IT_1152 #1 Posted January 4, 2018 Is Malwarebytes Endpoint Protection compatible with the Microsoft issued patch to mitigate the recent Meltdown exploit? see https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released for additional information. Share this post Link to post Share on other sites
nethru #2 Posted January 4, 2018 Not seeing it in this list yet. https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true Share this post Link to post Share on other sites
Munchkin #3 Posted January 4, 2018 I have the same question. Found a Malwarebytes Lab blog about Meltdown but doesn't appear to give any indication as to whether Malwarebytes has compatibility issues or not. https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/ Share this post Link to post Share on other sites
ClimbGuy #4 Posted January 4, 2018 Also wondering the same. Can we install this windows patch without receiving the warned about bsod potential? Share this post Link to post Share on other sites
nethru #5 Posted January 4, 2018 right now with MB installed seems you can only do it manually if you wanted. Auto update will not install the patch based on the REGKEY not being present that AV vendors are supposed to be pushing once they are compatible. One guy mentioned he did it without any issues but still a bit scared to do it myself. Share this post Link to post Share on other sites
djacobson #6 Posted January 4, 2018 (edited) I don't have an answer right now, regression testing is still underway. The update for MB3 based products, to allow the registry needed to be created, was released on Jan 4th. To be absolutely clear, all of our products are, and have been, compatible with the patch. It was the creation of the registry key to allow automatic pulling of the patch which was not yet done at the time. Edited January 10, 2018 by djacobson Clarification due to being misquoted and misunderstood Share this post Link to post Share on other sites
ClimbGuy #7 Posted January 4, 2018 Thank you Dyllon. Assuming you will post back here once testing is complete? Share this post Link to post Share on other sites
djacobson #8 Posted January 4, 2018 (edited) Yes. For now, users with MB3 based software installed and registered with Windows Action Center will not be able to receive any MS updates automatically, starting with the Jan. 2018 update. You can either apply the update manually or set the Malwarebytes action center setting to "Never register Malwarebytes in Windows Action Center" so that the MS update can apply automatically. Only Windows 10 and Server 2016 have patches. Update: this no longer applies now that our update is out, you no longer have to touch your Action Center settings within the MB3 based programs. Edited January 10, 2018 by djacobson update Share this post Link to post Share on other sites
Kalrand #9 Posted January 4, 2018 Is this an issue with patching through WSUS or only those from Windows Update and, possibly, Peer-toPeer? Share this post Link to post Share on other sites
djacobson #10 Posted January 4, 2018 Let me clarify what is going on for our end. Malwarebytes does not break Windows when the patch is applied. The issue we have is that the patch cannot auto apply when Malwarebytes is registered to the Action Center, this is the part that is being tested and will be updated. Share this post Link to post Share on other sites
rahlquist #11 Posted January 4, 2018 Thanks!. On one system this morning I checked windows update serveral times and it said I was up to date, then finally it saw updates, downloaded, installed (took over an hour) and now when I run the powershell command from MS to check if the patch is applied I get False for all 5 CVE. I found this post and changed my action center setting to what Dyllon stated and rebooted. Same result in powershell. Checked windows update and they are downloading. Much obliged. Share this post Link to post Share on other sites
Dragans2 #12 Posted January 4, 2018 (edited) Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates. Edited January 4, 2018 by Dragans2 Share this post Link to post Share on other sites
djacobson #13 Posted January 5, 2018 2 hours ago, Dragans2 said: Is there going to be an update so that people using the free version can change the setting on the action center so they can get the updates. I'm sorry @Dragans2, I'm specialized to the business products. @bdubrow do you know what consumer side on free mode will be doing? Share this post Link to post Share on other sites
Ried #14 Posted January 5, 2018 Consumer side has already been updated - there is no need to change any Malwarebytes settings. Open Malwarebytes and click 'Check for Updates' to ensure you have the latest update package. Next, click Settings > About tab and verify that you have Update Package version 1.0.3624 Share this post Link to post Share on other sites
ElPiedra #15 Posted January 5, 2018 Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown. Source: Malwarebytes Blog (update as of 1/04/18) Share this post Link to post Share on other sites
djacobson #16 Posted January 5, 2018 Thanks @Ried and @ElPiedra!!! Share this post Link to post Share on other sites
jet #17 Posted January 5, 2018 Mine Says UPDATE PACKAGE VERSION 1.0.3629 Has there been an update since 1.0.3624? Share this post Link to post Share on other sites
kimiraikkonen #18 Posted January 5, 2018 13 hours ago, ElPiedra said: Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown. Source: Malwarebytes Blog (update as of 1/04/18) I am using free (Premium trial ended) version currently, using Windows 7 SP1, will i have this key after installing latest MBAM database update? Share this post Link to post Share on other sites
Ried #19 Posted January 5, 2018 Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1. If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297 Additional information on this vulnerability can also be found in our Public Forum here Share this post Link to post Share on other sites
kimiraikkonen #20 Posted January 5, 2018 14 hours ago, ElPiedra said: Since the "Malwarebytes Database Update 1.0.3624" - all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown. Source: Malwarebytes Blog (update as of 1/04/18) Hello. You are referring 1.0.3624 as DATABASE UPDATE term. Isn't it wrong? 1.0.3624 should be component package update version. Database updates are being performed and versioned daily, almost hourly in year/day/month format. Share this post Link to post Share on other sites
Ried #21 Posted January 5, 2018 The database version that you are used to seeing as time and date format in previous versions of MBAM, are no longer shown that way in this UI There is a difference between the Component Package, the Update package, and the database version. What is important here is the Update package version - it needs to be at lease 1.03624 You can view the database version if you run mb-check and look at the mb-checkresults.txt. Malwarebytes Version information ================================== "controllers_version" : "1.0.272", "db_version" : "2018.01.05.06", "dbcls_pkg_version" : "1.0.3630", "installer_version" : "3.3.1", Share this post Link to post Share on other sites
Roadrunner562 #22 Posted January 5, 2018 3 hours ago, Ried said: Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1. If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297 Additional information on this vulnerability can also be found in our Public Forum here What version should Endpoint be at? How do I verify the computers on Endpoint show the correct version? Share this post Link to post Share on other sites
djacobson #23 Posted January 5, 2018 @Roadrunner562, this isn't as easy to see with EP, but MB-Check will show you just like on the consumer's. See this guide for the download and how-to - https://support.malwarebytes.com/docs/DOC-1375 Here's an example of an up-to-date MB-Check result for EP: Malwarebytes Version information ================================== "controllers_version" : "1.0.263", "db_version" : "2018.01.05.07", "dbcls_pkg_version" : "1.0.3631", "installer_version" : "3.3.2", Share this post Link to post Share on other sites
kimiraikkonen #24 Posted January 6, 2018 19 hours ago, Ried said: Yes, you will but please know that Microsoft isn't sending out this patch until Tuesday for those on Windows 7, 8, and 8.1. If you want to get it early, please see this article in our Knowledge Base https://support.malwarebytes.com/docs/DOC-2297 Additional information on this vulnerability can also be found in our Public Forum here Thanks for your reply. However i am getting different and contradicting responses from other parts of Internet. About the registry key, isn't Microsoft creating that key if we install the hotfix patch? Or Malwarebytes creating the key? What behaviours would happen if i update Malwarebytes update package version to 1.0.3624 and DO NOT INSTALL Microsoft hotfix on KB4056897? I temporarily decided to hold the installation of MS patch due to massive side effects reported on different online communities such as Cpu slow down and intermittent crashes. But i want to update Malwarebytes on the other hand to stay safe and to stay up-to-date against threats. That's why i want to know all for this reason. I appreciate sir. Share this post Link to post Share on other sites
dcollins #25 Posted January 8, 2018 @kimiraikkonen what happens is when you check for updates, Windows Updates looks to see if you have security software registered in Windows Action Center. If you do, it looks to see if that registry key exists, because that key should be put in place by the security vendor. If that key is missing, the update won't be pulled down. If the key is there, the update is installed. As for the question of what Free users need to do, it's nothing. This only impacts Malwarebytes if you have Malwarebytes registered in Windows Action Center. You can only register Malwarebytes in Windows Action Center in the Premium/Trial mode, free mode does not provide real time protection, and therefore does not register. Share this post Link to post Share on other sites