Jump to content
Fearls1

Malwarebytes slowly taking down our access

Recommended Posts

Yes. Malwarebytes decided to start blocking every process on every machine on my network. 

It started at 9:44am CST

Help!

Share this post


Link to post
Share on other sites

Please disable the Web Protection Module, this looks like it may be the affecting module. Let us know if this helps on the affected policies.

Our research teams are working on this furiously for a resolution we should have soon.

Share this post


Link to post
Share on other sites

We're sorry you had issues with our program today. We've addressed the issue and here's what you need to do to fix it

Malwarebytes Endpoint Protection (cloud)

  1. From the Malwarebytes Cloud console, go to the endpoints pane and select all the endpoints.
  2. In the action drop-down, choose the ‘check for protection updates’ option to force an update on all endpoints to database update 1.0.3803 or higher.

This should fix the problem for the vast majority of Endpoint Protection endpoints. If endpoints are still affected after applying this, please reboot the machine.

If the remote agent is unable to reach out and get this update, then we must disable the web protection:

  1. In the Malwarebytes Cloud console, Go to the settings> policies> and open up the policy the clients are on.
  2. From here, go to the endpoint protection policy and turn off the “Web Protection” portion of the policy. Then:
    • If the machine is unresponsive, reboot the machine and log in.
    • Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.
    • Once updated, cancel the scan and reboot the machine.
  3. When the computers are all online and updated, please turn back on the web protection again in the Endpoint Policy.

To learn more about what happened, please go here: 

 

Share this post


Link to post
Share on other sites

What if we have already deleted the endpoint from the cloud - because none of the previous explanations during the day were working?

How can we be assured - short of visiting each one - that the software has been uninstalled, and that the client's machines are not going to continue to experience issues because of this?

Share this post


Link to post
Share on other sites

Use another piece of software to audit the installed software on the computers? Or start reinstalling the clients again as the issue has been fixed with the latest update.

Share this post


Link to post
Share on other sites

The fix that worked for us was to go to Start - Control Panel - Programs and Features, then uninstall Malwarebytes Version 3.X.X.... then restart the computer (note "Malwarebytes Endpoint Agent" was still installed).  After restarting the computer, the software reinstalled on it's own (possibly because Malwarebytes Endpoint Agent was still installed) and the computer was back to normal.

Before the fix, we tried updating the database, turning off web protection, etc but that did not work and the memory/RAM was about full; causing the computer to be very slow, even while uninstalling the software.

Share this post


Link to post
Share on other sites
1 minute ago, BenCunn said:

The fix that worked for us was to go to Start - Control Panel - Programs and Features, then uninstall Malwarebytes Version 3.X.X.... then restart the computer (note "Malwarebytes Endpoint Agent" was still installed).  After restarting the computer, the software reinstalled on it's own (possibly because Malwarebytes Endpoint Agent was still installed) and the computer was back to normal.

Before the fix, we tried updating the database, turning off web protection, etc but that did not work and the memory/RAM was about full; causing the computer to be very slow, even while uninstalling the software.

Yes, unfortunately most often the solution to the problem with this software is to just remove it.

 

This was a semi-workable solution when it was only installed on one of my machines. Now that I'm up to 125 machines I'm about ready for a refund.

Share this post


Link to post
Share on other sites

The solution I came up with was:

  • Open task manager, Kill Malwarebytes service
  • Open services, set Malwarebytes Service to disable.
  • Kill the process again in task manager.
  • start the service again, remembering to reset the startup type to disabled again.  This will prevent the service from restarting without you wanting it to.
  • Watch the task manager.  If memory usage climbs too fast, or climbs over 500MB, kill it again.
  • Restart service.  right click, start scan, wait as long as you feel comfortable while watching task manager and how much memory it uses.  Stop the scan, try to nicely stop the service and restart it.
  • May have to bounce the service a couple more times until the update get downloaded.  Once the download gets updated the service seems to only take up around 250MB and stops climbing.  That's how you know it took and you never have to restart the machine and you don't have to deal with uninstalling the software.

 

Now, I am very happy with how far the company has come with it's open communication and appreciate the email I received explaining what happened.  However, I agree, a better testing should be done before it's pushed.  I am torn on whether to try this "one more time", however, this is 2.5 strikes.  If I do decide to give it another chance, it is most definitely the last.

I don't want this to turn into a bitching fest, and am not bashing the company, but they do need to understand how serious I am about it all.

Share this post


Link to post
Share on other sites

This has to be about the 4th or 5th time they have recommended I uninstall their software from every PC (~125 spreadout across North America and parts of Europe) and then reinstall the software. I haven't had to do it yet this month so I don't know if I still have to run the suite of uninstall tools to remove it. Last time I had to wipe computers I needed to run their mb_clean to get this off the computer.

If the solution this time is to uninstall the software, this will be the last time I uninstall the software.

Share this post


Link to post
Share on other sites

When I was using Symantec's Endpoint Protection Cloud product, it would inevitably run into problems. Their solution always was to uninstall, clean, and reinstall the product.  That entire process (for that product) with all of the attendant reboots - there were three - took about an hour on any given machine.  After a while, as an MSP, I got tired of that because there was no legitmate way that I could tell my client that I had intentionally selected a product that would encounter repeated problems that required such an onerous process to resolve.

In this case, I have been waiting (since late November 2017) for Malwarebytes to actually offer MSP pricing, so - very fortunately - I haven't rolled this out to my base.  But if I had, as a sole practitioner, I would not have been able to have handled the onslaught of what happened on Saturday without losing many clients who would have been distraught about what happened to their machines.

And while I give tech support and management credit for trying to keep everyone apprised of what was going on and how to resolve it, the mere fact that the information for the new cloud-based platform was relegated to one of the last product solutions to be released was not healthy from my point of view.

The old business version 1.82 was fine; this new 3.0.x was junked.  Malwarebytes should have spent much more developing a rock-solid solution before letting everyone "test it in production."

Share this post


Link to post
Share on other sites
1 hour ago, kahml said:

Malwarebytes should have spent much more developing a rock-solid solution before letting everyone "test it in production."

This is most of the complaints on here. They decided to rush this into production and deployment before they even finished the UI and features list let-alone work out the bugs.

 

AND THEY'RE CHARGING PEOPLE THOUSANDS OF DOLLARS TO BETA TEST THIS FOR THEM!

Share this post


Link to post
Share on other sites

So you paid tens of thousands to beta test for them.

Don't think you'll be reimbursed for your time they've wasted either.

Share this post


Link to post
Share on other sites
On 2/1/2018 at 1:28 PM, MI-PJK said:

Why did this just hit us today? 

 

The original false positive for 255.255.255.255 was fixed. New detection's of that hit are a problem within the program itself, it will be fixed in an upcoming update. It will be posted on the thread sticky here once it releases - 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.