Jump to content


  • Content Count

  • Joined

  • Last visited

About CHall

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have recently implemented a fix/workaround for this a few weeks ago which has resolved every single MBEP issue I've ever had since purchasing the product last September. This includes endpoints randomly dropping off the cloud console and also causing interference with our regular AV and other unrelated house software applications (which were white-listed). None of the suggestions from the support staff has ever worked for us, including those listed above. Since implementing my own workaround, our MBEP struggles have completely stopped. The issue apparently is caused by a persistent memory leak in the MBAMService.exe process. Upon endpoint startup, the memory used (in Task Manager) on all our PCs starts at around 250,000 K. When left unattended, that memory usage will slowly creep higher and higher. After a few days to a week, that memory rises on our endpoints to 400,000 K to 500,000 K at which point we start having issues with our other software. Also, at this point, we start to see our first set of endpoints disappear from the cloud console. More and more endpoints begin to disappear as the hours & days pass. If continued to be left unattended, the memory rises to between 500,000 K and 1,000,000 K. At this level, MBAMService.exe CPU usage rises and gets stuck well above zero. On our fastest machines, the MBAMService.exe CPU will run steady at 13%, just enough for our users to notice performance hesitations. On our slowest machines, it will run steady at 50% in which the machines become basically crippled. To stop this, the endpoint must either A) be restarted, or B) the MBAMService.exe process must be manually killed and restarted. After doing this, everything calms down and starts working again. Everything. So after months of endless frustration, I ended up writing a .cmd script which stops the cloud service (MBCloudEA.exe), forcibly kills the MBAMService.exe process, restarts MBAMService.exe and finally restarts the MBCloudEA.exe service. I put a copy of this .cmd script on the endpoints and set Task Scheduler to execute it (as Local System) at 6:00AM every morning. Ever since implementing this workaround, all our MBEP problems have completely vanished and I haven't looked back since. If interested, here's the script I'm using: :: Reset Malwarebytes Endpoint Protection Services ECHO OFF NET STOP MBEndpointAgent TASKKILL /IM MBAMService.exe /F TIMEOUT /t 10 /nobreak NET START MBAMService NET START MBEndpointAgent It's incredibly simple. I chose to "kill" the MBAMService.exe process rather than stop the service because if the high CPU usage gets stuck, it has a problem simply stopping the service. Upon killing the process, MBAMService.exe re-executes itself, but I manually start it again in case it doesn't. Restarting with it already running doesn't harm anything. Also, if the issue is allowed to get bad, the Cloud Service has problems and sometimes stops on its own when MBAMSercvice.exe restarts. That's why I stop and restart the Cloud Service at the beginning and end of the script.
  2. @Roadrunner562, me too! I use MB3 at home and this is the single most important feature I miss in the business EP version of the product. I use it as you mentioned, and also to check attachments on emails before opening them. We use another AV alongside MBEP and it has its own context menu item (right-click on the file) to run a quick check on a single file. I use this feature all the time and am frustrated I can't do it with EP. I'm not a fan of polluting a product with a boatload of unnecessary features, but that one's a must-have for me.
  3. @djacobson, that was a wonderful explanation of your product and its components. I have a better understanding of the software now than I ever had before. Thank you. Regarding working with other AV products, I brought up in another thread topic that MBEP was interfering with our ControlNow AV and was informed that they both use something in Windows that can't be shared when running Web Protection, and that one or the other has to be turned off for Web Protection. I accept that, however, the interference with ControlNow has to do with the endpoint not being able to update ControlNow's virus definitions, which is part of their AV product, not their Web Protection product. As I said in that other topic, I have to restart the Malwarebytes Service to stop and reset its "memory leak" to get the endpoint to resume virus definition updates with ControlNow AV. If you have any input or help with that issue, working alongside our other AV, I'd appreciate it.
  4. Gotta be honest, I don't know what I'd do without this forum and all you, the community, communicating here. When my phone started ringing from users reporting in, this is the first place I came to and was immediately relieved that we weren't under attack or something. Thanks all. Keep it going.
  5. Multiple endpoints getting it here. Most are port 68, one endpoint is port 17500. Started at 2:20pm.
  6. LOL. Yeah, I saw that too and went through the same 'panic'. I too do not thing a blocked website should be categorized as an infected endpoint. It's misleading and unnecessary.
  7. Regarding this morning's symcd.com false positive web blocks, it was announced that the issue has been resolved and to "update to the latest DB version". This is easy on my home version of MB, but I can't figure out how to do this on Endpoint Protection cloud version. The endpoints have no user interface, so I assume it's somewhere on the cloud console but I can't find it. So I'd like to ask: 1) How do I update each endpoint to the latest DB version? 2) How do I know what version each endpoint currently has installed? 3) How do I go about finding out what the current version is so I know whether or not an endpoint is up to date? Thanks.
  8. @FredGreco Thanks. We'll just leave an exclusion until it's resolved.
  9. Started getting phone calls this morning of Malwarebytes notifications going crazy. Turns out it's blocking symcd.com website. After a little research, it seems that this has happened in the past. symcd.com is owned by Symantec and has to do with ad certificates or something. It's possible that something changed on that site that's triggering MB to block the site. For now, I've added it as an Exclusion as it appears to be benign. Anyone else getting this or care to add some input here? Thanks.
  10. Exactly. I went through weeks of technical hell right from the original purchase with no useful help from their "support" people before I finally found this forum and discovered I was not alone with these issues. I wouldn't have purchased had I read this forum beforehand. I too feel like a beta tester for this product. Also, we too are a user of ControlNow (Solarwinds), however I made the decision to keep that subscription and run it alongside MB for the first year, which was a fortunate move. Btw, that's one of the applications that MB starts interfering with when the memory leak is left to grow. Upon a fresh boot, the MBAMService.exe memory starts at about 250,000 K. Over a few days, it will climb on some PCs to 400,000 K - 500,000 K and at that point, those PCs stop updating ControlNow's virus definitions and appear with critical alerts on the ControlNow Dashboard. If I kill the MBAMService.exe process and restart it fresh, the ControlNow critical alerts go away and everything resumes normal operation. Left unattended, one-by-one our PCs will collect on the ControlNow dashboard with critical notifications. We've used ControlNow for years (since it was GFI) and never had issues until MB was installed. There are other applications on our network that also start breaking when the memory leak reaches that level. Back after the original installations, before I was aware of all the MB issues, the memory leak would grow to well over a gigabyte and CPU usage would spin-out and slow everything down.
  11. Out of curiosity, I checked my own Event Viewer and was shocked to see that I have over 2000 Errors from source "Malwarebytes Endpoint Agent", numerous events per day going back to October 4, which was the day it was installed (re-installed) on my PC. Not the same error either, too many different ones to be able to list here. I am loyal to Malwarebytes as both I and others have said in other posts, due to the fact that they always saved me from infected PCs in the past, for free, but my faith in this Endpoint Protection cloud-based product is utterly destroyed. My biggest complaint is a memory leak of some kind that requires me to restart all our PCs on at least a weekly basis, otherwise things start to break, lose contact with the cloud console (go offline), start high CPU usage on its service, and/or interfere with other applications on our PCs and network. At this point, I just live with it, frustrated with the choice I made for our company's AV/AM/AR protection until the annual subscription is up.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.