Jump to content

djacobson

Honorary Members
  • Posts

    1,275
  • Joined

  • Last visited

Everything posted by djacobson

  1. If you are on the free mode of consumer, or not set to reg with WAC, then none of this applies to you. If you have Defender or MSE on, as most on the consumer level will, Defender / MSE will change the key for you, allowing the patch to be pulled down. Yes, that number reflects definition updates.
  2. @Roadrunner562, this isn't as easy to see with EP, but MB-Check will show you just like on the consumer's. See this guide for the download and how-to - https://support.malwarebytes.com/docs/DOC-1375 Here's an example of an up-to-date MB-Check result for EP: Malwarebytes Version information ================================== "controllers_version" : "1.0.263", "db_version" : "2018.01.05.07", "dbcls_pkg_version" : "1.0.3631", "installer_version" : "3.3.2",
  3. Ah gotcha, best suggestion there is to have the web, file and ransom real time off (exploit can be on for host) on the physical host, only letting them run on the vm clients. Also check that you have the self-protect feature off for your policy, only use that when you encounter an infection that is manipulating Malwarebytes and not letting it run, it can consumer resources otherwise.
  4. I'm sorry @Dragans2, I'm specialized to the business products. @bdubrow do you know what consumer side on free mode will be doing?
  5. For VM setup, I would stagger the scan schedules out in different groups for the endpoints to avoid scan storm. The physical host should only scan on off hours when those VM's are not in use to avoid the extra disk i/o.
  6. It is being tested, we will be bringing it to server OS as soon as possible! The main issue with it on server OS right now is, if it fails, it fails silently and not gracefully, it will begin to consume lots memory under mbamservice. For a tip, we haven't seen the typical attack of the client, which will then compromise drive shares. Most of what we are seeing right now is RDP brute force, so keep those admin passwords rotated!
  7. It's totally alright! And if the role isn't listed on the matrix, you should be good, only the problem child's are on there ;p
  8. That is correct, Malwarebytes does not break Windows with the patch installed. The issue was the patch not being able to auto apply for folks with the MB3 based product. This side of the product, MBMC/MBAM, should not have that issue since it does not interact with the Action Center and is not recognized by Windows as an AV because of it.
  9. Let me clarify what is going on for our end. Malwarebytes does not break Windows when the patch is applied. The issue we have is that the patch cannot auto apply when Malwarebytes is registered to the Action Center, this is the part that is being tested and will be updated.
  10. AD is unaffected, you can use everything except Anti-Ransomware, that part is for client OS, Win 7 and up, only. Server Core is excluded entirely, it is not supported by the agent at all. This is in the Admin Guide on page 6, I'm attaching that for you if you haven't downloaded it form your cloud portal yet. Malwarebytes Administrator Guide 11.17.17.pdf
  11. MBMC and Anti-Malware 1.80 does not register with the Windows Action Center at all, only MB3 based MBEP product is preventing the patch from being automatic if it is registered to the Action Center. "For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches." -
  12. Take a closer look at that matrix I posted. EP has more than just Anti-Malware's web and file realtime, you are fine to keep the Exploit protection part of EP still on. IR and EP will also run on-demand or scheduled scans as normal, it is only the realtime pieces, which is what EP brings to the table over IR, that need to be adjusted for compatibility in accordance with a server's role.
  13. What is your policy set to get updates from on the console? Internet or MBMC server?
  14. Yes. For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches. Update: this no longer applies now that our update is out, you no longer have to touch your Action Center settings within the MB3 based programs.
  15. I don't have an answer right now, regression testing is still underway. The update for MB3 based products, to allow the registry needed to be created, was released on Jan 4th. To be absolutely clear, all of our products are, and have been, compatible with the patch. It was the creation of the registry key to allow automatic pulling of the patch which was not yet done at the time.
  16. That may be a problem, drive shares and UNC paths are not supported in MBMC's ignore list and there are known issues with the MBAM version in this product, its realtime function and applications that run from or write to drive shares. We have two workarounds for that, though success with them varies. First workaround is if the server hosting the share is DFS type, you can change the Access Based Enumeration (ABE) settings on the server hosting the share or application that runs from the share. As a test, you can you see if disabling ABE can help with the issue. To disable access-based enumeration using the Windows interface: In the console tree, under the Namespaces node, right-click the appropriate namespace and then click Properties. Click the Advanced tab and then uncheck the "Enable access-based enumeration" for this namespace check box. Screenshot attached and you may also follow this link for more info - https://msdn.microsoft.com/en-us/library/dd759150.aspx Option 2 is to create a new group in AD, assign some of the Computers which have the problem to that group. Add that group to the drive shares, giving the group full access over the share. If this works, assign all Computers needed in AD to the group.
  17. No, these are separate products. MBMC is hosted on your own server and installs legacy MBAM (1.80) and MBAE (1.10). MBEP runs from a SaaS web portal and deploys our next-gen MB3, modified for use on business systems. Depending on which one you have, the approach will be different, and only MBEP supports exclusions via file extension directly.
  18. @Kalrand Terminal's issue with the EP portion is a new service will start with every user that connects, this can eclipse system resources and bring the server down, which is why we do not recommend EP to have its web and file realtime on if installed to Terminal role servers. Using the IR portion, no realtime is running and so there is no issue. Exchange, if you were to move to the EP side, needs to have the web portion disabled.
  19. It would be best to trial the product as you mentioned. To follow up on what dcollins was saying, the business version has better server OS support, however there are caveats for the roles a server may be in even if the OS itself is supported. Since this is running a resource sharing role, it may still have similar issues. For example, the business product can only support Terminal and Citrix resource sharing roles if the exploit protection is the only thing in use; the realtime web, malicious file and ransom protection are not supported for roles like that.
  20. Hi @x1a1x, I can point you to a business MB3 version which can support server OS, unlike the consumer MB3 version. See this link - https://www.malwarebytes.com/business/endpointprotection/
  21. Hi @patrfamilias. Are you using MBEP - Endpoint Protection, or MBMC - Malwarebytes Management Console?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.