https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows

 

Yes, thank you, but the problem is that I uninstalled MalwareBytes, so I can't restore the items anymore.
If you uninstall MalwareBytes while files are in quarantine, it will delete the quarantines files. That is what I learned now.

 

You're welcome.

And yes, MalwareBytes deletes them during its uninstall routine.

Tip: On a Windows system, MalwareBytes stores the files it quarantines in: C:\ProgramData\Malwarebytes\MBAMService\Quarantine. On Linux it is: /var/lib/mblinux/quarantine

 

You're welcome.

And yes, MalwareBytes deletes them during its uninstall routine.

Tip: On a Windows system, MalwareBytes stores the files it quarantines in: C:\ProgramData\Malwarebytes\MBAMService\Quarantine. On Linux it is: /var/lib/mblinux/quarantine

Thanks for the info, that could be useful at some point.

But may I ask a bonus-question, which is related to my original post?
So let's say I kept MalwareBytes running in the background, and it indeed quarantined some false positives, that I actually wanted to keep.
After it got quarantined, I uninstalled MalwareBytes, and it deleted these files.

So, how would I find out which files were deleted?
Is there any indicator from Windows side?
Or is there any log that would tell me about this?

MalwareBytes would have such a log, but as I said, it's uninstalled, and I am very sure the logs got deleted too.

 

MBAM rarely quarantines False Positive files. There is no log left after you uninstall MBAM.
Check your apps and if anything is not working, then reinstall it. If Windows is acting weird, Open a Command Prompt as Admin and copy and paste or type
DISM /Online /CLEANUP-IMAGE /RestoreHealth and press Enter. When that completes Type
SFC /scannow and press Enter. These commands will replace any missing system files.

 

MBAM rarely quarantines False Positive files. There is no log left after you uninstall MBAM.
Check your apps and if anything is not working, then reinstall it. If Windows is acting weird, Open a Command Prompt as Admin and copy and paste or type
DISM /Online /CLEANUP-IMAGE /RestoreHealth and press Enter. When that completes Type
SFC /scannow and press Enter. These commands will replace any missing system files.

Thanks.
I don't worry about system files or installed software though, I worry more about my "Setup drive", because I kept it in while MalwareBytes did some scheduled scans.
On that drive are some installations from programs like ccleaner, which in the past has been quarantined by MalwareBytes because of the dishonest methods of sneaking Opera or other unwanted software on the computer.

The problem is not getting these setups, the problem is, when I need the files and I realize that they are not there anymore..


I've got another idea:
MalwareBytes by default has Notification on Windows enabled.
So I think I would just need to find some logs about the Notifications in Windows, and like that I can see the filenames of quarantined items, if I'm lucky.
Maybe someone knows where I can find a log / archive about my Notifications?
^
EDIT: Won't work. Again it's not possible because MalwareBytes already got uninstalled.

 

For free apps (ie) MBAM, CCLeaner, ADWCleaner etc that are often updated and are a small download file that can be downloaded at anytime, you don't need to keep an outdated setup file. It's better to download a fresh updated Setup file.
MBAM will only Quarantine a Setup file if has Malware in it or is a Cracked version of a software program. You can also Exclude any files you want MBAM to skip https://support.malwarebytes.com/hc...m/hc/en-us/articles/360038479234-Exclude-detections-in-Malwarebytes-for-Windows

 

I was wrong about the CCleaner being detected by MalwareBytes.
It was Defender which detected it as "potentially unwanted application (PUA)", and not MalwareBytes.

I think it was because a while ago it carried some sneaky setups of Opera or some VPN software.

 

Turn off Controlled Folder Access Malwarebytes and Windows Defender

 

Sorry to come back to this topic, but I have a new approach how to find out if something got quarantined / deleted.

Again, I have the bad habit of talking lots and describing often too detailed stuff, I just post the main question here and add the full description to a spoiler:

If I copy a bunch of files from one USB drive to another (by using Explorer), and MBAM detects+quarantines some malware - will the Explorer give some kind of error saying "File could not be copied"?
Because if MBAM intercepts the copying of the files, the original file from the original USB drive will get quarantined, right? Which means there should have been some kind of "File not found" error message, if I am not wrong.

Spoiler: Longer description of the situation

So, as I said, I was worried about some files, that they maybe got removed by a scheduled scan.
But I forgot to think about the fact, that the files are stored on an external USB drive.

As far as I understand, the default scheduled scan of MBAM does not include such external drives by default settings.
Because I didn't open MBAM once, it should be obviously not changed and should run just the basic scan by default.

That's good news, but I got bad news too.
On exactly that device I created a backup of that USB drive that I mentioned, and that exactly in that timeframe...

So not even the scheduled scan should make me worried, instead it should be the real time protection from MBAM.
But for that case I got a clear and direct question, which could solve all my problems:

If I copy a bunch of files from one USB drive to another (by using Explorer), and MBAM detects+quarantines some malware - will the Explorer give some kind of error saying "File could not be copied"?
Because if MBAM intercepts the copying of the files, the original file from the original USB drive will get quarantined, right? Which means there should have been some kind of "File not found" error message, if I am not wrong.

 

Best place to ask questions about Malwarebytes is .... Malwarebytes Forums .... the Staff members on that forum are generally involved with its development, so will be most able to answer any queries you have about their product.

 

Best place to ask questions about Malwarebytes is .... Malwarebytes Forums .... the Staff members on that forum are generally involved with its development, so will be most able to answer any queries you have about their product.

I already thought about that, but that here was more like a Windows-related question.
To be specific, it was a question about the Windows Explorer, how it behaves if any antivirus software's realtime protection intercepts the copying of some files.

If the realtime protection detects malware in some files while copying, it will quarantine the files immediately, as far as I understand.
I think the Explorer would just continue copying the rest of the files, and then at the end of the copying give some error like "14 files not found - Try again - Cancel"

Is that right, or would the Explorer just finish the copying without telling me anything?

Because this right here would be the perfect indicator if I lost some files or not.

 

Explorer will finish the copying the rest of the files without telling you anything.
If you have Cracked or Malware software that you are copying, You will get a message in Malwarebytes or Windows Security (Defender) that a file has been flagged as dangerous and Quarantined it You can open Quarantine in the App and choose to Restore the file. If you ignore that message and do nothing then you Uninstall Malwarebytes, all files in the Quarantined folder will be removed.

 

That is really bad.
It's very hard then to find out which files got removed, because I have dozens of program-setups on there with dozens of releases.
I keep there every version of every software I ever download, whether it is some old Firefox setups, Java setups, Acrobat Reader, etc.
Sadly I am very sure at least some of the setups contained "potentially unwanted applications (PUA)" and got removed.

I have to go folder by folder, and check each setup version's folder..
Such a silly mistake. I shouldn't have uninstalled it.

The ironic thing is, that I literally uninstalled MBAM, because I worried it will make problems with creating the backup.
And now, the actual uninstall is the reason why I most likely lost them.

 

Sadly, you only learn some lessons the hard way.

If you were worried about Malwarebytes interfering with you creating a backup, the easiest thing would have just been to disable its real time protection temporarily while you ran your backup, and then re-enable it when you'd finished.