Jump to content
IT_1152

Meltdown Mitigation

Recommended Posts

6 hours ago, dcollins said:

@kimiraikkonen what happens is when you check for updates, Windows Updates looks to see if you have security software registered in Windows Action Center.  If you do, it looks to see if that registry key exists, because that key should be put in place by the security vendor. If that key is missing, the update won't be pulled down. If the key is there, the update is installed.

As for the question of what Free users need to do, it's nothing. This only impacts Malwarebytes if you have Malwarebytes registered in Windows Action Center. You can only register Malwarebytes in Windows Action Center in the Premium/Trial mode, free mode does not provide real time protection, and therefore does not register.

Thanks @dcollins for your help. Nice answer like you did on other thread. But i do not use Action Center, and almost none of my friends use it even they have Premium version. That is another subject. I think Windows looks up presence of so-called "QualityCompat" registry key, then applies KB4056892 or 97 if it present. So as to my understanding, updating only Malwarebytes does nothing except having registry key added for preparing system for MS hotfix. Maybe it (was 1.3624, now the version is incremented more as i see) also includes newer definition database along with reg-key update as well. Right?

Share this post


Link to post
Share on other sites
10 hours ago, kimiraikkonen said:

i do not use Action Center

If you are on the free mode of consumer, or not set to reg with WAC, then none of this applies to you. If you have Defender or MSE on, as most on the consumer level will, Defender / MSE will change the key for you, allowing the patch to be pulled down.

10 hours ago, kimiraikkonen said:

Maybe it also includes newer definition database along with reg-key update as well. Right?

Yes, that number reflects definition updates.

Share this post


Link to post
Share on other sites
1 hour ago, djacobson said:

If you are on the free mode of consumer, or not set to reg with WAC, then none of this applies to you. If you have Defender or MSE on, as most on the consumer level will, Defender / MSE will change the key for you, allowing the patch to be pulled down.

Thank you for reply. I noticed your statement here, even it's quoted on elsewhere on the net including Reddit. :)

I understand i did not got registry key on my Win7 box because of using free version eventhough having latest Malwarebytes update package. Right? Huh. Regarding to "Action Center", it's really a crucial detail. I read a lot of forums of other AVs including giant communities like Reddit, almost no one has mentioned about "Action Center" trick for receiving MS patch. Maybe it's a specific issue with Malwarebytes and not with other AVs?

Let me ask another question, but I'm not asking myself this time. My friend with Windows 10 has similar question and wanted me to figure out his problem. Based on your statement linked in thread above, none of machines with Malwarebytes could receive MS patch currently if they're registered with WAC even they have MB Premium. The setting is recommended to be "never register...". Has this issue been resolved? I see some "new" posts on forum and now it's recommended to have MB Premium editions registered with WAC currently, conversely.

Another question. My friend started using Malwarebytes 3 Premium (currently 14-day trial) and updated "update package" to 1.0.3647 (newer than 1.0.3624 Meltdown mitigation release), then his machine got so-called "QualityCompat" registry key unlike me, after his Malwarebytes "update package" is updated, eventhough his Malwarebytes is set to "Let Malwarebytes apply best WAC settings..." by default, AND he has WAC disabled on his PC, so not registered with WAC anyhow. Is it normal and expected?

Thank you for enlightening me.

Best regards.

Edited by kimiraikkonen

Share this post


Link to post
Share on other sites

Malwarebytes is not updating HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat on W2K8R2 and W2K12R2.  Windows 7 updates OK. Version info is the same on all. Policies are set the same on Cloud Endpoint Protection portal.
Malwarebytes Version information
==================================
   "controllers_version" : "1.0.160",
   "db_version" : "2018.01.09.05",
   "dbcls_pkg_version" : "1.0.3657"
   "installer_version" : "3.1.8",


Any ideas?

Share this post


Link to post
Share on other sites
On 1/8/2018 at 12:11 PM, kimiraikkonen said:

almost no one has mentioned about "Action Center" trick for receiving MS patch. Maybe it's a specific issue with Malwarebytes and not with other AVs?

This was an early trick to let the patch pull down BEFORE we updated the program to let it happen automatically.

 

On 1/8/2018 at 12:11 PM, kimiraikkonen said:

Based on your statement linked in thread above, none of machines with Malwarebytes could receive MS patch currently if they're registered with WAC even they have MB Premium. The setting is recommended to be "never register...". 

That is no longer the case after our update was released to let the registry key be created for our product versions, and their modes, that register in Windows Action Center.

 

On 1/8/2018 at 12:11 PM, kimiraikkonen said:

his machine got so-called "QualityCompat" registry key unlike me, after his Malwarebytes "update package" is updated, eventhough his Malwarebytes is set to "Let Malwarebytes apply best WAC settings..." by default, AND he has WAC disabled on his PC, so not registered with WAC anyhow. Is it normal and expected?

This is normal and what our update was meant to accomplish.

 

Share this post


Link to post
Share on other sites

@JLR was there a patch for the OS's when you wrote your reply? My understanding is that anything other than Windows 10 and Server 2016 was going to have to wait until the 9th. They should have a version by now, however, make sure to read Microsoft's suggestions for server's, they are recommending that you think on this critically for your server in order to balance between performance and security, if you apply the patch to your servers, their performance will be degraded considerably. Server's that only provide background services may not need it, but this is up to you to decide.

Share this post


Link to post
Share on other sites

So back to re-phrase the original question (now that we know the consumer verison does this):  Will Malwarebytes Endpoint Protection update the registry key?

Thanks!

 

Share this post


Link to post
Share on other sites

This thread was derailed a bit as this section is not for consumer software. To answer the question, yes of course,  MBEP runs the MB3 product family, it got the same update consumers on MB3 Home Premium did. It is consumer MB3 in free mode and MBES and its legacy MBAM/MBAE product builds that will not create the registry key since those legacy products, and the home version in free mode, that do not register with Windows Action Center.

Edited by djacobson

Share this post


Link to post
Share on other sites

Thank you for that.

Next question:  When I go to the Malwarebytes cloud console, my computer shows the following information:

Product Name: Endpoint Protection (1.1.0.188)
Product Name: Asset Manager (1.1.0.133)

I have looked in my registry and do not find the specified HKLM\Software key - in either the standard list or the WOW6432Node.

What part of the puzzle am I missing?

 

Share this post


Link to post
Share on other sites

The cloud does not currently show the update package information, you are looking at build numbers. See post #23 from this thread for how to check the update package info - 

 

Share this post


Link to post
Share on other sites

Hello

I have windows server 2008 r2, i updated to latest mallwarebytes 3.3 and all updates in check, but the security key is not beeing added. As far as i know server 2008 has no security center neither. What should i do to safely get the windows update from the windows updater?

Share this post


Link to post
Share on other sites

OK, back for more punishment.

Read the KB, downloaded the file, ran the check, and here are the results:

Malwarebytes Version information
==================================
   "controllers_version" : "1.0.160",
   "db_version" : "2018.01.12.06",
   "dbcls_pkg_version" : "1.0.3683",
   "installer_version" : "3.1.8",

   "installationToken" : "",
   "licenseState" : "licensed",
   "machineId" : "",

Installation Date:        08/29/2017
Version Installed:        3.x Installed
Installation Directory:        C:\Program Files\Malwarebytes\Anti-Malware\

What has NOT been stated in this thread - as far as I can tell - is what level of what value (above) indicates that the Registry is going to be updated?

And if I'm not at that value, how do I go about ensuring that I get it?

Share this post


Link to post
Share on other sites

@kahml what do you have set for your Windows Action Center settings in Settings -> Policies -> your policy -> Endpoint Protection -> Windows Action Center?

Being at or above Update Package 1.0.3624 and having the correct Action Center settings will create the key.

Edited by djacobson

Share this post


Link to post
Share on other sites

Alright, you're not on any non-R2 server version which doesn't have a patch or an unsupported AMD processor. I'd say to create the key yourself, I really can't tell you why it hasn't been made when you're past the update package that includes it. Your alternative is to remove, restart and reinstall the product to see if it will make the key, which seems like wasting time when the patch is pretty critical.

Share this post


Link to post
Share on other sites

I had a business edition of MBAM (forget which one) on this machine when I installed MEP from the cloud.

I'm guessing that may have affected things.

Despite the admitted time suck, I'm going to uninstall, restart, mbam-clean, restart, and reinstall.

I want to see that this product actually does what it is supposed to do... especially if I'm preparing to launch to clients who have AV products that are "compliant" but that are not writing the registry key.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.