Couple of thoughts.
1: In a lab condition this should have been something that could have been replicated.
Web calls, ISCSI, DNS and Client updates... that's just a few of the issues we had Saturday.
2: Whitelist an item in Malwarebytes Management Console
White list the management server and DNS servers
IS there a white paper that describes what this white list allows?
3: Schedule updates to non production or less business crucial servers/clients
Is there a way to set the policy to apply the previous DB version?
We would like to build a policy that will only deploy the previous update. This will allow the update to be tested on non critical machines before a full deployment.
As a note to this we were down for over 4 hours full system failures. Took our entire system management staff to bring the machines back online.
We didn't lose any data but transactions were not able to happen during that time.
I am not able to say more but if you would like to follow up hit me by my email.