Enpoint Protection Concern 2

[spnkzss]

Could someone please explain to me why the above thread was locked?  I am seriously trying to help get this product fixed and give a single location for what we find.  This also gives your company a single location to respond to what we are seeing.  I came in today to give an update (even possible solution) to what I have found.  I truly hope you all understand how that looks to lock a thread like this.  Especially with zero response from Malwarebytes.

 

So, what I came in here to say was:

My environment WAS the onsite server based solution.  I upgraded everyone to the cloud solution by  pushing the solution across the network using the Malwarebytes Discovery and Deployment Tool.  Now this part is speculation, but around the end of September (9/29ish), it seems to me that an update was pushed down to the clients from Malwarebytes.  This update did not update well on some of my clients.  I had a couple dozen offline, even though I knew they were online.  I also had quite a few that never did the scheduled scan even though they were definitely online during this time AND showed online in the portal.  Now, not speculation, what I did to resolve the issue, I went through every one of my clients in the portal and confirmed the last time they scanned (I have a daily scheduled scan setup).  I wrote down the ones that did not scan, especially the ones that still show up as online in the portal.  I also wrote down all the ones that were offline.  I then went to each machine on this new list, ran the mb-clean-3.1.0.1031 /cloud command.  Rebooted.  I then ran the mb-clean-3.1.0.1031 WITHOUT the /cloud.  1 in 5 needed to be rebooted again.  I believe this was finishing the clean up of the previous server based product.  I then reinstalled using the .msi for JUST the Endpoint product without the .NET.  They came back online.  I then told that client to scan and quarantine.  So far, all  have continued to be up and running and scanning appropriately for the last 4 days.

Assuming this thread is not closed, I will update if there is any further developments.

Rob

 

[IT_Guy]

They close the thread when they don't have any answers to provide and don't like where the discussion is headed. I'm guessing they will delete that thread and this one (as they have done before).

Frankly, uninstalling (using their software) 2-3x before being able to reinstall isn't a  solution to the problem, especially considering this doesn't solve the issue and may introduce other problems.

On machines I have done this on, sometimes they come back, sometimes they don't. Sometimes they come back and then go away again and don't come back. Sometimes this just introduces one of the other errors the software has.

The entire set of responses from MWB in regards to this software is very disappointing, this software was pushed out to the public prematurely and full of bugs. That sort of activity might seem OK for a video game studio where gamers don't care if there are bugs, but in a corporate IT environment, security/functionality should not be features that are going to be patched, they should be features that were guaranteed working long before the product was sold to the public.

If their solution to most of their problems is to remove their software, you'd expect that one of the first things they would fix would be the software's uninstall feature. At least the software is used so often that when you google mb_clean the download link is the first link to show up. I'd still rather be able to uninstall it without having to find other software and reboot multiple times before the Windows uninstaller works.

[spnkzss]

Can we PLEASE move this back to the other topic section.  I can understand moving it ot the Product comments and concerns, but the BIGGEST part of my topic is how to FIX the problems people are having.

[IT_Guy]

3 minutes ago, spnkzss said:

Can we PLEASE move this back to the other topic section.  I can understand moving it ot the Product comments and concerns, but the BIGGEST part of my topic is how to FIX the problems people are having.

This is the solution they give everyone on almost every thread, uninstall it with their special software (because they broke the Windows uninstaller) and then reinstall and see if it works. They don't care if your fix works because it's basically the only response they give anyway, other than could you please send them diagnostics to figure out why their software doesn't work.

 

Amazing this new world of IT where businesses pay to beta-test software for companies. Can't wait to see the blow-back when somebody running Endpoint Protection gets infected.

[KDawg]

@spnkzss

I want to apologize for that, I did not see any response to the support ticket we had open.

Additionally we do ask that suggestions, concerns, and feedback on the product are posted here. We try to keep the endpoint protection forums strictly as troubleshooting to resolve issues.

You are absolutely entitled to your opinions even that which is harshly critical, we have no interest in hiding from it I we just ask that feedback is kept to this forum.

I am unlocking the other thread please update that with the status of any current issues.

[spnkzss]

16 minutes ago, IT_Guy said:

This is the solution they give everyone on almost every thread, uninstall it with their special software (because they broke the Windows uninstaller) and then reinstall and see if it works. They don't care if your fix works because it's basically the only response they give anyway, other than could you please send them diagnostics to figure out why their software doesn't work.

 

Amazing this new world of IT where businesses pay to beta-test software for companies. Can't wait to see the blow-back when somebody running Endpoint Protection gets infected.

While I understand that this is what tech support basically tells you to do for everything, there is some more relevant information in this.  The fact that we upgraded the site.  The fact that I had to run the /cloud AND without the /cloud.  The fact that installing it with the .msi versus the full exe with .NET.  I could not get the install to work correctly with the .NET exe, it HAD to be the installer WITHOUT the .NET.

I also understand IT_Guy your frustration, as I am feeling all the same things you are, but as you can see my "fix" was not even seen by Malwarebytes because I believe all they are currently seeing is your frustration.  I truly do understand it, but I am concerned relevant information that may help someone else is getting clouded.

 

15 minutes ago, KDawg said:

@spnkzss

I want to apologize for that, I did not see any response to the support ticket we had open.

Additionally we do ask that suggestions, concerns, and feedback on the product are posted here. We try to keep the endpoint protection forums strictly as troubleshooting to resolve issues.

You are absolutely entitled to your opinions even that which is harshly critical, we have no interest in hiding from it I we just ask that feedback is kept to this forum.

I am unlocking the other thread please update that with the status of any current issues.

I do understand that you want to keep the protection forum strictly as troubleshooting, however the meat of my response, which I see you aren't even reading anymore and was apparently missed, was troubleshooting and don't believe the comment that I made about closing a thread was anywhere close to harshly critical.  I believe it was fairly well put.

I did not respond to the support ticket, because as others I wasn't going to try and troubleshoot an issue that was much larger for you guys.  I didn't have time.  I found some time to try a very specific set of steps that I wanted to share resolved the problem.  Where the frustration comes in, and this is where I am assuming some things because no one has claimed otherwise,  that on 9/30 a software update landed that broke a lot of clients and it was stuck in limbo which required a force uninstall.  Including uninstalling some of the past client because the upgrade didn't take that.  Now, if someone somewhere from Malwarebytes just came out and said "We pushed an update, it screwed things up, and we know this.  If you could please do x, y, and z, we should be able to resolve this and it shouldn't happen again" this whole situation would have gone completely different.  Mistakes happen, but when people.companies don't "own it", that's when people get angry.

[IT_Guy]

3 minutes ago, spnkzss said:

Where the frustration comes in, and this is where I am assuming some things because no one has claimed otherwise,  that on 9/30 a software update landed that broke a lot of clients and it was stuck in limbo which required a force uninstall.  Including uninstalling some of the past client because the upgrade didn't take that.  Now, if someone somewhere from Malwarebytes just came out and said "We pushed an update, it screwed things up, and we know this.  If you could please do x, y, and z, we should be able to resolve this and it shouldn't happen again" this whole situation would have gone completely different.  Mistakes happen, but when people.companies don't "own it", that's when people get angry.

THIS, is the part that is most frustrating, they have a broken product, try to fix it quietly and end up breaking it even more. So now the only solution available is to uninstall it and reinstall it. I really feel bad about the guy on here running 3000+ endpoints, if I had to go around and spend 30 minutes on each computer (because if its not reporting to the cloud you cant deploy it automatically) I would lose it.

There is no change log, no "latest" endpoint version to check (The current engine version seems to be 1.1.0.204, most of my endpoints that aren't showing up are stuck on 1.1.0.199), no information is being passed on to the endpoint Admins that something is being done, or something was done. You have to manually check through the cloud to see what endpoints are using what version.

As an Administrator, if something changes on my network, ESPECIALLY something to do with network security, I expect some sort of notification. Send me an email, set a notification in the cloud, SOME sort of communication should take place, I shouldn't be randomly browsing endpoint information before I notice a version has changed.