Jump to content

King_Of_The_Castle

Members
  • Posts

    39
  • Joined

  • Last visited

Posts posted by King_Of_The_Castle

  1. Sorry if this has been answered before. I was wondering if there is a way to add a custom rule to block a certain file from being opened. We would like to prevent a certain zip file named "u.zip" from being opened as we know it contains a portable version of the known proxy software "UltraSurf" that let users surf the internet unrestricted (big concern).

    Thanks,

  2. 17 hours ago, PaulC1 said:

    Same problem here. Has happened again on endpoints that have been fixed previously. Does anyone know the cause? Is this something that can be fixed in the Malwarebytes Endpoint software?

    No Paul, only workarounds so far or small band-aids in order to remediate the issue for the time being... I really hope the MalwareBytes team fixes this as soon as possible.

  3. On 5/2/2018 at 12:12 PM, vbarytskyy said:

    Hello,

    Could everyone in this topic experiencing the issue run the attached "ConfigFixer.bat" from a local machine to test with. If it does work, it can be further deployed as a batch file.

    Make sure to run this bat as admin.

     

    https://malwarebytes.box.com/s/599mrui1hgzx6u5txa7r3j5pryw0b8qb

    Tested this bat on a couple of endpoints and it fixed the issue. But I also got this message on one of them:

    Making sure the Malwarebytes Endpoint Agent service is stopped...
    Looking for backup in .\
    No valid backup configuration was found
    Unable to restore configuration from backup
    System error 14001 has occurred.
    
    The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

     

  4. On 5/10/2018 at 7:33 AM, Kalrand said:

    We had 14 endpoints go offline this morning, all of the physical computers are up and running. To combat this since we've seen it in the past is to restart the Malwarebytes Endpoint Agent. We automate it a little by using PDQ Deploy with a script to restart the agent. Below is a snippet of the script we use, I left out some of our logging functions that you probably wouldn't need.

    
    START /WAIT net stop "MBEndpointAgent">nul 2>&1
    timeout /T 3 /nobreak>nul
    START /WAIT net start "MBEndpointAgent">nul 2>&1

     

    I tried this on a couple of endpoints to see if it would really prevent them from going offline. Unfortunately one of them went offline a couple of days after I scheduled the service to restart everyday. Even though this is not the kind of behavior I expect from a corporate product from MalwareBytes....I'm so disappointed.

  5. 1 minute ago, vbarytskyy said:

    @King_Of_The_Castle

    Could you get a dump of the mbamservice.exe for us to look at and upload it? 

    Upload it to www.filemail.com since the dump may be large. 

     

    Also- 

    Could you run procmon on this machine for a few minutes and upload that log as well so we can see what's using resources

    https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

     

    Thanks, 

    Vlad

    Hi @vbarytskyy. How can I obtain dumps from both mbamservice.exe and procmon?

    Thanks.

  6. Well...Looks like the "No-Tray Icon" Policy helped just for a couple of days....the tray icon processes are back and grabbing more and more RAM by the day. If I let this keep up it will become to a point where every single process is taking over 1GB of RAM, thus slowing things for every user connected to the terminal server. I'm hoping this months update helps but I don't want to keep my hopes too high...

     

    MB-tray-issue.PNG

  7. 1 minute ago, IT_Guy said:

    I have a number of endpoints that have begun using 100% CPU usage again over the last week. I didn't receive any notification that an update was being pushed so I don't think there has been any new updates?

    They did email us and specifically say repeatedly that they would improve communications and stop pushing out updates that break endpoints.

    If they have pushed out a bad update again, this might be the last straw for us.

    Also I'm seeing near 100% RAM usage. Terminals server create a "Endpoint Agent Tray" process for every connected user which uses 500-800MB of RAM on its own. Right now I'm creating a test policy with the agent tray icon disabled and see if this helps as a workaround. I'll update on the outcome. 

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.