Meltdown Mitigation

[IT_1152 0]

Is Malwarebytes Endpoint Protection compatible with the Microsoft issued patch to mitigate the recent Meltdown exploit?

see https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released for additional information.

[nethru 0]

Not seeing it in this list yet.

 

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

[Munchkin 0]

I have the same question. Found a Malwarebytes Lab blog about Meltdown but doesn't appear to give any indication as to whether Malwarebytes has compatibility issues or not.

https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/

[ClimbGuy 0]

Also wondering the same.  Can we install this windows patch without receiving the warned about bsod potential?

[nethru 0]

right now with MB installed seems you can only do it manually if you wanted.  Auto update will not install the patch based on the REGKEY not being present that AV vendors are supposed to be pushing once they are compatible.  One guy mentioned he did it without any issues but still a bit scared to do it myself.

[djacobson 0]

I don't have an answer right now, regression testing is still underway.

The update for MB3 based products, to allow the registry needed to be created, was released on Jan 4th. To be absolutely clear, all of our products are, and have been, compatible with the patch. It was the creation of the registry key to allow automatic pulling of the patch which was not yet done at the time.

Edited January 10, 2018 by djacobson
Clarification due to being misquoted and misunderstood

[ClimbGuy 0]

Thank you Dyllon.  Assuming you will post back here once testing is complete?

[djacobson 0]

Yes. For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches.

Update: this no longer applies now that our update is out, you no longer have to touch your Action Center settings within the MB3 based programs.

Edited January 10, 2018 by djacobson
update

[Kalrand 0]

Is this an issue with patching through WSUS or only those from Windows Update and, possibly, Peer-toPeer? 

[djacobson 0]

Let me clarify what is going on for our end. Malwarebytes does not break Windows when the patch is applied. The issue we have is that the patch cannot auto apply when Malwarebytes is registered to the Action Center, this is the part that is being tested and will be updated.

[rahlquist 0]

Thanks!. On one system this morning I checked windows update serveral times and it said I was up to date, then finally it saw updates, downloaded, installed (took over an hour) and now when I run the powershell command from MS to check if the patch is applied I get False for all 5 CVE. I found this post and changed my action center setting to what Dyllon stated and rebooted. Same result in powershell. Checked windows update and they are downloading. Much obliged. 

[Dragans2 0]

Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates.

Edited January 4, 2018 by Dragans2

[djacobson 0]

2 hours ago, Dragans2 said:

Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates.

I'm sorry @Dragans2, I'm specialized to the business products.

@bdubrow do you know what consumer side on free mode will be doing?

[Ried 0]

Consumer side has already been updated - there is no need to change any Malwarebytes settings.

Open Malwarebytes and click 'Check for Updates' to ensure you have the latest update package.

Next, click Settings > About tab and verify that you have Update Package version 1.0.3624

[ElPiedra 0]

Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.

Source: Malwarebytes Blog (update as of 1/04/18)

 

[djacobson 0]

Thanks @Ried and @ElPiedra!!!

[jet 0]

Mine Says  UPDATE PACKAGE VERSION 1.0.3629

 

Has there been an update since 1.0.3624?

[kimiraikkonen 0]

13 hours ago, ElPiedra said:

Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.

Source: Malwarebytes Blog (update as of 1/04/18)

 

I am using free (Premium trial ended) version currently, using Windows 7 SP1, will i have this key after installing latest MBAM database update?

[Ried 0]

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

[kimiraikkonen 0]

14 hours ago, ElPiedra said:

Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.

Source: Malwarebytes Blog (update as of 1/04/18)

 

Hello. You are referring  1.0.3624 as DATABASE UPDATE term. Isn't it wrong?  1.0.3624 should be component package update version. Database updates are being performed and versioned daily, almost hourly in year/day/month format.

[Ried 0]

The database version that you are used to seeing as time and date format in previous versions of MBAM, are no longer shown that way in this UI

There is a difference between the Component Package, the Update package, and the database version.  What is important here is the Update package version - it needs to be at lease 1.03624

You can view the database version if you run mb-check and look at the mb-checkresults.txt.

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.272",
   "db_version" : "2018.01.05.06",
   "dbcls_pkg_version" : "1.0.3630",
   "installer_version" : "3.3.1",

[Roadrunner562 0]

3 hours ago, Ried said:

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

What version should Endpoint be at? How do I verify the computers on Endpoint show the correct version? 

[djacobson 0]

@Roadrunner562, this isn't as easy to see with EP, but MB-Check will show you just like on the consumer's. See this guide for the download and how-to - https://support.malwarebytes.com/docs/DOC-1375

Here's an example of an up-to-date MB-Check result for EP:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.263",
   "db_version" : "2018.01.05.07",
   "dbcls_pkg_version" : "1.0.3631",
   "installer_version" : "3.3.2",

[kimiraikkonen 0]

19 hours ago, Ried said:

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

Thanks for your reply. However i am getting different and contradicting responses from other parts of Internet. About the registry key, isn't Microsoft creating that key if we install the hotfix patch? Or Malwarebytes creating the key?

What behaviours would happen if i update Malwarebytes update package version to 1.0.3624 and DO NOT INSTALL Microsoft hotfix on KB4056897?

I temporarily decided to hold the installation of MS patch due to massive side effects reported on different online communities such as Cpu slow down and intermittent crashes. But i want to update Malwarebytes on the other hand to stay safe and to stay up-to-date against threats. That's why i want to know all for this reason.

I appreciate sir.

[dcollins 0]

@kimiraikkonen what happens is when you check for updates, Windows Updates looks to see if you have security software registered in Windows Action Center.  If you do, it looks to see if that registry key exists, because that key should be put in place by the security vendor. If that key is missing, the update won't be pulled down. If the key is there, the update is installed.

As for the question of what Free users need to do, it's nothing. This only impacts Malwarebytes if you have Malwarebytes registered in Windows Action Center. You can only register Malwarebytes in Windows Action Center in the Premium/Trial mode, free mode does not provide real time protection, and therefore does not register.