[Malwarebytes Patch Management vs Ninite]

Hi @pfefferc!!

Let me give you an overview:

Patch Management enhances our existing asset inventory management capabilities by providing Nebula/OneView admins insight on the outdated 3rd party software installed across their managed endpoints as well as gaps in the installed operating system updates.

Armed with this, Nebula/OneView admins can update supported 3rd party software and/or install OS updates/patches directly from the console on-demand or as part of a re-occuring schedule. Allowing admins the control they need to deploy updates.

It does not provide the ability to deploy custom installation packages or custom OS updates nor uninstall existing software or existing OS updates.

Ultimately yes there may be some common/similar features when compared to Ninite, but our Patch Management feature provides more control of keeping 3rd party software up to date via a schedule, it provides management of OS Updates, and it can extend our Vulnerability Assessment component to provide easy patching of vulnerable 3rd party software on managed endpoints.

[EDR resources]

On 5/27/2022 at 7:59 PM, PokyWizard said:

 

This feature is then only for Windows machines, correct?

Currently, It's Windows only but we plan to bring it to macOS later this year.

On 5/27/2022 at 7:59 PM, PokyWizard said:

Another issue still in Windows. Does MalwareBytes already support Windows ARM versions? As in some cases we need to run Windows 11 on Paralles, it ends up installing the ARM version. At least the "basic" version of MB doesn't support it.

As @AdvancedSetup called out, we do not currently support ARM64 versions of Windows. It's on our roadmap and will have more to share later this year. 

[EDR resources]

Hi @PokyWizard,

I am the Technical Product Manager of the Malwarebytes Endpoint Agent that our cloud-managed "Endpoint Protection" and 'Endpoint Detection and Response" use. I can help answer your technical product questions.

1 hour ago, PokyWizard said:

Can I block external devices on the machines (USB flash drive, External HDD, etc?) 

Yes, we added Device Control earlier this year for Windows endpoints. This gives you the ability to block external storage devices. You can learn more about it here: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula

1 hour ago, PokyWizard said:

 Can I check if users are getting infected?

Yes, you can see if users are getting infected from the Nebula Console and via Notification emails as well as detailed reporting.

1 hour ago, PokyWizard said:

Can I check if users are running the endpoint? I've had cases where the user tried to install an update and didn't complete it and went months without the application running.

Yes, the Nebula Console will list all endpoints you have installed the Endpoint Agent on as well as the versions of the protection components that are installed/running.

Updates can be handled for you automatically too so you don't have to worry about what an end-user did or did not install.

1 hour ago, PokyWizard said:

I posted here because I tried to contact the commercial in Brazil and got no response.

That's not cool. Drop me an email at alsmith@malwarebytes.com and I will get you in contact with our sales teams personally.

[Patch Management - Push Custom Application]

On 5/3/2022 at 11:48 AM, REGITDept said:

Dear MB,

Does the Patch Management have the feature to push out custom application?

Thanks.

It does not support adding custom applications. Currently, it supports the following 3rd party applications: https://service.malwarebytes.com/hc/en-us/articles/4576809351443-Supported-Patch-Management-applications-in-Malwarebytes-Nebula

[Feature Request: Single Sign On support for Azure AD, OKTA, Google, Others]

40 minutes ago, Savitek said:

When I go to cloud.malwarebytes.com it redirects me to https://oneview.malwarebytes.com/dashboard.

Here I don't see the same options is what's in the directions.

I hope I'm an idiot and I'm just missing something.

Thanks!

That's our OneVIew MSP platform, which is like a multi-tenant version of Nebula but not the same thing. OneView does not support SSO today. I recommend providing this feedback inside of OneView itself so the request gets officially logged: https://support.malwarebytes.com/hc/en-us/articles/360039868234-Send-feedback-in-Malwarebytes-OneView

[Feature Request: Single Sign On support for Azure AD, OKTA, Google, Others]

@Savitek I assume you are asking for Azure AD SSO support for our Malwarebytes Nebula platform? If so, we already support that today: https://support.malwarebytes.com/hc/en-us/articles/360039018693-Setup-Malwarebytes-Nebula-single-sign-on-with-Azure-AD

If you are looking for something different, let me know the specifics and we can go from there.

[Feature Request: Link/URL Sanner]

1 hour ago, RevivalTech said:

Yes yes, that is right along the lines that I was thinking! Haven't gotten too specific, just had a client with a sus link, and I couldn't remember VT at first, so when I finally did I thought it would have been handy to have it built into the web guard extension, or now the idea of the toolset perhaps.

Yea, listen to you twos I realize more how large VT is and the comparison to MB. I think I had a opposite perception haha. So I understand now that it wouldn't be a clone, but having something similar within the MB fam of toolsets could be nice value add addition I think. Much appreciated for chiming in! 

Thanks for the clarification. I now have a much clearer picture of what you are looking for. Other PMs have already looked at this thread and are in the loop too (in case this should be introduced elsewhere in our product line).

We can't promise anything at this time, but the concept of a URL Scanner in the context you're looking for is something Malwarebytes has been looking at doing. So while it's on our radar, I can't say for sure when we would have this and exactly where it would be accessed from.

In any event, thank you for the feedback and allowing me to pick your brain a bit.

[Feature Request: Link/URL Sanner]

@RevivalTech I am the Technical Product Manager of the Malwarebytes Toolset and after reviewing the thread I have a follow up question:

Would it be accurate to say you are looking for Malwarebytes to create a utility that does the following?

1. User inputs a URL into a GUI or CLI utility
2. URL is loaded silently and scrapes content for any additional URLs
3. All URLs are analyzed with our Web Protection and Browser Guard databases/engines
4. Output a report of the detected URLs and provide a Good/Bad result for each

If you are looking for something more than that, can you clarify the specifics?

As far as building a "VT clone" goes, I would say that's out of the scope of what we can provide. We participate as a trusted partner with VT already, it wouldn't make sense to make something like it when there is a well-established platform that provides results from us and so many other security vendors.

 

[Feedback - Malwarebytes Endpoint Agent and Nebula Console]

Hi,

I am the Technical Product Manager for the Malwarebytes Endpoint Agent (Windows, macOS, and Linux). That's the core piece of software that connects our Malwarebytes protection products like Malwarebytes Endpoint Protection to our Malwarebytes Nebula (and OneView for MSPs) cloud infrastructure.

With that being said, I wanted to hear from our Forums community what you would like to see changed and/or added on the endpoint side and the cloud console side to improve protection and management.

Thanks!!

[Windows 11 problem]

2 hours ago, JayCee2 said:

The file Addition.txt was not found in the directory with FRST.exe, or anywhere.

 

FRST.txt 51.49 kB · 1 download

I will let @AdvancedSetup chime in too, but that's odd that addition.txt isn't being generated. That might align with why our Support Tool failed at gathering logs and could indicate the root cause is something outside of Malwarebytes.

With that being said, I did notice something odd in your FRST logs:

HKLM Group Policy restriction on software: %AppData%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <==== ATTENTION

The above are non-standard items that in theory could interfere with legitimate application components, especially temporary ones (commonly used in updating scenarios), from executing properly.

Can you remove those then perform a clean uninstall and reinstall of Malwarebytes? If things are still being evil, try gathering logs again and let us know of any errors you encounter.

[Repetitive errors in system log]

@jgphelps @AlexLeadingEdge thank you for sharing this and we apologize for the concern this issue is causing. These errors can be safely ignored at this time.

In case you are wondering, the error is being produced by the Endpoint Agent attempting to enable upcoming enhancements to the Anti-Exploit engine that haven't been released yet. Essentially, we are saying "hey, this setting you tried to turn on doesn't exist". This results in no functional impact to our product and can be ignored.

[Endpoint Agent Setup for Windows Assistance Needed]

@mjolly803 Sorry for the delay in a follow up. Properly licensed for Server support would mean having a license that includes seats for Endpoint Protection/Endpoint Detection & Response for Servers.

When the Malwarebytes Endpoint Agent performs license validation and redemption on a Server OS, it will redeem against the seats for Endpoint Protection/Endpoint Detection & Response for Servers. This in turn means that Windows Server endpoint would now be able to use Server specific capabilities which are configured via the Policy settings in the Nebula/OneView management consoles.

Some of the unique settings/configurations for Windows Server include Brute Force Protection for Server Protocols and Suspicious Activity Monitoring for Servers (EDR Only).  For more details on settings and Policies, check our user guide here: https://support.malwarebytes.com/hc/en-us/articles/360039985913-Malwarebytes-Nebula-Administrator-Guide

Unfortunately, I cannot provide much additional guidance on using a non-Server license on a Windows Server endpoint as that would go against our current licensing.

[Endpoint Agent Setup for Windows Assistance Needed]

Hi @mjolly803 and great questions!! Oddly enough, you sort of already answered it yourself, but let me confirm and expand on it.

The Malwarebytes Endpoint Agent and the Malwarebytes software component plugins are the same for Windows and Windows Server. Endpoints that are running Windows Server (and properly licensed for Server support) will have access to unique Policy settings/configurations for Windows Server. Policy settings are managed from the Malwarebytes Nebula and/or OneView consoles.

Let me know if oyu have any additional questions.

[problem with notifications]

7 hours ago, nukecad said:

Just to note that it has always listed the full first page of our notifications for us over at the CCleaner forum, with the unread ones bolded, so maybe clearing them from the 'Bell' dropdown is a forum specific setting rather than the underlying software?

Our current issue is that it's not following the behavior they stated to us that is expected (i.e. items drop off after 30 days).

7 hours ago, nukecad said:

We just got this update over there yesterday, nothing in particular we've noticed there yet apart from that issue of the 'viewing' missing from the hover; and the Activity Stream playing up which it always seems to do when they update anyway. (Oh and mods couldn't Move, Split, or Merge posts for a while, that's now working again).

Yeah we reported the missing functionality with the hover and IPS stated that was an undocumented changed with 4.6.x. They removed as part of refreshing it for the new Achievements component. We have made a request to have that restored, but haven't heard back definitively on it.

For the Activity Streams issue, you'll need to rebuild the database. We had the same issue too.

Just an FYI - We also found a bug that occurs when searching with the "This Forum" option. That option is not respected after the first page of results and instead reloads the search with results from "All Forums".

 

[problem with notifications]

@tetonbob @MKDB @AdvancedSetup - We have confirmed that the expected behavior is not being respected and instead the Notification pop-up menu is showing all notifications from the first page of the "All Notifications" area. We have reported this back to IPS and hope to hear back soon.

[problem with notifications]

@tetonbob @MKDB @AdvancedSetup - IPS has informed us that this is expected behavior as the Notification click mini-menu is supposed to list notifications from the last 30 days.

[problem with notifications]

@tetonbob @MKDB @AdvancedSetup - I have reported this odd behavior to IPS.

[problem with notifications]

@MKDB thanks for sharing this issue!! IPS has informed us that they have implemented a fix for this issue. Please let us know if it has been resolved for your account.

[Remotely manage Malwarebytes application installations on users]

@PokyWizard yes, Malwarebytes Endpoint Protection is a managed product that uses our Malwarebytes Nebula cloud management platform and would give you the reporting/tracking you are looking for.

If needed, you can learn more about the technical specifics on our support site: https://support.malwarebytes.com/hc/en-us/articles/360039985913

[Lastest Forum Update bugs]

@David H. Lipman IPS has informed us the change to how anonymous users appear in the "Who's Online" block on the main page was by design, but not documented in their release notes, to improve load performance of their platform. They also informed us that removing the "viewing" status of the profile hover card was also not documented in their release notes but was by design to support the new Achievements component in 4.6 (we currently do not use this new component by the way). We requested that they add back the later functionality of the hover card in a future release.

As far as the Streams issue goes, that has been resolved.

IPS also fixed errors related to uploading attachments (error 200) and resolved some overall forums performance issues.

@1PW I appreciate the feedback on that, but that is not really a traditional issue per say since the information is still there, just displayed a little differently. One could argue it conserves space with the new format. We won't be requesting IPS to look in to or change this.

[first time seeing this error - admin install and upload failed message]

@Gt-truth IPS has informed us that these issues should now be resolved. Please let us know if they return.

[first time seeing this error - admin install and upload failed message]

Thanks for sharing. We have reported this to IPS.

[Lastest Forum Update bugs]

18 minutes ago, David H. Lipman said:

Thanx @AlexSmith

Another bug is the Thread Starter identification.  There used to be a flag on the account that started a thread noting that person as a Thread Starter (or other verbiage) and that no longer is the case.

Are you not seeing the following?

[Lastest Forum Update bugs]

@David H. Lipman we have verified the issue and reported it to IPS. In the meantime, you can view that info using the Online Users page: https://forums.malwarebytes.com/online/

[Lastest Forum Update bugs]

We are looking in to this along with a bug effecting Streams