Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

issue with malwarebytes

wcutler
 Share

Recommended Posts

wcutler

wcutler

Posted
Posted

currently getting this every 2 minutes on various pcs at our business

bad update?

 

 

Malwarebytes Management Server Notification
--------------------------------------------

Alert Time: 1/27/2018 10:25:24 AM
Server Hostname: VEN-MB-01
Server Domain/Workgroup: venturedyne.local
Server IP: 10
Notification Catalog: Client
Description:
Malware threat detected, see details below:

1/27/2018 10:23:50 AM   CLI-ENG-03      192.  Type: outgoing, Port: 53041, Process: chrome.exe        Blocked web site        159.180.64.71
1/27/2018 10:23:50 AM   CLI-ENG-03      192.   Type: outgoing, Port: 53044, Process: chrome.exe        Blocked web site        159.180.64.71
1/27/2018 10:23:58 AM   VEN-CTX-IT      10.      Type: outgoing, Port: 32305, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:23:58 AM   VEN-CTX-IT      10.      Type: outgoing, Port: 32306, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:23:58 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32307, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32309, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32310, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10.      Type: outgoing, Port: 32311, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32312, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32313, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10      Type: outgoing, Port: 32314, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10      Type: outgoing, Port: 32315, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:06 AM   VEN-CTX-IT      10       Type: outgoing, Port: 32316, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:14 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32318, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:14 AM   VEN-CTX-IT      10.      Type: outgoing, Port: 32319, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:14 AM   VEN-CTX-IT      10.       Type: outgoing, Port: 32320, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:14 AM   VEN-CTX-IT      10       Type: outgoing, Port: 32321, Process: googleupdate.exe  Blocked web site        172.217.1.46
1/27/2018 10:24:46 AM   CLI-ENG-03      192   Type: outgoing, Port: 53054, Process: chrome.exe        Blocked web site        159.180.64.71
1/27/2018 10:24:46 AM   CLI-ENG-03      192.   Type: outgoing, Port: 53057, Process: chrome.exe        Blocked web site        159.180.64.71

Link to post
Share on other sites
  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

wcutler

wcutler

Posted
  • Author
Posted

MysteryFCM

  • Forum Deity
  •  
  • MysteryFCM
  • Staff
  •  
  • 6,768 posts
  • Location: Tyneside, UK

I'm currently talking to both one of the developers and one of the support team (he's been able to reproduce it) to try and find out what is going on.

As soon as we have an update as to the cause, I'll post back.

 

Steven Burn

Web Protection Team Lead

staff.png

Follow us: Twitter, Become a fan: Facebook

Link to post
Share on other sites
CoxGreen

CoxGreen

Posted
Posted

All our servers are down with this bad update. DNS down, Exchange down, etc...

I was able to get a FIX! logging into the servers and turning off "Website Blocking" on Anti MAlware fixed DNS and remote connectivity and ping issues. However Exchange is still not working, I have uninstalled MBAM and still not working so appears it might have quarantined a service, exe or something and this is now borked. Looking at restoring my servers to before the update and leaving the MBAM server offline, and blocking the update source on the internet.

Link to post
Share on other sites
xsoulbrothax

xsoulbrothax

Posted
Posted

Yeah, we are seeing it too - I just made an account while researching what happened.

We're using Malwarebytes Corporate (I think an older non-centralized client?) set to auto-update every hour. The 8:00AM definitions update started blocking... as far as I can tell, almost everything. Anybody with website protection started blocking our RMM servers (so every client machine is showing offline because the connection to our management servers are blocked). In addition, it's blocking regular stuff like Google.

The 9:00AM update went through and it's still blocking...

Link to post
Share on other sites
JimmySays

JimmySays

Posted
Posted

I have this version and it doesn't have the Web Blocker problem or Memory utilization issues the recent updates are having. All of my clients run Malwarebytes End Point Protection - I have a lot of support tickets open and I have fielding calls most of this morning regarding the current issues.

Appreciate the updates and good information.

This update is working great - I don't have my work PC automatically update anything. So that worked out in my favor this morning.

 

image.png.858cb395d73cc7430e5e8ef2ab52eb05.png

Link to post
Share on other sites
CoxGreen

CoxGreen

Posted
Posted
2 minutes ago, RayPL said:

We just updated to version 2018.01.27.07 and the issue is still occurring. Major fail from MB, and what's more annoying, is they push out updates with no support working right now.

Almost as bad as that issue where it clashed with Microsoft's Endpoint Protection and made everything grind to a halt!

Link to post
Share on other sites
schester

schester

Posted
Posted

Having the same problem here. Had to be some update installed this morning. Things were working fine about 7:30, but starting about 8:30 I started getting calls that people can't access some sites or email. I can't use TeamViewer or Remote Desktop to access servers or workstations so I'm left using Out of Band solutions.

Any ideas on how to fix this remotely?

Link to post
Share on other sites
wcutler

wcutler

Posted
  • Author
Posted

MysteryFCM

  • Forum Deity
  •  
  • MysteryFCM
  • Staff
  •  
  • 6,768 posts
  • Location: Tyneside, UK

I'm currently talking to both one of the developers and one of the support team (he's been able to reproduce it) to try and find out what is going on.

As soon as we have an update as to the cause, I'll post back.

 

Steven Burn

Web Protection Team Lead

staff.png

Follow us: Twitter, Become a fan: Facebook

Link to post
Share on other sites
CoxGreen

CoxGreen

Posted
Posted
1 minute ago, schester said:

Having the same problem here. Had to be some update installed this morning. Things were working fine about 7:30, but starting about 8:30 I started getting calls that people can't access some sites or email. I can't use TeamViewer or Remote Desktop to access servers or workstations so I'm left using Out of Band solutions.

Any ideas on how to fix this remotely?

Not possible unless they are virtual and you can direct connect to the host.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.