Jump to content

itlifesaver

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by itlifesaver

  1. We're getting bombarded with tickets from end users on this detection. Is Microsoft legitly compromised?!
  2. Nebula Cloud Management console is so overloaded we cannot refactor policies to mitigate. Zero reply from our account reps at corp.
  3. Entire enterprises down, hundreds of users unable to access Google.com domains, Gmail, etc.
  4. What makes you think it's only going to happen once this year? Certainly not their track record...
  5. Can confirm we have clients on Enterprise completely down and disrupted from this. ANOTHER MALWAREBYTES DISASTER!!!
  6. So far feedback today is "Still jumping around but not quite as bad as yesterday".
  7. Keep in mind, all of this began with MBAM definitions released between 12-15-2017 and 12-17-2017. Prior definitions do not exhibit this behavior.
  8. The Windows Defender exclusions are added via GPO, as can be seen in the XML export I attached to the corporate support ticket. Since it contains company specific configurations, please refrain from posting it on the public internet.
  9. Added those to the MBAM policy. Awaiting clients to update.
  10. I assume you mean the MBAM Policy, not the Windows Defender policy MBAM support had us add exclusions too?
  11. No, but folders are redirected using GPO. Very common in enterprise environments. https://technet.microsoft.com/en-us/library/cc732275(v=ws.11).aspx
  12. So exactly how am I supposed to tell the user to go about his work and wait 10-15 minutes for the issue to show up? Just move the mouse around all day ?? This is a business and it's effecting a hundred PCs, not some kid who plays games on his PC.
  13. Just uploaded to case # 00047591 Freezing happened nearly instantly after opening ProcMon on the logs I submitted.
  14. Disabling Prefetch in the registry and rebooting did not resolve the issue.
  15. Trying it on a PC of the most chronic complainers now, will report back after they have some time to use the PC.
  16. I can try, sure. Which one, or both? http://www.tomshardware.com/reviews/ssd-performance-tweak,2911-5.html Also worth noting, very few of the PCs being effected have SSDs.
  17. Thanks. We have several clients experiencing the same issue you describe and Malwarebytes support has been unable to provide a resolution. It started around Dec 16th, and exiting or disabling MBAM resolves the mouse/keyboard delays completely. We've been unable to find a cause, beyond a recent MBAM definitions update (since PCs with outdated definitions are not effected). Adding the exceptions to Windows Defender hasn't resolved the issue.
  18. @Rainier does your environment have Ubiquiti switches? Switchvox Phones?
  19. Malwarebytes Business is destroying Dell wireless card drivers across various enterprises we manage. STOP THIS NOW!! 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:38 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 8:58:41 AM PCNAME01 10.X.X.X Adware.FileTour DENY C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour Quarantined HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Broadcom Wireless Manager UI 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE 3/23/2017 9:10:03 AM PCNAME02 10.X.X.X Adware.FileTour delete-on-reboot C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE Dell.zip
  20. In our testing, we've found the keys only writable by the SYSTEM account, and workarounds to add or modify them pragmatically so far unsuccessful. If anyone comes up with an automated solution to add these settings we'd love to know about it!
  21. Has anyone had any luck adding the MSE exclusions via registry .reg file or GPO? Does MSE allow it, or does it try and overwrite/protect these registry keys? Example: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths] @="" "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamservice.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamapi.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamdor.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-svc.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae-cli.exe"=dword:00000000 "C:\\Program Files (x86)\\Malwarebytes' Managed Client\\SCComm.exe"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes] @="" "mbam.exe"=dword:00000000 "mbamgui.exe"=dword:00000000 "mbamservice.exe"=dword:00000000 "mbamscheduler.exe"=dword:00000000 "mbamapi.exe"=dword:00000000 "mbamdor.exe"=dword:00000000 "mbae.exe"=dword:00000000 "mbae-svc.exe"=dword:00000000 "mbae-cli.exe"=dword:00000000 "SCComm.exe"=dword:00000000
  22. It only seems to be Windows 7 (64 bit? unconfirmed, but all ours were) effected, we did not get any calls from clients with Windows 10 and MBAM complaining. It happens after MSE updates to the latest definition. PC must have MBAM installed, in our case it is MBAM Business. It slows down and eventually locks up the PC. It appears to be a memory leak type issue, and/or a CPU utilization, or some other OS resource exhaustion. The PC eventually becomes unusable and unresponsive. You can see many event log messages with "fault bucket" and talking about the MSE process. Perhaps MBAM is killing or disrupting the MSE scanning? Booting into safe mode (or before the PC crashes) and disabling MSE real time scanning works around the issue. As does removing MBAM. It is definitely a conflict between the two.
  23. Agreed. There is a major issue between a definition update MSE received this morning and MBAM / MBAE. Computers are freezing, locking up, cannot be used, stuck, etc. Please help, this issue is progressing as the day continues! Others on reddit reporting the same: https://www.reddit.com/r/sysadmin/comments/5dmpri/anyone_having_lots_of_pcs_freeze_this_morning/
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.