Jump to content

R2CIT

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi All, There are similar threads going in another forum. There was a bad signatures file posted this morning around 7:45am PT. If you can update your settings either locally or Server side to turn off this setting: Start malicious website blocking when protection module starts And then make sure you update your signatures. It appears of you can get onto version .12 for today the combination of that settings change and the new signatures will stop those alerts from popping up. Sounds like they're still working on a longer term fix to allow re-enabling that setting once they've fully resolved it but this should get your machine back to usable status.
  2. As I'm digging into the data a bit more I thought this part was perhaps also worth noting. Those machines we've switched over to the newer Cloud hosted MB service did not appear to have had this issue with the false positive website blocked detections. It was only running the on premise server hosted version that picked up the bad signatures and got hammered. What is interesting is that a number of the Cloud protected endpoints did send out memory exhaustion alerts that I didn't see from the on premises protected endpoints. But the cloud admin portal does not show any detections for today. And the On prep shows almost 21,000 now.
  3. Confirming that between the latest signatures pushed out (.12) and switching off Start malicious website blocking when protection module starts and updating the policy appears to have quieted things down on our end. Only getting alerts from machines that are still scanning from the initial outbreak of this and don't appear to be updating while those scans are still running. KDawg, will you post when things are fully resolved and we can switch back on the Start malicious website blocking when protection module starts setting? Thank you!
  4. KDawg, please confirm which signature update contains the fix? I'm on v2018.01.27.12 now. Does the latest signatures just fix the memory exhaustion errors or does it also fix all of the issues with the false positive detections and emails as well? Please confirm.
  5. We're getting clobbered by this as well this morning. Confirming it appears to have started with the .07 update which pushed live around 7:45am Pt. I've updated multiple times over the last few hours to see if the latest resolves this but no luck. I'm on .12 now. Tried adding exclusions for the affected IPs for Google just too cut down on the volume. Admin panel says I have roughly 20,000 detections so far this morning. I'm also getting memory exhaustion alerts from several machines this is running on. Not to mention the few users who were trying to work this morning all got freaked out. Confirming I have switched off the Start malicious website blocking when protection module starts setting in the latest policy version and pushed it out to all online clients. Doesn't this require a restart of the MalwareBytes client or service for this to take effect though?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.