djacobson

Staff
  • Content count

    900
  • Joined

  • Last visited

2 Followers

About djacobson

  • Rank
    Staff

Recent Profile Visitors

5,366 profile views
  1. Hi @geekf, the business builds have a separate tool outside of the console's management. Protection Module under the your policy controls Anti-Malware and Anti-Exploit, for console users, the Anti-Ransomware tool is an extra part. In your download package for the console, you will find it in Malwarebytes_Endpoint_Security_1.8.x.0000 -> Unmanaged -> Windows -> MBARW_Business _Setup, in EXE or MSI. Make sure to deploy this extra piece to be protected from ransom attacks. Virustotal is a great resource, but be careful using it to judge whether Malwarebytes' technologies will engage with a file. The real-time protection watches the item's behavior, which is different than the file itself. The file may show clean or undetected, but the right real-time piece will engage with it if there's an attempt to run and perform malicious behavior. Virustotal cannot replicate this.
  2. MBMC RAM usage and crash

    Yes guys, this is totally fine, items in that location are ones that are waiting to write to SQL and haven't been archived. I suspect those with a full pending folder likely have the mismatched client version check-in problems.
  3. MBMC RAM usage and crash

    Then skip it, I brought that up as an extra point, just focus on deleting the client logs. If your Express SQL files are past 10gb, you're locked out anyway, no need to focus on the server until you make it so your endpoints will not resubmit, once you finish that, then whatever agent has your ticket will deal with your console and SQL.
  4. Cloud platform scheduled maintenance for February 8, 2018 at 8pm ET We want to make you aware that on Thursday, February 8th at 8pm ET, there will be a scheduled down time for approximately three hours. We will be using this time to update the Malwarebytes cloud platform. During this time frame endpoints will continue to be protected and scheduled scans will continue to run. New Features: Added option for end users to perform context menu scans: Users can scan files on their Windows computer by right-clicking on the desired file(s) and selecting "Scan with Malwarebytes". This gives end users the power to scan any file they deem suspicious or out of an abundance of caution. Administrators must enable this optional feature in policy by toggling "Show Malwarebytes option in context menus (Windows only)" to ON: Added scheduled reporting: Administrators have the option to automatically receive an email for any desired report-providing them with daily, weekly, and monthly reports proactively in their inbox. Click on the Reports tab in the cloud console, click on Scheduled, select one or more reports, and click the Save Changes button. The CSV formatted report will be delivered once report generation is complete, based on the chosen frequency: Improvements: Added "MD5" and "Affected Application" fields to Detection Summary report Added product Version and Protection Update fields to Agent Info within Endpoint Overview Endpoint name now deep links to its' Endpoint Overview screen from the Detections, Quarantine, Events, and Tasks tabs Updated Forgot Password page–now email address field is in focus when navigating there Updated cloud console to display an event when an end user postpones a required reboot Updated Quarantine page so that items identified by Real-Time Protection will no longer show zeros for the Scan ID Fixed: If an endpoint was powered down ungracefully (i.e., power outage) while a scan was running, a configuration file could become corrupted Fixed: 100% CPU spike if an endpoint administrative user forcefully kills the Malwarebytes tray process when the Self-Protection Module is enabled Fixed: Customers migrating from legacy Malwarebytes products (including Malwarebytes Anti-Malware v1.6, Malwarebytes Anti-Exploit v1.08, and Malwarebytes Management Console v1.6) will require 2 reboots in a row to complete the installation Fixed: Some customers who have already migrated from legacy Malwarebytes products were stuck in a reboot loop during the last cloud update due to legacy products leaving behind orphaned registry keys Fixed: Running Sysprep with the Malwarebytes Endpoint Protection agent installed fails. The workaround is to stop the Endpoint Protection agent tray process before launching Sysprep Fixed: Detections that are found, but not quarantined, are not being counted in the Detection History tile on the Dashboard page–however, the Number of Detections chart on the Dashboard page is counting them correctly Fixed: Exploit Protection doesn't start on Windows XP Known Issues: When attempting to scan a shortcut file, the scan is not following the shortcut to the root file. Users can work around this by scanning the actual file(s) rather than the file's shortcut.
  5. MBMC RAM usage and crash

    Logs which have been archived to SQL have their names appended with "archived", there is no need to keep any of them on the client due to the resubmission behavior. This clean-up must be done prior to removing records from the SQL or the server will be inundated once again. Another key item is your Managed Client version MUST match your console version or your check-in timers will be grossly inaccurate.
  6. It is in your MBES download under Malwarebytes_Endpoint_Security_1.8.x.0000\Unmanaged\Mac, you will need to discuss licensing with your sales agent.
  7. MBMC RAM usage and crash

    It's all the machines doing it at once when they check-in and see their archived records are no longer in SQL. The process is to delete the entire contents of the clients log folders. Example script: del /f /s /q "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"*.* We have a process for only pulling out FP records from the SQL and leaving normal hit data in-place, this was designed to help our customers who have HIPAA requirements.
  8. It is still included, the installer is in the download under the Managed folder. Malwarebytes_Endpoint_Security_1.8.x.0000 -> Managed -> mbmc-setup-1.8.0.3443.exe.
  9. MBMC RAM usage and crash

    All of your clients are resubmitting logs, you must clean them from your clients or they will resubmit fill your SQL again, location is C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs If you have a ticket open, hold tight, we are still trying to get to everyone's ticket, volume is still very high. You can turn off your console's service, "Malwarebytes Management Service" to prevent the submission behavior as you try to clean the clients log folders.
  10. Anti-Malware and Anti-Exploit are not supported for Mac at this time. Mac has a Remediation command line or GUI tool for MBES customers, and for MBEP customers, they can put their Mac's on the IR product.
  11. It's coming in next months cloud update, referenced by one of our development managers -
  12. MBAM Console Almost Unusable

    @m0biustheory, client security log and system log need to be wiped for the days of the FP to get your speed back. You also need to delete the client logs, because if they see their records missing, they will resubmit and fill the DB again. Your endpoints are likely to have tens of thousands of log records each, location is C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs.
  13. MBMC RAM usage and crash

    @PatrickFAU in the aftermath of the FP, we've found that MBMC admins will have an SQL that is now too full because of the FP hits. Do you have a ticket open? The process to clean this up will involve SQL Management Studio.
  14. Remove Endpoint Protection

    Try the cleaner tool out. Download it from here: https://downloads.malwarebytes.com/file/mb_clean Open an admin elevated CMD prompt, navigate to the cleaner tool, run the cleaner tool by using commands outlined here - https://support.malwarebytes.com/docs/DOC-2333 - mb-clean-x.x.x.xxxx.exe /cloud