Jump to content
djacobson

Malwarebytes Cloud Platform Announcements

Recommended Posts

Check this thread for announcements regarding the Malwarebytes Cloud Platform. Information can also be found on our B2B KB page located here - https://support.malwarebytes.com/community/business

If you need technical help with your Malwarebytes Endpoint Protection, please contact our support team by creating a ticket on this portal - https://www.malwarebytes.com/support/business/#techhelp 

You can also dial your Malwarebytes Cloud product's bundled premium phone support line. The number is included with your purchase confirmation emails.

 

Edited by djacobson

Share this post


Link to post
Share on other sites

Malwarebytes cloud platform update - November 15, 2017 https://support.malwarebytes.com/docs/DOC-2260

We have recently performed a scheduled update to our Malwarebytes cloud platform. As a customer of this platform, we want to take a moment to familiarize you with the changes that were made.

New Features

  • Created new “Detections” page in the cloud console—combining the previous “Threats” and “Real-Time Protection” pages.
  • Added on-demand reporting—beginning with Detection Summary reports—that are generated in CSV format (additional reports coming soon):
    image1.png.32b25a7658ab41f5d2daf048197f50cc.png

Improvements

  • Completed multiple improvements to the cloud console user interface

  • Enhanced the cloud console “Dashboard” page to include Real-Time Protection data

  • Added additional information to detection details (with more to come in the future)

  • Extended the download timeout period up to 30 minutes for software installations to assist with slow network connections

  • Updated the end-user license agreement

  • Fixed: Addressed an issue discovered when moving large numbers of endpoints between groups

  • Fixed: Localized the Timestamp on the Quarantine page

  • Fixed: Unicode characters are now processed correctly in scan result data

Known issues

  • Web Protection will prevent web traffic for some customers who are connected to a VPN. For most customers, simply adding the VPN domain as an exception in the Malwarebytes cloud console resolves the issue. We are working on a resolution.

 

Our next platform update is scheduled for December 2017!

Edited by djacobson

Share this post


Link to post
Share on other sites

Offline Agents - 11.17.17

The Malwarebytes Support team is aware of an issue that is currently impacting some of our customers. Until this issue is resolved some endpoints may appear offline or have slow response time in the environment. Please be aware our engineering team is working on a resolution to this issue and will have it corrected soon. Thanks for your patience!

Share this post


Link to post
Share on other sites

255.255.255.255 False Positive Web Block - 11.20.17

The Malwarebytes Support team is aware of an issue that is currently impacting some of our customers. Until this issue is resolved by a database update, adding the 255.255.255.255 IP address to your Settings > Exclusions website exclusions will resolve notifications and blocks until we get this resolved shortly. Thanks for your patience!

Share this post


Link to post
Share on other sites

255.255.255.255 False Positive Web Block - fixed - 11.20.17

Check your signatures to make sure you have the version with this FP fixed.

MBAM 1.80 - 2.x: v2017.11.20.09
MBAM3: 1.0.3305

Share this post


Link to post
Share on other sites

255.255.255.255 False Positive Web Block - fixed - 11.20.17
Follow-up.

We confirmed that it was a false positive that we had on address 255.255.255.255. We have currently fixed this in the latest database. To make sure you on the latest database, please follow these steps:

For Malwarebytes Endpoint Security:

  1. Sign into the management console and go to the admin pane on the left.
  2. From here, go to the signature tab and click 'Update now'

Once it updates, your clients will slowly check in and receive the update.

For Malwarebytes Endpoint Protection:

  1. Log into the cloud console and navigate to the endpoints tab.
  2. From there, select all the endpoints affected and click on the 'actions' button in the upper right.
  3. Select the 'check for protection updates' button and your clients will reach out to our servers to get the latest update.

We do apologize for the inconvenience you experienced with this block.

Malwarebytes Support

Share this post


Link to post
Share on other sites
Holiday Coverage Notification

Malwarebytes will have reduced staffing through Monday November 27th 2017. As a result, response times may be delayed. We appreciate your patience and thank you for choosing Malwarebytes.

Share this post


Link to post
Share on other sites

Offline Agents - 11.28.17

The Amazon AWS Super Queue Service utilized by MBEP is having long queue times, causing some clients to show as offline in the Malwarebytes cloud platform. The issue is temporary, machines will come back online as the AWS SQS service catches up.

Quick info on how Amazon AWS SQS works - https://aws.amazon.com/blogs/aws/sqs_super_queue/

Share this post


Link to post
Share on other sites

Console slowness, 504 errors and offline agents - 12.1.17

Amazon AWS Retina API running near 100% memory utilization. Cloud admins may experience slowness, inability to load console, offline agent condition likely as well. Issue is under investigation.

Share this post


Link to post
Share on other sites

Console slowness, 504 errors and offline agents - 12.1.17 - fixed

Issue identified, event caused by sudden increase in traffic for agent results, many times more than the standard traffic. Situation has normalized and consoles should start becoming accessible again, clients which dropped offline during this event should start coming back online as of 1pm PST.

Share this post


Link to post
Share on other sites

Malwarebytes Issue Notification - Login issues

Some users may be unable to login. Active users are able to continue using the console. Issue is under investigation.

Share this post


Link to post
Share on other sites

Malwarebytes cloud platform update - December 18, 2017

Malwarebytes updated our cloud platform on Dec 18, 2017 at 8:00PM EST / 5:00PM PST. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

New Features:

Added exclusion support for Exploit Protection in Malwarebytes Endpoint Protection: This enables administrators to enter the MD5 hash of a file they’d like excluded from protection. Click on the Settings tab in the cloud console, choose Exclusions, select New, then scroll down and click the circle for “Exclude a file from Exploit Protection (Windows)” and type in the desired MD5 hash:

Added new on-demand reports for Quarantine and Endpoint summaries: Administrators can request a CSV format export of quarantined items and endpoint records for the previous 24 hours, 7 days, or 30 days. Click on the Reports tab in the cloud console, then click the “Generate Now” link for the desired report. The request is placed into a queue for processing. When the report is ready, an email with a link is sent to the requestor’s email address allowing them to download the desired report:

Added support for nested Groups: This provides administrators the flexibility to create an organizational structure in the cloud console that reflects their real-world environment (e.g., different businesses, business units, departments, locations). Click on the Settings tab in the cloud console, choose Groups, then click on the Add button. Type in the new Group Name, select the security policy for this group, and select the box to nest this group within an existing group

Added a scan progress dialogue window for Malwarebytes Endpoint Protection: When a user initiates a Threat Scan, they will see the details of all scan phases, files being scanned, number of items being scanned, elapsed time, and threats identified on their endpoint. They also have the option to cancel their Threat Scan in this dialog window

Improvements:

 Display selected Detection Details and Quarantine Details in their own modal dialog window

 Added new detection data fields within Detection Details (where applicable) for the group name the endpoint belongs to, IP address, and port number

 Enhanced cloud console Endpoint page by converting the list of Group names to a simple drop-down selector with filter capabilities:

 Updated Malwarebytes Discovery and Deployment Tool to warn if disk space is unavailable for installation on remote endpoint (To be released on 12/20)

 Updated Malwarebytes Discovery and Deployment Tool to display an error if download server cannot be reached (To be released on 12/20)

 Reduced Endpoint Agent error logging to only log unrecoverable errors

 Fixed: macOS tray icon tool tip doesn’t reflect policy setting

 Fixed: Inconsistent verbiage when no threats or infections are found in the console

 Fixed: Renamed “NebulaAgent” to “EndpointAgent” in macOS logs to maintain convention

 Fixed: Incorrectly formed exclusions prevent subsequent exclusions from being applied

 Fixed: Endpoint Agent Tray exceptions when switching between user accounts while an active scan is running

 Fixed: User-initiated scan UI Time Elapsed field resets when logging into a different user account

 Fixed: Visio 2010 uninstall string causes installed software list to not populate correctly

 Fixed: Malwarebytes Discovery & Deployment Tool would show a failure even if the agent was successfully installed

 Fixed: macOS handling of GMT (+0000) time

 Fixed: Web Protection will prevent web traffic for some customers who connected to a VPN. If you experience issues, please contact Malwarebytes Customer Success team with your VPN details for assistance

 Fixed: If an exclusion was entered incorrectly, the Endpoint Agent would ignore any subsequent exclusions

Known Issues:

 We are not currently listing the MD5 hash for processes that Exploit Protection detects. In order to add an Exploit Protection exclusion, administrators must calculate their own MD5 hashes.

Our next cloud platform update is scheduled for January 2018.

Share this post


Link to post
Share on other sites

Nebula downtime 12/20/17, 10pm ET

Configuration changes to production planned for tonight at 10:00pm ET. This will require multiple backend services restarts, which will result in downtime. During this time you will see the maintenance page when navigating to cloud.malwarebytes.com. Protection functionality will still be active and scheduled scans will continue to run.

Share this post


Link to post
Share on other sites

Upgrade reboot loop

The Malwarebytes Support team is aware of an issue that is currently impacting some of our customers. When upgrading from the earlier release to the December release, some customers are continuously receiving restart messages to complete the upgrade, even after restarting multiple times. Please be aware our engineering team is working on a resolution to this issue. If you have been impacted by this issue please follow the steps below to rectify:

1. Stop Malwarebytes Endpoint Agent Service
2. Uninstall Malwarebytes 3.3.2 from appwiz.cpl (add/remove programs)
3. Install Malwarebytes 3.1.8 using the installer in this box link: https://malwarebytes.box.com/s/21p0wuszmymn9vri8lkkxdz131zpwnwr
4. Start Malwarebytes Endpoint Agent Service

We apologize for this inconvenience and thank you for your patience!

Share this post


Link to post
Share on other sites

Cloud platform scheduled maintenance for January 11, 2018 at 8pm ET

We want to make you aware that on Thursday, January 11th at 8pm ET, there will be a scheduled down time for approximately two hours. We will be using this time to update the Malwarebytes cloud platform. During this time frame, endpoints will continue to be protected and scheduled scans will continue to run.

Thank you for your patience while we continue to improve our platform!

Share this post


Link to post
Share on other sites

Malwarebytes Cloud Console Issue Notification

The Malwarebytes Support team is aware of an issue that is currently impacting some of our customers. We have had customers contact support with servers consuming high amount of resources, high CPU usage or MBAMService.exe getting hung up. Our Engineering team is researching the cause of this issue and working to resolve. We apologize for this inconvenience and thank you for your patience!

Edited by djacobson

Share this post


Link to post
Share on other sites

Cloud platform scheduled maintenance for February 8, 2018 at 8pm ET

We want to make you aware that on Thursday, February 8th at 8pm ET, there will be a scheduled down time for approximately three hours. We will be using this time to update the Malwarebytes cloud platform. During this time frame endpoints will continue to be protected and scheduled scans will continue to run.

New Features:  

  • Added option for end users to perform context menu scans: Users can scan files on their Windows computer by right-clicking on the desired file(s) and selecting "Scan with Malwarebytes". This gives end users the power to scan any file they deem suspicious or out of an abundance of caution. Administrators must enable this optional feature in policy by toggling "Show Malwarebytes option in context menus (Windows only)" to ON:

 

0218-gonzo-update-ss00.jpg

0218-gonzo-update-ss01c

  • Added scheduled reporting: Administrators have the option to automatically receive an email for any desired report-providing them with daily, weekly, and monthly reports proactively in their inbox. Click on the Reports tab in the cloud console, click on Scheduled, select one or more reports, and click the Save Changes button. The CSV formatted report will be delivered once report generation is complete, based on the chosen frequency:

0218-gonzo-update-ss02.png

Improvements:  

  • Added "MD5" and "Affected Application" fields to Detection Summary report
  • Added product Version and Protection Update fields to Agent Info within Endpoint Overview
  • Endpoint name now deep links to its' Endpoint Overview screen from the Detections, Quarantine, Events, and Tasks tabs
  • Updated Forgot Password page–now email address field is in focus when navigating there
  • Updated cloud console to display an event when an end user postpones a required reboot
  • Updated Quarantine page so that items identified by Real-Time Protection will no longer show zeros for the Scan ID
  • Fixed: If an endpoint was powered down ungracefully (i.e., power outage) while a scan was running, a configuration file could become corrupted
  • Fixed: 100% CPU spike if an endpoint administrative user forcefully kills the Malwarebytes tray process when the Self-Protection Module is enabled
  • Fixed: Customers migrating from legacy Malwarebytes products (including Malwarebytes Anti-Malware v1.6, Malwarebytes Anti-Exploit v1.08, and Malwarebytes Management Console v1.6) will require 2 reboots in a row to complete the installation
  • Fixed: Some customers who have already migrated from legacy Malwarebytes products were stuck in a reboot loop during the last cloud update due to legacy products leaving behind orphaned registry keys
  • Fixed: Running Sysprep with the Malwarebytes Endpoint Protection agent installed fails. The workaround is to stop the Endpoint Protection agent tray process before launching Sysprep
  • Fixed: Detections that are found, but not quarantined, are not being counted in the Detection History tile on the Dashboard page–however, the Number of Detections chart on the Dashboard page is counting them correctly
  • Fixed: Exploit Protection doesn't start on Windows XP

Known Issues:  

  • When attempting to scan a shortcut file, the scan is not following the shortcut to the root file. Users can work around this by scanning the actual file(s) rather than the file's shortcut.

Share this post


Link to post
Share on other sites

March 8th Release

 

New Features:   
  • Added macOS support for Malwarebytes Endpoint Protection. Now businesses can centrally deploy and manage Malwarebytes Endpoint Protection across all of their Windows and macOS endpoints. Administrators can apply real-time protection via policy setting and perform manual on-demand scans and schedule automated threat scans of macOS endpoints-all from the cloud console:
0318-hugga-wugga-update-ss00.png 
 
  • Added option within policy setting that allows Mac end users to initiate on-demand scans:
0318-hugga-wugga-update-ss01.png 

0318-hugga-wugga-update-ss02.png
  • Added a "Seats in Use" counter to the License Information tab of the My Account section of the cloud console. Together with Term type (Evaluation or Subscription), Seat Count, Status (Active, Grace, Expired), and Expiration Date-administrators now can see how many seats are being used toward their subscription license:
0318-hugga-wugga-update-ss03.png 
  • Added hourly scan options for scheduled scans. This allows businesses to scan more often than just daily or weekly to detect threats and reduce potential threat dwell time:
0318-hugga-wugga-update-ss04.png 
Improvements:  
  • Updated the Endpoint Properties page and My Account section of the cloud console with horizontal tabs to match ongoing UI improvements:
0318-hugga-wugga-update-ss05.png 
  • Added Protection Update version for Endpoint Protection to the Asset reports
  • Updated Reboot Options in policy setting so they now apply to installation , updates, uninstallation, and detection removal
  • Updated Threat Cleaned email notification to include "Scan Type", a deep link to the Scan Report, and a deep link to the Group that the endpoint belongs to
  • Updated and reorganized the Add Endpoint page (within Endpoints tab) to the new UI look and feel:
0318-hugga-wugga-update-ss06.png 
  • Replaced scrolling records throughout the cloud console with pagination (default of 25 records)
  • Added audit event that is logged in the Events tab of the cloud console when a Scheduled Report is generated
  • Renamed "OS Platform" to "OS Version" (i.e., "Windows") and renamed "OS Release Name" to "OS Friendly Name" (i.e., "Microsoft Windows 10 Pro") within Endpoint Properties page and reports
  • Updated the Endpoint Properties page so that if an OS Version is not available, the UI will now display "Unknown"
  • Fixed: Quarantine page displays old quarantined items on top of the list
Known Issues:   
  • Endpoint Protection for Mac: Shows enabled/disabled notification even if tray icon is not present
  • Endpoint protection for Mac: Scan History tab does not get information populated if threat scan does not detect any threats
  • Endpoint Protection for Mac: Protection update version is reporting SDK version instead of DB version in Scan History, not reporting in Endpoint Details
  • Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints is in GMT and not the web browser's locale
  • Endpoint Protection for Mac: Free Physical memory is being reported as "0" in the Overview tab of Endpoint Properties

Our next cloud platform update is scheduled for April 2018. If you have any questions, please visit the Malwarebytes Support Website. 

Thank you for being a valued Malwarebytes customer! 

The Malwarebytes Product Team 

Share this post


Link to post
Share on other sites

Malwarebytes cloud console – Scheduled Downtime

The Malwarebytes cloud console is scheduled to apply back-end optimizations on March 24, 2018 at 8:00am EST / 5:00am PST. We anticipate up to 6 hours of console downtime to complete this update. During this time, your endpoints will continue to run scans on schedule and protect as configured by policy. Any scan data will be queued on the endpoint and transmitted to the cloud console once services are restored.

Share this post


Link to post
Share on other sites

Cloud platform update for April 12th, 2018 at 8pm ET / 5pm PT

 

New Features:

  • Added Syslog support. Now the Malwarebytes cloud console can transmit detections with Syslog servers and SIEM solutions capable of receiving Syslog messages. This allows organizations to centralize Malwarebytes’ threat detections with their existing threat data. All of this is accomplished without the need to install any additional software. Administrators can enable Syslog support by clicking on the Settings tab in the cloud console, select Syslog Logging, and then pick an existing Windows endpoint to be the communication proxy. Syslog Settings include specifying the IP address/host, port, and protocol along with options for message severity and communication interval (default 5 minutes)

 

Improvements:

  • Updated and redesigned Policies page to improve usability and match ongoing UI improvements. Policy settings are now feature-based vs. product-based:
  • Updated Policies page to inform Malwarebytes Incident Response customers of features available with Malwarebytes Endpoint Protection:
  • Enhanced Detection notification emails to include additional information about detections
  • Events are now recorded for Scheduled Scans, regardless if the scans were successful or failed
  • Added text field validation (character count) in Policies for custom reboot messages
  • Improved pagination performance for organizations with thousands of paginated pages of data
  • Fixed: Tray icon would not appear for some users of Terminal Services
  • Fixed: When a modal dialogue was open and an automatic log-out occurred, the modal was still visible
  • Fixed: Some administrators were receiving their scheduled reports twice
  • Fixed: Advanced Anti-Exploit settings dialog was saving changes even when the dialog was dismissed or canceled
  • Fixed: Upon logging into the console, a large number of “Unable to retrieve one or more dashboard data summaries” errors were displayed
  • Malwarebytes Endpoint Protection for Mac: Not sending up Agent Information


Known Issues:

  • The tray icon is not visible for the builtin\Administrator user on Windows platforms
  • Malwarebytes Endpoint Protection for Mac: Non-administrative users are unable to interact with the tray icon
  • Malwarebytes Endpoint Protection for Mac: Scheduled scans can be triggered incorrectly
  • Malwarebytes Endpoint Protection for Mac: For scans initiated from the endpoint, the cancel button loses focus
  • Malwarebytes Endpoint protection for Mac: Scan History tab does not get information populated if threat scan does not detect any threats
  • Malwarebytes Endpoint Protection for Mac: Shows enabled/disabled notification even if tray icon is not present
  • Malwarebytes Endpoint Protection for Mac: Protection update version is reporting SDK version instead of DB version in Scan History, not reporting in Endpoint Details
  • Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints is in GMT and not the web browser’s locale
  • Malwarebytes Endpoint Protection for Mac: Free Physical memory is being reported as “0” in the Overview tab of Endpoint Properties

 

Our next cloud platform update is scheduled for May 2018.

Share this post


Link to post
Share on other sites

Scheduled Downtime - Malwarebytes cloud platform update - June 14, 2018

Malwarebytes is scheduled to update our cloud platform on June 14, 2018 at 8:00PM EST / 5:00PM PST. We anticipate less than 3 hours of downtime to complete this update. New product announcement, new features, improvements, known issues are detailed here - https://support.malwarebytes.com/docs/DOC-2554

Share this post


Link to post
Share on other sites

Malwarebytes cloud platform update - July 19, 2018

Malwarebytes is scheduled to update our cloud platform on July 19, 2018 at 8:00PM EST / 5:00PM PST.  We anticipate less than 4 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

 

New Features

  • Added easy access to contextual threat information. When viewing detection details, an administrator can click on the detection name (which opens a new browser tab to a Malwarebytes Labs resource) to gain additional background and insights on the threat:
    cloud-july-2018.png

 

Improvements

  • Relocated the “Add Endpoints” link to a new dedicated page in the main navigation of cloud console

  • Added new link to the Malwarebytes Business Support webpage - administrators can access it by clicking on their logged-in user name in the top right corner of the cloud console
  • Renamed “My Account” page to “Profile” to reduce confusion with the Malwarebytes My Account customer account platform
  • Added the license key for subscribed products to the License Information tab within the user’s Profile page
  • Added capability for Endpoint Agent plugins to resume downloading if interrupted – beneficial for customers with very slow Internet connections
  • Added the administrator’s IP address within User Invited events when new users are added to the console
  • Added new event types for Endpoint Remediation Success and Endpoint Rollback Success for Malwarebytes Endpoint Protection and Response
  • Addressed anti-ransomware technology issues for Windows Server and will be enabled based on Policy setting
  • Updated Syslog Logging feature so that when an administrator adds, removes, disables, or enables the Syslog Communication Endpoint it will now create an Event
  • Table headers now remain visible when scrolling down on paginated pages
  • Improved header messaging that appears when selecting multiple items in a table (e.g., Manage Endpoints, Quarantine)
  • Improved validation for Policy form fields
  • Changed “Ransomware Protection” label in Policy Settings to “Behavior Protection”
  • Improved Detections page so that Location ellipses will truncate the middle portion of the path
  • Fixed: Endpoint Agent emitted excessive errors to the Windows log when an excluded file path did not exist on an endpoint
  • Fixed:Endpoint Protection for Mac - If a scan was triggered imminently after endpoint agent installation but before the Endpoint Protection plugin was fully installed and loaded, the agent would be stuck in a “busy” state
  • Fixed: Endpoint Protection for Mac - Scheduled scans are no longer triggered incorrectly
  • Fixed: Endpoint Protection for Mac - Now sends up Agent Information
  • Fixed: Endpoint Protection for Mac - Protection Updates version was reporting SDK version instead of DB version in Scan History, was not reporting in Endpoint Details
  • Fixed: Endpoint Protection for Mac - Non-administrative users are now able to interact with the tray icon
  • Fixed: Endpoint Protection for Mac - User interface now stays minimized during on-demand scans if initiated from endpoint
  • Fixed: Endpoint Protection for Mac - Endpoint Protection plugin will no longer get stuck in "busy" state if a scan is triggered immediately after startup 
  • Fixed: Endpoint Protection for Mac - Free Physical memory is being reported as "0" in the Overview tab of Endpoint Properties

 

Known Issues

  • User Verified account notifications are not getting emailed to administrators
  • Windows Server 2008 scans crash when scanning .lmk files
  • Sysprep can fail to run with Self-Protection enables in the policy
  • Within the Endpoint Properties pages under the Detections tab, the Action Taken and Category dropdowns are cut off
  • Modal windows are showing an unnecessary scroll bar
  • Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays "Pending Remediation" 
  • Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
  • Endpoint Protection for Mac: Timestamps in Scan History Tab for macOS endpoints are in GMT, and not the web browser's locale
  • Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install

 

Our next cloud platform update is scheduled for August 2018.

Share this post


Link to post
Share on other sites

Malwarebytes cloud platform update - August 16, 2018

New Features

  • Malwarebytes cloud platform now supports role-based access control (RBAC). We’ve made RBAC extremely easy, enabling administrators to rapidly protect console access and data with the appropriate role according to their assigned Groups. Super Admin, Administrator, and Read-Only roles satisfy the majority of business use cases:
    • Super Admin users have full access to all Groups and features within the cloud console. Only Super Admin users can add, modify, or delete global Exclusions. All existing users have been converted to Super Admin users.
    • Administrator users have access to everything within the cloud console per their Group-level access, except for editing global settings.
    • Read-Only users can view all information within the cloud console per their Group-level access but cannot make any changes and are not authorized to use the Discovery & Deployment Tool. They can generate Reports and opt-in to receive Notifications.

0818-nebula-update-hogthrob-00.png

  • Malwarebytes cloud platform now supports single sign-on (SSO) with popular SAML 2.0 identity providers (including Okta, OneLogin, and Azure). When enabled, administrators can easily and securely connect to our Malwarebytes cloud console using unsolicited SSO via a single identity provider they’ve already provisioned. Administrators using the Malwarebytes cloud console are automatically logged in using the same SSO tool they currently use to access other applications throughout the day:

0818-nebula-update-hogthrob-01.png

  • New advanced deployment option: Active Directory. The Malwarebytes cloud platform Discovery and Deployment (D&D) Tool has been updated with a new Active Directory (AD) integration which supports advanced deployments. This updated D&D Tool connects with the customer’s AD to discover and map the organizational unit (OU) structure of the customer’s AD and use that to instruct which endpoints belong to all the different parent OUs and child OUs. When endpoints connect to the Malwarebytes cloud console, they are automatically added into their appropriate Group thanks to the D&D Tool’s mapping process:

0818-nebula-update-hogthrob-04.png

  • New advanced deployment option: custom Group installation parameter. Endpoints can now be automatically assigned to a custom Group during installation thereby enabling rapid deployment across the enterprise. When an admin installs using manual (e.g., via command line interface) or scripted deployment methods (e.g., via GPO, SCCM, PDQ) they may now specify a Group ID parameter to identify the Group the endpoints should belong to within the cloud console. If a Group ID is not set, is unspecified, or is incorrect (e.g., typo, doesn’t exist)—then the default Group will be used.
  • [For Malwarebytes Endpoint Protection and Response customers] Malwarebytes cloud console now features a Process Graph. This provides administrators with greater visibility into Suspicious Behavior across their endpoints. Administrators can click on the Suspicious Behavior page in the cloud management console, select an item to inspect and then click on any of the icons to see visual details of the process, network, filesystem, and registry activities that caused the Suspicious Activity event. This additional context enables administrators to make better-informed remediation decisions:

0818-nebula-update-hogthrob-05.png

Improvements

  • Quarantined items for endpoints which have been deleted/uninstalled will no longer persist in the web console
  • Malwarebytes Endpoint Protection and Response now supports Windows 7 platforms
  • Added support for Mac end users to easily generate diagnostic logs by using <Control + Click> on the Malwarebytes icon
  • Updated Policy label format to be consistent
  • Some customer environments require additional time starting system services on boot
  • Fixed: Pagination would sometimes display negative counts
  • Fixed: Free memory is incorrectly reported for Mac endpoints
  • Fixed: The Deployment and Discovery tool shows installation success when the installation fails due to needed .NET upgrade
  • Fixed: Some users are not receiving all of their daily scheduled reports
  • Fixed: If the Endpoint Agent service has to wait too long for other system services to start, Windows kills it
  • Fixed: Discovery and Deployment tool doesn’t show more than 1000 results when AD scan is used

Known Issues

  • Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
  • User Verified account notifications are not getting emailed to administrators
  • Windows Server 2008 scans can crash when scanning .lmk files
  • Sysprep can fail to run with Self-Protection enabled in the policy
  • Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off
  • Modal windows are showing an unnecessary scroll bar
  • Malwarebytes Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
  • Malwarebytes Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
  • Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
  • Malwarebytes Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install


Our next cloud platform update is scheduled for September 2018.

Share this post


Link to post
Share on other sites

Malwarebytes cloud platform update - September 13, 2018

Malwarebytes is scheduled to update our cloud platform on September 13, 2018 at 8:00PM EST / 5:00PM PST.  We anticipate less than 3 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

New Features

  • None

Improvements

  • For Malwarebytes Endpoint Protection and Response only - Added granular Endpoint Isolation options, enabling administrators to specify one or more isolation methods to be applied to the selected endpoint. By default, all three isolation types will be selected:
    page1image1750976
     
  • Added Malwarebytes AdwCleaner for use and download from the “Add Endpoints” page within the cloud console. Please note this is an unmanaged solution:
    page2image1773824
     
  • Added capability to use shift key + mouse click to select ranges of items for tables that allow batch actions.

  • Updated Malwarebytes tray icon so that end users who are permitted by policy to initiate scans can bring their minimized scan progress window back into focus by simply double-clicking on the Malwarebytes tray icon.

  • Changed the Malwarebytes Self-Protection Module so it’s enabled bydefault for all new customer accounts. This setting controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. Enabling this setting introduces a one- time delay as the Self-Protection Module is enabled. While not a negative, the delay may be considered undesirable by some end users. We strongly recommend existing customers enable this setting in their security policies.

  • Added a loading spinner animation while paginating through large sets of data.

  • Removed Anti-Exploit shield from Chrome due to Google’s new policyagainst code injection into Chrome.

  • Extended the timeout toggle for “Remote Assistance” to 4 hours.

  • Updated Syslog Communication feature so that the designated endpoint cannot be uninstalled using the Deployment & Discovery tool unless it’s first unselected within the Syslog Communication setting. This prevents administrators from inadvertently losing syslog messages. Before removing an endpoint, Malwarebytes cloud administrators will need to first disable Syslog Communication in the console or promote a different endpoint

  • Fixed: Malwarebytes Single Sign-On settings page styling and page scroll.

  • Fixed: Read Only users can log into the Deployment & Discovery tool.

  • Fixed: Could not edit a user’s email address if the user account has not been verified.

  • Fixed: After Endpoint Agent upgrades, some .zip files under ...\windows\temp are not deleted.

  • Fixed: Filter options on the Endpoints and Detections pages are sometimes cut off abruptly.

  • Fixed: For Malwarebytes Endpoint Protection and Response only - Several bugs were impacting administrator’s experience interacting with

    the Process Graph feature.

  • Fixed: For Malwarebytes Endpoint Protection and Response only – Reset the network adapter on the endpoint to enforce network isolation.

  • Fixed: For Mac endpoints, the “Check for Protection Update” action does not update the “Last Refreshed” attribute on first run.

  • Fixed: Endpoints could not be moved to a different group when selected using the “Select All” checkbox.

  • Fixed: Windows Server 2008 scans can crash when scanning .lmk files.

  • Fixed: User Verified account notifications are not getting emailed to administrators.

  • Fixed: Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off.

  • Fixed: For Malwarebytes Endpoint Protection for Mac only - Scans are occurring every hour, regardless of what the scheduled scan interval is set to.

 

Known Issues

  • Exclusions that have been entered with short file name paths such as“c:\progra~2\” are not being applied.

  • Modal windows are showing an unnecessary scroll bar.

  • For Malwarebytes Endpoint Protection and Response only - When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”.

  • For Malwarebytes Endpoint Protection for Mac only - Scan History tab does not get information populated if Threat Scan does not detect any

    threats.

  • For Malwarebytes Endpoint Protection for Mac only - Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web

    browser’s locale.

  • For Malwarebytes Endpoint Protection for Mac only - Endpoint Agent does not report update_package_version on fresh Endpoint Protection install.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.