Jump to content
IT_1152

Meltdown Mitigation

By IT_1152, in Malwarebytes Endpoint Protection

Recommended Posts

nethru   

nethru
Posted

right now with MB installed seems you can only do it manually if you wanted.  Auto update will not install the patch based on the REGKEY not being present that AV vendors are supposed to be pushing once they are compatible.  One guy mentioned he did it without any issues but still a bit scared to do it myself.

Share this post

Link to post
Share on other sites

djacobson   

djacobson
Posted (edited)

I don't have an answer right now, regression testing is still underway.

The update for MB3 based products, to allow the registry needed to be created, was released on Jan 4th. To be absolutely clear, all of our products are, and have been, compatible with the patch. It was the creation of the registry key to allow automatic pulling of the patch which was not yet done at the time.

Edited by djacobson
Clarification due to being misquoted and misunderstood

Share this post

Link to post
Share on other sites

djacobson   

djacobson
Posted (edited)

Yes. For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches.

Update: this no longer applies now that our update is out, you no longer have to touch your Action Center settings within the MB3 based programs.

Edited by djacobson
update

Share this post

Link to post
Share on other sites

Kalrand   

Kalrand
Posted

Is this an issue with patching through WSUS or only those from Windows Update and, possibly, Peer-toPeer? 

Share this post

Link to post
Share on other sites

djacobson   

djacobson
Posted

Let me clarify what is going on for our end. Malwarebytes does not break Windows when the patch is applied. The issue we have is that the patch cannot auto apply when Malwarebytes is registered to the Action Center, this is the part that is being tested and will be updated.

Share this post

Link to post
Share on other sites

rahlquist   

rahlquist
Posted

Thanks!. On one system this morning I checked windows update serveral times and it said I was up to date, then finally it saw updates, downloaded, installed (took over an hour) and now when I run the powershell command from MS to check if the patch is applied I get False for all 5 CVE. I found this post and changed my action center setting to what Dyllon stated and rebooted. Same result in powershell. Checked windows update and they are downloading. Much obliged. 

Share this post

Link to post
Share on other sites

Dragans2   

Dragans2
Posted (edited)

Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates.

Edited by Dragans2

Share this post

Link to post
Share on other sites

djacobson   

djacobson
Posted
2 hours ago, Dragans2 said:

Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates.

I'm sorry @Dragans2, I'm specialized to the business products.

@bdubrow do you know what consumer side on free mode will be doing?

Share this post

Link to post
Share on other sites

Ried   

Ried
Posted

Consumer side has already been updated - there is no need to change any Malwarebytes settings.

Open Malwarebytes and click 'Check for Updates' to ensure you have the latest update package.

Next, click Settings > About tab and verify that you have Update Package version 1.0.3624

Share this post

Link to post
Share on other sites

jet   

jet
Posted

Mine Says  UPDATE PACKAGE VERSION 1.0.3629

 

Has there been an update since 1.0.3624?

Share this post

Link to post
Share on other sites

kimiraikkonen   

kimiraikkonen
Posted
13 hours ago, ElPiedra said:

Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.

3624.thumb.png.293d8c98cbc0bbbd32dbcb2e83e6925e.png

Source: Malwarebytes Blog (update as of 1/04/18)

 

I am using free (Premium trial ended) version currently, using Windows 7 SP1, will i have this key after installing latest MBAM database update?

Share this post

Link to post
Share on other sites

Ried   

Ried
Posted

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

Share this post

Link to post
Share on other sites

kimiraikkonen   

kimiraikkonen
Posted
14 hours ago, ElPiedra said:

Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.

3624.thumb.png.293d8c98cbc0bbbd32dbcb2e83e6925e.png

Source: Malwarebytes Blog (update as of 1/04/18)

 

Hello. You are referring  1.0.3624 as DATABASE UPDATE term. Isn't it wrong?  1.0.3624 should be component package update version. Database updates are being performed and versioned daily, almost hourly in year/day/month format.

Share this post

Link to post
Share on other sites

Ried   

Ried
Posted

The database version that you are used to seeing as time and date format in previous versions of MBAM, are no longer shown that way in this UI

There is a difference between the Component Package, the Update package, and the database version.  What is important here is the Update package version - it needs to be at lease 1.03624

You can view the database version if you run mb-check and look at the mb-checkresults.txt.

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.272",
   "db_version" : "2018.01.05.06",
   "dbcls_pkg_version" : "1.0.3630",
   "installer_version" : "3.3.1",

Share this post

Link to post
Share on other sites

Roadrunner562   

Roadrunner562
Posted
3 hours ago, Ried said:

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

What version should Endpoint be at? How do I verify the computers on Endpoint show the correct version? 

Share this post

Link to post
Share on other sites

djacobson   

djacobson
Posted

@Roadrunner562, this isn't as easy to see with EP, but MB-Check will show you just like on the consumer's. See this guide for the download and how-to - https://support.malwarebytes.com/docs/DOC-1375

Here's an example of an up-to-date MB-Check result for EP:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.263",
   "db_version" : "2018.01.05.07",
   "dbcls_pkg_version" : "1.0.3631",
   "installer_version" : "3.3.2",

Share this post

Link to post
Share on other sites

kimiraikkonen   

kimiraikkonen
Posted
19 hours ago, Ried said:

Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1.

If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297

Additional information on this vulnerability can also be found in our Public Forum here

 

Thanks for your reply. However i am getting different and contradicting responses from other parts of Internet. About the registry key, isn't Microsoft creating that key if we install the hotfix patch? Or Malwarebytes creating the key?

What behaviours would happen if i update Malwarebytes update package version to 1.0.3624 and DO NOT INSTALL Microsoft hotfix on KB4056897?

I temporarily decided to hold the installation of MS patch due to massive side effects reported on different online communities such as Cpu slow down and intermittent crashes. But i want to update Malwarebytes on the other hand to stay safe and to stay up-to-date against threats. That's why i want to know all for this reason.

I appreciate sir.

Share this post

Link to post
Share on other sites

dcollins   

dcollins
Posted

@kimiraikkonen what happens is when you check for updates, Windows Updates looks to see if you have security software registered in Windows Action Center.  If you do, it looks to see if that registry key exists, because that key should be put in place by the security vendor. If that key is missing, the update won't be pulled down. If the key is there, the update is installed.

As for the question of what Free users need to do, it's nothing. This only impacts Malwarebytes if you have Malwarebytes registered in Windows Action Center. You can only register Malwarebytes in Windows Action Center in the Premium/Trial mode, free mode does not provide real time protection, and therefore does not register.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Malwarebytes Endpoint Protection

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept