Jump to content

djacobson

Staff
  • Content Count

    1,298
  • Joined

  • Last visited

Posts posted by djacobson


  1. Malwarebytes cloud platform update - September 13, 2018

    Malwarebytes is scheduled to update our cloud platform on September 13, 2018 at 8:00PM EST / 5:00PM PST.  We anticipate less than 3 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

    New Features

    • None

    Improvements

    • For Malwarebytes Endpoint Protection and Response only - Added granular Endpoint Isolation options, enabling administrators to specify one or more isolation methods to be applied to the selected endpoint. By default, all three isolation types will be selected:
      page1image1750976
       
    • Added Malwarebytes AdwCleaner for use and download from the “Add Endpoints” page within the cloud console. Please note this is an unmanaged solution:
      page2image1773824
       
    • Added capability to use shift key + mouse click to select ranges of items for tables that allow batch actions.

    • Updated Malwarebytes tray icon so that end users who are permitted by policy to initiate scans can bring their minimized scan progress window back into focus by simply double-clicking on the Malwarebytes tray icon.

    • Changed the Malwarebytes Self-Protection Module so it’s enabled bydefault for all new customer accounts. This setting controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. Enabling this setting introduces a one- time delay as the Self-Protection Module is enabled. While not a negative, the delay may be considered undesirable by some end users. We strongly recommend existing customers enable this setting in their security policies.

    • Added a loading spinner animation while paginating through large sets of data.

    • Removed Anti-Exploit shield from Chrome due to Google’s new policyagainst code injection into Chrome.

    • Extended the timeout toggle for “Remote Assistance” to 4 hours.

    • Updated Syslog Communication feature so that the designated endpoint cannot be uninstalled using the Deployment & Discovery tool unless it’s first unselected within the Syslog Communication setting. This prevents administrators from inadvertently losing syslog messages. Before removing an endpoint, Malwarebytes cloud administrators will need to first disable Syslog Communication in the console or promote a different endpoint

    • Fixed: Malwarebytes Single Sign-On settings page styling and page scroll.

    • Fixed: Read Only users can log into the Deployment & Discovery tool.

    • Fixed: Could not edit a user’s email address if the user account has not been verified.

    • Fixed: After Endpoint Agent upgrades, some .zip files under ...\windows\temp are not deleted.

    • Fixed: Filter options on the Endpoints and Detections pages are sometimes cut off abruptly.

    • Fixed: For Malwarebytes Endpoint Protection and Response only - Several bugs were impacting administrator’s experience interacting with

      the Process Graph feature.

    • Fixed: For Malwarebytes Endpoint Protection and Response only – Reset the network adapter on the endpoint to enforce network isolation.

    • Fixed: For Mac endpoints, the “Check for Protection Update” action does not update the “Last Refreshed” attribute on first run.

    • Fixed: Endpoints could not be moved to a different group when selected using the “Select All” checkbox.

    • Fixed: Windows Server 2008 scans can crash when scanning .lmk files.

    • Fixed: User Verified account notifications are not getting emailed to administrators.

    • Fixed: Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off.

    • Fixed: For Malwarebytes Endpoint Protection for Mac only - Scans are occurring every hour, regardless of what the scheduled scan interval is set to.

     

    Known Issues

    • Exclusions that have been entered with short file name paths such as“c:\progra~2\” are not being applied.

    • Modal windows are showing an unnecessary scroll bar.

    • For Malwarebytes Endpoint Protection and Response only - When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”.

    • For Malwarebytes Endpoint Protection for Mac only - Scan History tab does not get information populated if Threat Scan does not detect any

      threats.

    • For Malwarebytes Endpoint Protection for Mac only - Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web

      browser’s locale.

    • For Malwarebytes Endpoint Protection for Mac only - Endpoint Agent does not report update_package_version on fresh Endpoint Protection install.


  2. MBMC does not have the ability to show when releases are done, it is unfortunately a manual process for this. You can compare version numbers between your console in the bottom corner and the version listed on the MBMC installer you've downloaded, or you can use the release history page here to compare - https://www.malwarebytes.com/support/releasehistory/business/#mbmc2

    The package number on the zip changes whenever something within it changes, most commonly Anti-Exploit's build version, which updates very often since it is a signature-less program.


  3. Hi @heldveld, your question and discovery here is definitely worth keeping around for others that may encounter the same thing. I can hopefully add some clarity to what happened here.

    The Policies > (your policy) > Settings > SCAN OPTIONS > Potentially Unwanted Programs (PUPs), and Potentially Unwanted Modifications (PUMs), area defines the reaction properties of the scans (and the realtime engines) to PUPs and/or PUMS that you send to machines on-demand. These are the scan types you invoke manually from the Manage Endpoints area, when one or more endpoints are checked, and you select Actions > Scan + Report, or Scan + Quarantine.

    The scans kicked off by the Schedules area has it's own options to define whether that particular scan will react to PUPs and/or PUMs, by having or not having, those options defined within the scan schedule you have created.

    To break it down, these options are for telling Malwarebytes what it should look for, and the "Quarantine found threats automatically" in the schedule, and Scan + Report, or Scan + Quarantine for the on-demand, is giving Malwarebytes the instructions on what to do with what it finds.

    Hope that clears it up!


  4. Hi @SivajiGanesh, MBMC itself will run on Server 2016, however, the included embedded SQL 2008 R2 Express is not supported on Server 2016 - https://support.microsoft.com/en-us/help/2681562/using-sql-server-in-windows-8-and-later-versions-of-windows-operating

    Quote

    SQL Server 2008 [...] Server 2008 R2 is not supported on Windows 10 or Windows Server 2016.

    You will need to stand up your own instance of a newer SQL, whether full or Express, and connect to it as an external SQL server during the install. Server 2016 may also have SSL 3 disabled natively, MBMC can support TLS 1.1 and 1.2, but it does not do so out of the box. Make sure that SSL 3 is on temporarily to allow the administrative connection to the SQL. Once installed, MBMC can then be configured to use TLS 1.1/1.2 and SSL 3 can again be disabled. See the attached PDF for how to setup MBMC to use TLS once the installation is completed - MBMC_TLS_Support.pdf

    How to connect to an Express SQL as an external database in MBMC

    Download a new SQL Express installer:

    Then follow these instructions for setup of the database and how to connect to it during install:

    1. Choose to create a New Installation.
    2. Choose "New Installation or Add Features" then click Next.
    3. Accept the license, then click Next, then Next again.
    4. Name the instance (I suggest naming it "Malwarebytes") then click Next.
    5. Click "Use Same Account for all SQL Server services."
      • On the popup, enter your Windows credentials.
    6. Choose Mixed Mode authentication.  Create a password for the SA account, then click Next.
    7. Click Next two more times and finish the SQL installation.
    8. Now proceed with the Malwarebytes Management Server installation.
    9. On the SQL step choose 'Use External Database."
      • Enter the Database Address, if named Malwarebytes from step 4, it will be ".\Malwarebytes" without the quotes.
      • Enter the username as SA, and then the password you created for it.
    10. Proceed with the installation as normal.

    Let me know if this works for you.

     


  5. This is most common on server's with long up times. How many scans are taking place between your up times? MBAM 1.x has limitations in how many scans can run, around 80-100, per uptime of the machine. The issue is due to the the desktop heap memory size. Reboots correct this as Windows no longer has tools to refresh desktop heap memory without restarting.


  6. Several other AV's do this as their stance is they are not compatible with other protection programs in place simultaneously, if their install detects we are there, they will uninstall our product (Kaspersky does this) or say theirs cannot be installed. We are not blocking any install. The options you have are to install Bitdefender first then MB, or you may try to have the Windows Action Center setting in your Cloud options put to "never register".


  7. MBMC 1.8.1.3476 does have some corrections over 1.8.0.3443 but does not address all that was put here yet, see the release history for what was changed for the newer patch build - https://www.malwarebytes.com/support/releasehistory/business/

    1.8.1 / May 21, 2018

    Improvements

    • Improved logic to show endpoints offline after missed check-ins in large environments

    Fixes

    • Addressed an issue where certain endpoints may fail to check-in due to duplicate key value
    • Fixed an issue where server was not receiving database updates depending on the update frequency set
    • Addressed an issue where certain Active Directory accounts could not log-in after upgrading

  8. Malwarebytes cloud platform update - August 16, 2018

    New Features

    • Malwarebytes cloud platform now supports role-based access control (RBAC). We’ve made RBAC extremely easy, enabling administrators to rapidly protect console access and data with the appropriate role according to their assigned Groups. Super Admin, Administrator, and Read-Only roles satisfy the majority of business use cases:
      • Super Admin users have full access to all Groups and features within the cloud console. Only Super Admin users can add, modify, or delete global Exclusions. All existing users have been converted to Super Admin users.
      • Administrator users have access to everything within the cloud console per their Group-level access, except for editing global settings.
      • Read-Only users can view all information within the cloud console per their Group-level access but cannot make any changes and are not authorized to use the Discovery & Deployment Tool. They can generate Reports and opt-in to receive Notifications.

    0818-nebula-update-hogthrob-00.png

    • Malwarebytes cloud platform now supports single sign-on (SSO) with popular SAML 2.0 identity providers (including Okta, OneLogin, and Azure). When enabled, administrators can easily and securely connect to our Malwarebytes cloud console using unsolicited SSO via a single identity provider they’ve already provisioned. Administrators using the Malwarebytes cloud console are automatically logged in using the same SSO tool they currently use to access other applications throughout the day:

    0818-nebula-update-hogthrob-01.png

    • New advanced deployment option: Active Directory. The Malwarebytes cloud platform Discovery and Deployment (D&D) Tool has been updated with a new Active Directory (AD) integration which supports advanced deployments. This updated D&D Tool connects with the customer’s AD to discover and map the organizational unit (OU) structure of the customer’s AD and use that to instruct which endpoints belong to all the different parent OUs and child OUs. When endpoints connect to the Malwarebytes cloud console, they are automatically added into their appropriate Group thanks to the D&D Tool’s mapping process:

    0818-nebula-update-hogthrob-04.png

    • New advanced deployment option: custom Group installation parameter. Endpoints can now be automatically assigned to a custom Group during installation thereby enabling rapid deployment across the enterprise. When an admin installs using manual (e.g., via command line interface) or scripted deployment methods (e.g., via GPO, SCCM, PDQ) they may now specify a Group ID parameter to identify the Group the endpoints should belong to within the cloud console. If a Group ID is not set, is unspecified, or is incorrect (e.g., typo, doesn’t exist)—then the default Group will be used.
    • [For Malwarebytes Endpoint Protection and Response customers] Malwarebytes cloud console now features a Process Graph. This provides administrators with greater visibility into Suspicious Behavior across their endpoints. Administrators can click on the Suspicious Behavior page in the cloud management console, select an item to inspect and then click on any of the icons to see visual details of the process, network, filesystem, and registry activities that caused the Suspicious Activity event. This additional context enables administrators to make better-informed remediation decisions:

    0818-nebula-update-hogthrob-05.png

    Improvements

    • Quarantined items for endpoints which have been deleted/uninstalled will no longer persist in the web console
    • Malwarebytes Endpoint Protection and Response now supports Windows 7 platforms
    • Added support for Mac end users to easily generate diagnostic logs by using <Control + Click> on the Malwarebytes icon
    • Updated Policy label format to be consistent
    • Some customer environments require additional time starting system services on boot
    • Fixed: Pagination would sometimes display negative counts
    • Fixed: Free memory is incorrectly reported for Mac endpoints
    • Fixed: The Deployment and Discovery tool shows installation success when the installation fails due to needed .NET upgrade
    • Fixed: Some users are not receiving all of their daily scheduled reports
    • Fixed: If the Endpoint Agent service has to wait too long for other system services to start, Windows kills it
    • Fixed: Discovery and Deployment tool doesn’t show more than 1000 results when AD scan is used

    Known Issues

    • Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
    • User Verified account notifications are not getting emailed to administrators
    • Windows Server 2008 scans can crash when scanning .lmk files
    • Sysprep can fail to run with Self-Protection enabled in the policy
    • Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off
    • Modal windows are showing an unnecessary scroll bar
    • Malwarebytes Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
    • Malwarebytes Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
    • Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
    • Malwarebytes Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install


    Our next cloud platform update is scheduled for September 2018.


  9. @dshapiro

    May I have you go to Control Panel -> Internet Options -> Advanced and double check that TLS 1.1 and 1.2 is checked and enabled? Check it if not. Do you have IIS manager role on the server? Go there and use the "create a new self-signed certificate" feature. Once created, use MBMC's "SSL Certificate Configuration" tool. You can find it in the start menu under Malwarebytes Management Server or in the file system under C:\Program Files (x86)\Malwarebytes Management Server, it's called SSLCertificateConfig.exe, right click and it and run it as admin for either the start menu shortcut or directly on the exe. Browse to the new self-signed cert and import it. Restart the server and see if you can log in.


  10. @dshapiro are you using embedded or external SQL? If external, what SQL version and what is the SQL server's OS version?

    If you happen to be behind a palo alto networks or sonicwall, these appliances often invoke our MITM protection as they change the packet header enough with their ssl filtering / ssl proxy / ssl packet inspection features to cause our program to drop the connection. I bring this up, because in your server log their, the error presents itself when the server goes to check your MBAM license against our license enforcement backend service.

    Info    2018-08-04 11:26:45.5124    13044    32    Performing Check for product code: MBAM-B
    Error    2018-08-04 11:26:46.3398    13044    18    There was an error warming up the reports: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
       at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
       at System.Net.WebClient.DownloadString(Uri address)
       at SC.Server.WindowsService.SCWindowsService.<>c.<WarmupReport>b__68_0()


  11. Hi @brainerdmobil 1.8.1 is a patch mainly for the server side, with this one you you could, but do not have to, redeploy to change the managed client version on the endpoints, the communicator portion has not been changed and doesn't need the upgrade.

    It can be found here...
    FAQ: Where can I download my business products?

    https://support.malwarebytes.com/docs/DOC-1161

    Upgrade to the latest version of the Malwarebytes Management Console

    https://support.malwarebytes.com/docs/DOC-1043

    My focus is the technical aspects of the products but there are all kinds of ways your sales agent can change your subscription. There are trials of the cloud product available so you can test drive it beforehand make sure it will work out for your roaming clients, and if it does end up being a good fit for you guys, you could trade some portions of your existing seats or discuss ways to convert the whole thing. Do you have your sales agent contact? If not I can find out and forward it.


  12. @brainerdmobil, it has all updated in less than a year, except MBAM.

    MBMC just updated to 1.8.1 in May of this year. More updates are coming.
    MBAE 1.12.2.90 just released not long ago on June 25th. MBAE constantly updates due to its signature-less nature to bring new features and compatibility. Much has changed in how auto-upgrade works and which MBAE is deployed by what MBMC since your support ticket from 2016. IE issues come and go depending on what add-ons are in use by your org and what Microsoft feels like changing about IE and Edge through updates, which we cannot plan for until after the fact.
    MBAM has not changed from 1.80.2.1012. The 1012 build addressed the last vulnerability within 1.x. Future console versions will use another version of Anti-Malware.

    You can find version info here - https://www.malwarebytes.com/support/releasehistory/business/

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.