Jump to content

bbowman

Members
  • Content Count

    13
  • Joined

  • Last visited

About bbowman

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. We're getting ready to do a phishing assessment but Malwarebytes is blocking the website linked in our email. I've added multiple exclusions based on the website, domain, and IP but I still can't hit the website without triggering MB. After each time I've added an exclusion I've tasked my computer to update from the cloud portal and restarted the agent service, then waited for the update task to show completed, but so far I'm still getting blocked. Are exclusions checked and applied on some different schedule that I have to wait for or is there a problem with how they are being applied?
  2. So just to update, still don't know why endpoints are not downloading and installing the scanning agent. I downloaded it and deployed it myself with PDQ so my endpoints are protected, but I suspect the next time an update is released they are not going to get it automatically. We'll see. I haven't had any server trouble, support gave me a number of exclusions to set and that has been done. It was not happening too frequently, but it has been over a week since I had any issues so I'm hopeful that problem is resolved. Workstations are a different story. Still seeing some performance issues there, I was experiencing them myself this morning. After any action there was a noticeable lag, especially when it came to opening a new tab in Chrome or launching a new browser window. I would see the Malwarebytes service spike in resource utilization briefly during this time and when it finished whatever it was doing the action would complete. I rebooted and haven't had any issues, but asking folks in the middle of design to reboot doesn't tend to go over well as it greatly disrupts their workflow and train of thought. I've added some exclusions to applications we use frequently on our workstations but still seeing this issue crop up from time to time. I'm going to test some more exclusions and see what happens.
  3. I've had it deployed for about a year and a half and never had problems on a server until recently. Any issues I had before we always with workstations.
  4. Thanks for letting me know. I've been continuing to work with level 2 support and hopefully we're making progress. Just to clarify, are you also having the issue with endpoints not getting updates?
  5. I've submitted multiple Process Monitor logs and packet capture reports as of now, waiting to hear back from support. MB has been running constantly at over 50% CPU utilization on my primary domain controller, so obviously that is not good. I captured procmon logs from it and submitted them and I just manually ended the process to restore the server to functionality. Very frustrating issue to continue to have, there is no other AV installed on it either, so not some kind of conflict there. The problem is our users don't have local admin so when they run into this issue they can't just restart the service or kill the process.
  6. I've got about 150 or so active endpoints and had been having issues off an on with MB randomly running throughout the day and slowing machines down. All our workstations are Windows 10 v. 1803 build 17134.228 and servers are Server 2012 R2 Standard. We opened a ticket and were advised there was a known issue with the version we had that was causing this and was causing the endpoints to not receive the latest version. We were given an uninstall script to remove MB and advised to redeploy the end point agent, so we did that. A few days after this I realized that the End Point Agent had deployed successfully but had not installed the scanning engine. There are errors in the event log that it couldn't establish a secure connection. I only had 29 of our machines that actually had protection running. The cloud console did not give us any alerts or notify us that there was an issue, which is a MAJOR problem with that implementation. There should be warning klaxons going off every time I log in and coming to my email when the agent can't install the actual scanning engine on a machine. Support gave me the direct link it is trying to hit and I don't have any problems popping that in a browser and downloading the scanning engine, and I've manually deployed it to all my servers. So anyway, I have an open support case on that and haven't gotten anywhere with it but in the meantime on the machines that DO have protection the issue with them getting slowed down has returned. In fact, it's happening to me right now and about every 5th word I type there is 5-10 seconds of lag. It's also impacting my ERP server and causing that application to run slow, which is costing us serious money. I've got a ton of machines that are unprotected but if I put protection on them I'm afraid it is going to slow them down. Has anyone else had similar issues? Any solutions?
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.