Jump to content

Recommended Posts

We will always be faster to update than MSP's, that's a given as we are the author. New LT plugins also take time to code and then for LT to vet once those programs are finished. To be on top of what's available, you will have to be proactive and look at our support KB area I linked for jpereboom, or you could let it be and wait until LT notifies you of a new plugin once it is on their hands and they have finished their testing.

Notifications on the forum will be a mirror of the support KB, it will be in the KB first. There is nothing to sort through on the KB site, it is posted front and center, all major need to know stuff will be there...

59a469248a33d_mbarwupdateannouncement.thumb.JPG.17756467b4529a2956f45efeede2e96a.JPG

1. When we push NEW installations of MBARW using our EXISTING LT plugins, I'm still seeing the OLD version of MBARW deployed. Am I correct that this will be the standard behavior until a NEW or UPDATED LT plugin is developed and distributed?

That is correct. The plugin is only going to install what it has available within it. 

2. If we manually apply the update of MBARW (either manually or via the .MSI file you've referenced), will that cause any issues with the EXISTING LT plugin? (ex: installations no longer recognized, etc.)

I do not have a way to know that, this is something for LT to test. Or some daring LT admin to try out ;p

I do not foresee any issue as the programs functionality and options have not changed. I imagine it will be similar to how Anti-Exploit is able to upgrade independent of your LT platform and run correctly. New pushes will revert the version though, that is a truth for MBMC as well. I could see however, that it is possible for it to not display the correct version number, but that is my own speculation and may not be the case. At any rate, it is not going to break anything and leave you with a sev 1 type scenario.

3. Per the question posed by jpereboom above, after the update of MBARW is installed (either manually or via the .MSI file), will FUTURE upgrades to MBARW still have this behavior, or can we simply have transparent updates from this point forward (at least for MBARW)?

To clarify, the program already has silent update ability, and we have already released a few silent updates, these were what we call CU's, component updates, for MBARW which you probably never even noticed. This one is prompting because; one - the business build was mistakenly included in a live push meant for consumers. And two - it is a whole program revision, not an update (this was required to fix the temp profile issue, it couldn't be done in a CU), and requires local admin permissions to run. For the question about future behavior for program revisions on the business MBARW, the answer is, no, it will not. See below...

41 minutes ago, djacobson said:

the business MBARW build will no longer be part of the over the air updates.

4. WHEN can we expect the new MB Endpoint Protection product to be the one installed, supported, and managed by the LT plugin? I don't expect an exact date, but a general timeframe for moving us LT partners off the legacy platform and onto the current platform would be nice to know. After all, our clients expect us to provide them with the latest, best protection, and obviously what we're working with isn't it.

I know of no plan for the MB3 business product to be available to any MSP's. That is an Executive and Program Manager level decision. It for sure will not be possible until such a time as there is an API written for it, and I am not at liberty to share the timeline for MB3 Business to receive the ability to be controlled via CLI. I can share that it is something we have planned to create and is in the pipe.

Share this post


Link to post
Share on other sites
30 minutes ago, jbwilliams33 said:

Is there anyway to suppress the "New Version Available" update? I have been looking for a registry setting.

No, there are no options for the system tray. If you remove the MBARW start run entry in registry, you will break the program. Your users can click on the X until such a time as you can push the update manually. The prompt will return at the next restart.

Share this post


Link to post
Share on other sites
12 minutes ago, djacobson said:

That is correct. The plugin is only going to install what it has available within it. 

@djacobson My understanding from testing with LT was that the actual end-user installation files used by the LT plugin were downloaded from a MB server as needed and installed. I put LT Tech Support through extensive testing on this issue some months ago, and we could not find ANY of the installation files on our LT server. Moreover, as MBAM updates have been released, the newer versions of them have always been downloaded and installed by the LT plugin on NEW clients' computers.

If this is truly the case, that the LT plugin merely downloads and installs the various program installers as needed, is it possible for the latest MBARW to replace the old installation file so that NEW installs will at least be the latest version?

Share this post


Link to post
Share on other sites

@WHairstonLOI I remember that case. Another L2 B2B agent and I were helping the LT agent and it had to do with how it pulled MBAE. The software pieces are pulled from a link and not from your LT server, but it is not our download link, ours is a zip package for the console with the standalone MBARW contained within - https://downloads.malwarebytes.org/file/mbes_for_business

There is no other link that we host which contains MBARW-B, except our update backend server, sirius, which only the programs themselves can talk to and is not where LT get's the installers. The installers are pulled from some server or cdn that LT runs but I forget what it is, it's been a while since that case. I can ask our Partner PM what the link is and if it is possible to change that so it pulls something newer.

Share this post


Link to post
Share on other sites

@jbwilliams33, no, the notification behavior is part of the application itself and is not a registry setting. There are no settings at all for the system tray in registry except for the start run, which is the application's front-end itself and the tray icon. If it is disabled, the MBARW service still runs but the program will be broken and not able to properly respond to an infection event. MBARW is a very simple tool, any and all complexity went into its detection engine. The CLI it can respond to is only built around adding and removing exclusions, deleting or restoring items from quarantine, and starting and stopping the protection. If you wish to no longer see the notification, you must uninstall and reinstall, to which I would say if you're gonna do all that, you might as well just upgrade it.

System tray stuff has been covered before here - 

 

On 4/4/2017 at 2:56 PM, djacobson said:

I'll share the answer to this question so that any future customers who are wondering the same thing maybe able to come across it.

There is no option within the program to disable the system tray icon for MBARW. You could delete the registry start entry if you really want to as the MB3Service will still run, however, understand that the consequence of this is that all interaction, as in notification to the user that something has been blocked or the restart action that will be required to finish killing a ransomware attack, will no longer happen. It cannot be done without impacting the program's basic functionality.

 

Share this post


Link to post
Share on other sites

Has anyone else had the update cause issues? We have had about 15 PC's get stuck in a reboot loop after installing the update. To fix, we have to boot into safe mode, uninstall MBARW and reboot to resolve the issue.

Share this post


Link to post
Share on other sites

@BRAM, did you already have a previous issue with shutdown loops, long shutdown times or hung shutdown with MBARW? I've had that issue pop-up about three times. It is very hard to diagnose because it is during shutdown and no tools will work during that time. Windows Event Viewer doesn't offer many clues either.

Also did you click through the update via the notification or push the new version over the top of the existing using the installers? It would be my suggestion to try to uninstall the old version first then deploy the new, see if that helps your situation.

Share this post


Link to post
Share on other sites

These PC's did not have previous issues with shutdown loops or shutdown times. The install was done via the notification. I do have a GP that was installing the old version but will probably roll it out one by one now due to this issue.

Share this post


Link to post
Share on other sites

I do not have a case open but wanted to let you know we have had 3 more PC's this morning stuck in the reboot loop. Same fix. Uninstall the MBARW client in safe mode. These are PC's that installed the client at least a couple days ago and had rebooted after that. Now they are having the issue. It has happened with both Windows 7 and 10.

Share this post


Link to post
Share on other sites

@djacobson It now looks like every PC we installed the new version of MBARW is having the reboot loop issue. It may not surface on the first reboot after the install.

Share this post


Link to post
Share on other sites

@BRAM email corporate-support@malwarebytes.com to open a case, we'll need more information specifically from your machines and do a deeper dive than what we can do here on the forum.

Share this post


Link to post
Share on other sites
1 hour ago, djacobson said:

@BRAM email corporate-support@malwarebytes.com to open a case, we'll need more information specifically from your machines and do a deeper dive than what we can do here on the forum.

Ok. I will open a case.

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.