wiggy

tell me about it - 10/15min per PC x 20 PC's = 4-5hrs of my time plus the 3hrs on Saturday trying to work out what the heck was going on... what gives me cold shivers is what if this had happened during a normal working day! - 100 PC's all offline, company at a standstill - Jesus I can't even think about it.....

I found out on Saturday afternoon when my personal PC at home crapped out with mbam taking all the memory - that was V3 consumer edition, but at work we use the MBAM Cloud Endpoint Protection and I knew we had at least 20 PC's online at that time. I VPN'd into work, and the first clue that all was not well was the the PC I was remoting into was not responding. I drove in and sure enough all the PC's that were on, had either hung, were incredibly slow or had blue screened. I checked the memory usage on those that were still on and sure enough malwarebytes service had maxed out the memory. After hours trying all the fixes I found in these forums with mixed success, I resigned myself to fixing it the sure fire way - the good old uninstall/re-install 1. Hard reboot the PC 2. logon as Admin 3. quickly bring up task manager and stop the malwarebytes service (this is only temporary as it will restart itself and start gobbling memory at a rate of knots) 4. using windows program/features - uninstall malwarebytes - all of it - everything (all the while repeatedly stopping the malwarebytes service before it craps out the PC again) 4. eventually after doing a windows uninstall, I then did a further cleanup using the mb-clean-3.1.0.1031.exe (using both /cloud AND /managed syntax) 5. reboot 6. log back on and do a re-install of malwarebytes 7. wait 2-3 mins after install for it to completely settle down 8. from the cloud console, push an update command to the PC 9.on the PC check in C:\ProgramData\Malwarebytes\MBAMService\dbupdate.log for an entry that confirms a file definition/database has been pulled down and installed. 10. check in the cloud console that the push update command has been logged as successful

Anyone seeing outgoing web blocks to subdomains of custhelp.com today ? I think its some sort of embedded customer webchat widget that is hosted by Oracle. https://btbusiness.custhelp.com https://asda.custhelp.com/ https://edfenergyuk.custhelp.com/ https://equifaxuk.custhelp.com/ cheers...

The beating heart, the core of the Malwarebytes products, is I believe solid, its brand is well respected in the industry as a cutting edge 'go to' malware detection/prevention tool of choice. At home, I personally use Malwarebytes Premium, and am happy to say so. My company, ironically, used Malwarebytes Endpoint Security and it was flawless in its execution HOWEVER, giddy with the prospect of "upgrading" my company to the new cloud based Endpoint Protection this early, was a mistake - I hold my hand up to it. I understand that all early software releases are going to need tweaks - however with a frontline security product its simple unacceptable to have this many issues - Issues which frankly jeopardise my job and my family's livelihood, and potentially those of my colleagues and our company as a whole. A malware infiltration as a result of a faulting Mbam installation would be catastrophic PR - mud sticks, and once your company has been breached your reputation takes a heavy beating - for the SME companies without the deep pockets for fancy re--branding and clever counter PR agencies, security breaches frequently end in the insolvency courts as clients walk away and business dries up. Where would that leave me - I'd be known as that IT bloke who let the ransomware in - thats where. We need bullet proof confidence in our security products - and, while I'm sure Endpoint Protection will eventually evolve into a product worthy of the Malwarebytes brand , this IT bloke regrets being a lab rat so early in that journey.

We have deployed to 80 PC's We're into a daily routine of... 1. selecting all the 'offline' clients in the cloud console 2. pinging those PC's showing as offline - to see if they really are offline 3. for the PC's that are actually on, I connect remotely to their service console and 9 times out of 10 find that the Cloud Agent Service has failed to start when the user booted 4. I remotely restart the cloud agent service, and that typically gets the PC showing back online in the cloud console 5. where this happens more that twice on the same PC - I do a full uninstall/cleanup and a fresh re-install locally under the local admin account. At the rate we're going it won't be long until I'll have ended up doing a uninstall/cleanup/re-install on the entire user base I, along with the other IT admins here, frankly have better things to do with my time.

man, this blows... I like Malwarebytes - always have, but you can't use companies as production beta testers. SURELY in testing SOMEONE must have noticed excessive memory usage after 24hrs of use! If our company has a security breach because of this kinda stuff then who takes the fall? not MB - me. My job, my salary, my mortgage, my wife & kids - yep, it gets that personal. When you work for a SMB who haven't got the financial resources/resilience of the big corporates then this kind of thing REALLY matters I think they forget that sometimes...

Hey - I wasn't aware of this ransomware module memory issue... Is this only an problem for PC's that typically get left on? I'm guessing normal daily, on at 9am off at 5pm, wouldn't be a problem? What the sort of uptime duration when this gets to become an issue? cheers...

Heard back from MB tech support today after sending them examples of these error logs...

Yeah - all those errors especially the... 2017-09-28 06:33:50,519+01:00 [92] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam ...makes me wonder if the agents are actually updating at all - how can you tell? The cloud console shows all agents green, but those errors must mean something isn't quite right.

Hey Happyfox, Yep - every PC in our domain is full of those exact same errors as well. In addition to those three errors you mention - we also get these as well... Would like to get to the bottom of this as something doesn't feel right, even though the PC's in the cloud portal are showing 'green' cheers,

Endpoint Protection is a replacement/update/upgrade for Endpoint Security. Both these products are intended for Business use. I believe Malwarebytes 3 is primarily intended for the consumer market Not sure on the Mac specifics Its subjective of course, but yes, if you trust the brand and believe the marketing then Endpoint Protection has enough layers of security to be the only software you'll need to install.

Hi, anyone else had the user profile ntuser.dat corruption/lock since yesterdays EP update - this problem was present on the older Endpoint Security Anti-Ransomware (see link)? we had 20 users this morning whose profiles were inaccessible - so we had to restore from backup

Our firewall does not allow EXE or MSI downloads AND our PC's do not run with administrator permissions. Will this prevent the Endpoint Protection agents from being able to update themselves.

Must be some major issue going on - the Endpoint Protection management interface at https://cloud.malwarebytes.com has been down for the last 12hrs. Event logs on all user PCs filling up with connection and sync errors, clients not updating and no visibility into our Endpoint Protection environment - not ideal.

We are current users of the older Endpoint Security product with the three agents rolled out to our end users (Anti-malware, anti-exploit and Anti-Ransomware) We are currently trialling the new cloud Endpoint Protection Firstly - all PCs that we have installed Endpoint Protection onto so far, show up in the webconsole OK (all green), we can initiate scans, updates and asset update commands and the console reports back as complete when done - which is great, no obvious problems.... 1. Our policy requests that the endpoints check for updates every hour - I have no idea if this is happening? Is there a log somewhere? 2. I notice that on the PC's that had their existing three Endpoint Security agents automatically uninstalled by the new Cloud Endpoint Protection agent , there seem to be remnants of the old product left - for example ALL the updated PC's still have this in their startup process.. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Malwarebytes TrayApp C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe If this reference is still there, then what else may still be lingering from the old Endpoint Security software, and could it interfere with Endpoint Protection at some point? 3. A number of PCs have Endpoint errors in their application event log, for example this one appears on PC startup... 2017-09-08 15:05:51,555+01:00 [24] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam Is this the new Endpoint Protection, or a hangover from the old Endpoint Security - should I be concerned? 4. This new Endpoint Protection software has x7 layers of defence built-in which is great, but I know from personally running mbam consumer premium version that there have been times when one of these layers stops working - not good, but at least I knew, because of the orange exclamation mark in the tray icon. without an end user interface on Endpoint Protection (or an option to deploy one) we lose easy visibility into these basic things, not to mention the ability to right click and manually scan a file, which was useful. As admins, security is not a guessing game - we need to be 100% sure that we understand our security defence apps and we need to be 100% sure that they are working as we believe they should. As it stands, there's an assumption that all is well and is working as it should - certainly our cloud console is happy that everything is deployed and communicating properly - but personally, given the anomalies I've mentioned above, I'd like a little more evidence on hand. cheers!