel"

Is that right, or would the Explorer just finish the copying without telling me anything?

Because this right here would be the perfect indicator if I lost some files or not.

 

[spunk.funk]

Explorer will finish the copying the rest of the files without telling you anything.
If you have Cracked or Malware software that you are copying, You will get a message in Malwarebytes or Windows Security (Defender) that a file has been flagged as dangerous and Quarantined it You can open Quarantine in the App and choose to Restore the file. If you ignore that message and do nothing then you Uninstall Malwarebytes, all files in the Quarantined folder will be removed.

 

[Untertaker555]

Explorer will finish the copying the rest of the files without telling you anything.
If you have Cracked or Malware software that you are copying, You will get a message in Malwarebytes or Windows Security (Defender) that a file has been flagged as dangerous and Quarantined it You can open Quarantine in the App and choose to Restore the file. If you ignore that message and do nothing then you Uninstall Malwarebytes, all files in the Quarantined folder will be removed.

That is really bad.
It's very hard then to find out which files got removed, because I have dozens of program-setups on there with dozens of releases.
I keep there every version of every software I ever download, whether it is some old Firefox setups, Java setups, Acrobat Reader, etc.
Sadly I am very sure at least some of the setups contained "potentially unwanted applications (PUA)" and got removed.

I have to go folder by folder, and check each setup version's folder..
Such a silly mistake. I shouldn't have uninstalled it.

The ironic thing is, that I literally uninstalled MBAM, because I worried it will make problems with creating the backup.
And now, the actual uninstall is the reason why I most likely lost them.

 

[Gary R]

Sadly, you only learn some lessons the hard way.

If you were worried about Malwarebytes interfering with you creating a backup, the easiest thing would have just been to disable its real time protection temporarily while you ran your backup, and then re-enable it when you'd finished.

 

[spunk.funk]

I keep there every version of every software I ever download, whether it is some old Firefox setups, Java setups, Acrobat Reader, etc.

Keeping software setup files that are obsolete and readily available for free is wasted effort. You are never going to install any of those old apps again, you would always download the latest version.
None the less, this is another lesson learned to always keep a current backup of your OS drive and any Storage drives you have.

 

[Untertaker555]

Keeping software setup files that are obsolete and readily available for free is wasted effort. You are never going to install any of those old apps again, you would always download the latest version.
None the less, this is another lesson learned to always keep a current backup of your OS drive and any Storage drives you have.

Well, usually that would be true, but there are some reasons I keep it.

1. I keep all of my driver and program setups, in case a newer one doesn't work as expected. In the past I often had software that needed to be rolled back, and skip the current version temporarily, after realizing that the software was broken, or didn't work at all after updating.

2. I keep the files, because sometimes I enjoy installing Windows XP or Windows 98 on some older machines, just for nostalgia sake, and to play some older games on the original hardware. Obviously on these kinds of devices, the newest versions of software won't work at all.

Some of these older setups are hard to get now, so I always kept them. I don't download them systematically or something, but I just keep what I downloaded.
But that is just me. Of course, average users won't need any of these outdated setups, especially the really old ones.

 

[spunk.funk]

None the less, this is another lesson learned to always keep a current backup of your OS drive and any Storage drives you have.