Jump to content

Recommended Posts

Malwarebytes is scheduled to update our cloud platform on October 18, 2018 at 8:00PM EST / 5:00PM PST. We anticipate less than 3 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

 

With this latest update we’re proud to announce that we’ve enhanced administrators’ visibility and interaction throughout the cloud management console, providing additional insight. This makes it even easier for you to immediately respond to alerts and manage events. Malwarebytes Endpoint Protection and Response customers also benefit by seeing the exact behaviors and rule(s) which triggered a cloud sandbox detection.

 

New Features

  • Malwarebytes cloud console now features endpoint status icons in the Manage Endpoints page. This allows administrators to take immediate action by clicking directly on the icons. You can see when an endpoint restart is needed, if remediation is required, or if any suspicious activity is detected on that endpoint (for Malwarebytes Endpoint Protection and Response).
    • Hovering over an icon provides additional info, and clicking on the icon presents specific actions you can take:
      2018-10-12_14-15-32.png
       
    • Endpoint status icons are also displayed when viewing the details of an individually selected endpoint:
      2018-10-12_14-16-54.png
       

    • This is the full list of endpoint status icons:
      2018-10-12_14-19-13.png
       

Improvements

  • For Malwarebytes Endpoint Protection and Response only: Updated the Suspicious Activity Details page to display an expanded set of rules triggered when making cloud sandbox detections. This provides administrators with greater context of why a cloud sandbox detection was made on a suspicious file or process:
    2018-10-12_14-21-18.png
     
  • For Malwarebytes Endpoint Protection and Response only: Updated the Process Graph details pane. This allows administrators to click on Activities links and see specific file operation details, including File Rename, File Write, Set Security, Registry Set Value, Net Connect Inbound, and Net Connect Outbound activities:
    2018-10-12_14-22-16.png
     
  • For Malwarebytes Endpoint Protection and Response only: Granular Endpoint Isolation is now supported for Windows Server 2008 R2, Server 2012 R2, and Server 2016 allowing businesses to remotely isolate servers for further investigation

  • For Malwarebytes Endpoint Protection and Response only: Updated the Remove Endpoint Isolation notice to specify the endpoint name

  • Added capability for end users to enable/disable debug logging from the tray icon using ctrl + right click, and via command line

  • Fixed: For Malwarebytes Endpoint Protection and Response only – BSOD with SamSam ramsomware variant on

    Windows10x86

  • Fixed: Not cleaning up all temp files in c:\Windows\Temp

  • Fixed: For Malwarebytes Endpoint Protection and Response only – Some suspicious activities viewed in Process Graph returned Error 500 and other general improvements needed

  • Fixed: For Malwarebytes Endpoint Protection for Mac only – Error appearing in logs: ERROR WebServiceStore: remove: request.guid=...

  • Fixed: For Malwarebytes Endpoint Protection and Response only – Yes button in the dialog box for Lock icon status indicator doesn’t work

  • Fixed: For Malwarebytes Endpoint Protection for Mac only – Endpoint Agent does not report update_package_version on fresh Endpoint Protection install

 

Known Issues

  • Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
  • Modal windows are showing an unnecessary scroll bar
  • For Malwarebytes Endpoint Protection and Response only: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
  • For Malwarebytes Endpoint Protection for Mac only: Scan History tab does not get information populated if Threat Scan does not detect any threats
  • For Malwarebytes Endpoint Protection for Mac only: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
  • All Malwarebytes scans will inspect archived files regardless of the policy setting
  • In some cases, when a reboot prompt is shown, the reboot timer may reset with a 1-minute countdown
  • When administrators reboot endpoints from the cloud console, if the initial reboot task has not completed subsequent reboot commands are queued rather than replacing the initial reboot command (this would result in multiple reboots executing)
  • When administrator chooses “Restart Immediately” option in the Restart Options dialog, end users are still allowed to postpone the reboot even though the “Allow user to postpone” option is grayed out. Current workaround involves selecting the “Restart in ___ minutes” radio button, unchecking the “Allow user to postpone” checkbox, then select the “Restart Immediately” radio button and click the blue Restart button
  • Clicking on the Remediate button causes the Remediation Required indicator to lose its badge on hover and on click behavior— nothing happens on click (should give you the option to view details) and nothing happens on hover (should show "Remediation Pending"). This issue is resolved by refreshing the browser
  • Memory and storage objects in endpoint properties are not visible until the page is refreshed

 

Our next cloud platform update is scheduled for November 2018.

Link to post
Share on other sites

  • 1 month later...

Malwarebytes is scheduled to update our cloud platform on November 29, 2018 at 8:00PM EST / 5:00PM PST. We anticipate less than 3 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available.

With this latest update, we’re continuing to improve our cloud platform for greater scalability and detection efficiency. These features also provide simplified management of common, everyday tasks to save time, while also providing granularity needed for businesses with complex security requirements.
 

New Features

  • Malwarebytes cloud console now features new user experience improvements for the Exclusions page along with enhanced capabilities. This provides administrators with visibility into exclusion status and enables them to temporarily disable exclusions—saving the previous effort and time spent permanently deleting the exclusion for testing purposes.
    • In a single view, administrators can see whether an exclusion is enabled, the name, the exclusion type, the admin user who last updated it, when it was updated, and the protection technology layers applied to that exclusion:

Picture1-1.png

  • Exclusions were globally applied across all of our layers of protection technology. Now, you can control which layers the exclusion will be applied to and visually see at a glance which layers have been affected via icons in the “Applied To” column on the Exclusions page. Additionally, you can add an optional comment or description for the exclusion:

Exlusions-OZ.png

  • Added ability to automatically exclude commonly detected potentially unwanted modifications (PUMs). Malwarebytes detects Windows registry changes caused by common Group Policy Objects as PUMs. Enabling this feature automatically excludes 18 registry keys. This ensures our protection capabilities do not interfere with common business applications or operating practices:

Picture3.png

 

Picture4.png

  • Added an endpoint interface option that, when enabled, places shortcuts in the Start Menu and on the Windows desktop of the end-user’s computer. This empowers your users with additional methods to run Threat Scans on their Windows device:

Picture5.png

  • [For Malwarebytes Endpoint Protection and Response only]: Added an aggressive detection mode policy option for Suspicious Activity. This setting is ideal for businesses with an extremely conservative security posture. We recommend administrators only enable this setting for their most sensitive endpoints:

Picture6.png

 

Improvements

  • [For Malwarebytes Endpoint Protection and Response only] Customers with Syslog Logging enabled, Suspicious Activity detections will now be included in your syslog messages
  • Changed our unmonitored email address from no-reply@cloud.malwarebytes.com to do_not_reply@cloud.malwarebytes.com to reduce the chance of Malwarebytes cloud console emails being flagged as spam
  • Fixed: [For Malwarebytes Endpoint Protection and Response only] – When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
  • Fixed: The Deployment and Discovery tool would throw a 504 error when importing Active Directory groups that contained a large number of endpoints
  • Fixed: Some temporary files were being left behind after installation or endpoint agent updates
  • Fixed: Customers with large number of endpoints were unable to sort by “Last Seen At” on the Manage Endpoints page
  • Fixed: In some cases, when a reboot prompt is shown, the reboot timer sometimes reset with a 1-minute countdown

 

Known Issues

  • Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
  • Modal windows are showing an unnecessary scroll bar
  • [For Malwarebytes Endpoint Protection for Mac only]: Scan History tab does not get information populated if Threat Scan does not detect any threats
  • [For Malwarebytes Endpoint Protection for Mac only]: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
  • All Malwarebytes scans will inspect archived files regardless of the policy setting
  • When administrators reboot endpoints from the cloud console, if the initial reboot task has not completed subsequent reboot commands are queued rather than replacing the initial reboot command (this would result in multiple reboots executing)
  • When administrator chooses “Restart Immediately” option in the Restart Options dialog, end users are still allowed to postpone the reboot even though the “Allow user to postpone” option is grayed out. Current workaround involves selecting the “Restart in ___ minutes” radio button, unchecking the “Allow user to postpone” checkbox, then select the “Restart Immediately” radio button and click the blue Restart button
  • Clicking on the Remediate button causes the Remediation Required indicator to lose its badge on hover and on click behavior—nothing happens on click (should give you the option to view details) and nothing happens on hover (should show "Remediation Pending"). This issue is resolved by refreshing the browser
  • Memory and storage objects in endpoint properties are not visible until the page is refreshed
  • The Endpoint Agent can fail to initialize when using the GROUP ID parameter that has an incorrect format
  • [For Malwarebytes Endpoint Protection for Mac only]: Check for Protection Updates action does not update "Last Refreshed" on first run


Our next cloud platform update is scheduled for January 2019.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.