CoxGreen

No emails here anyway as it broke my Exchange box... now just got to fix that.

Affrimative (sorry getting a timelimit on posts so having to wait to reply!)

Just downloaded database update V12 and it seems to be working!!!!!!

JUST GOT A NEW UPDATE DATABASE AND IT IS WORKING?!?!?!?!?!

I would keep an eye on this forum them: You are probably affected more by the RAM. I dont recommend uninstalling as I did it on one server and it is still broken due to quarantined files pre uninstallation.

When we right click on the icon we get the options see attached image.

If you can get onto the servers then you should be able to manually disable Website Protection but if you have lots of servers this isn't really an option. I also found that auto quarantine is enabled on my MBAM policy so I think this is why some of my server services are not working even after disabling Website Protection, I think it has quarantined some files to do with services like Exchange. Contemplating restoring file system.

That is my fix from post #9. I hope they are going to pay me for that!

Just checked my MBAM console and the servers that I have manually turned off blocked sites are showing Online, however the others are showing Offline. My bets are that the clients wont be able to receive the update fix, probably going to be manual fix for any affected machines/servers.

Nothing like testing updates.

Not possible unless they are virtual and you can direct connect to the host.

Almost as bad as that issue where it clashed with Microsoft's Endpoint Protection and made everything grind to a halt!

We arent sure if updates from the MBAM server are going out as the problem seems to stop all traffic (ping, DNS, etc...). I am having to get onto each of my servers using vSphere client, luckily all of my clients are offline today.

Database update version for me is v2018.01.27.03 if that helps at all for the devs.

All our servers are down with this bad update. DNS down, Exchange down, etc... I was able to get a FIX! logging into the servers and turning off "Website Blocking" on Anti MAlware fixed DNS and remote connectivity and ping issues. However Exchange is still not working, I have uninstalled MBAM and still not working so appears it might have quarantined a service, exe or something and this is now borked. Looking at restoring my servers to before the update and leaving the MBAM server offline, and blocking the update source on the internet.

Further to this, some of our machines freeze before we can apply the exclusions or before they can pull down the updated antimalware policy from SCCM. Also on some machines booting into safe mode, then disabling the MBAMService from starting and rebooting to try and get around this does not work and MBAMService still starts. As a workaround to this issue we have booted into safe mode, renamed the MBAMService.exe, restarted normally, updated the antimalware policy with exclusions and then rename the exe back and restart. Otherwise it is seemingly impossible to get it updated without the computers completely freezing. On another's note I have taken this opportunity to push out the latest version of MBAM, using SCCM to detect when the exclusion is in place on MSCEP which therefore automatically fixes the renamed exe workaround we have implemented and starts the MBAMService meaning we don't have to wait around for it to update and can get through more computers in that time.

What threw us was running just the MBAMService on its own (disbaling everything else from starting) still locked machines up. Apparently MS endpoint still runs! Looks like a problem with the definitions on the MS front identifying MBAMService. Luckily implemented this "fix" this morning but had no reply to my support ticket to be able to update your team with this info. I was concerned it might be a virus trying to disable Malwarebytes so had taken precautionary measures and disconnected the whole affected network. Would have been nice to have a major issue more publicly advertised.

I can confirm that putting the malwarebytes exe paths into the exclusions on our SCCM antimalware policies did work for us. However, due to the fact all of our machines lock up after booting because of the conflict we are having to boot into safe mode, then set the MBAMService to manual (this is the only service that is causing the issues for us) then rebooting and forcing a machine policy sync through Configuration Manager in control panel on the end device. Set the MBAMService to auto and reboot and all is fine (assuming the machine pulls down the update antimalware policy from SCCM). We also set the Malwarebyte exe as excluded processes using just the file name as the path has invalid characters. Appears to start affecting our clients some short time after recieving a definitions update for endpoint protection.