Jump to content

Recommended Posts

  • Staff

Please disable the Web Protection Module, this looks like it may be the affecting module. Let us know if this helps on the affected policies.

Our research teams are working on this furiously for a resolution we should have soon.

 

 

Link to post
Share on other sites

We're getting clobbered by this as well this morning.  Confirming it appears to have started with the .07 update which pushed live around 7:45am Pt.  I've updated multiple times over the last few hours to see if the latest resolves this but no luck.  I'm on .12 now.

Tried adding exclusions for the affected IPs for Google just too cut down on the volume.  Admin panel says I have roughly 20,000 detections so far this morning.  

I'm also getting memory exhaustion alerts from several machines this is running on.  Not to mention the few users who were trying to work this morning all got freaked out.

Confirming I have switched off the Start malicious website blocking when protection module starts setting in the latest policy version and pushed it out to all online clients.  Doesn't this require a restart of the MalwareBytes client or service for this to take effect though?

Link to post
Share on other sites

Confirming that between the latest signatures pushed out (.12) and switching off Start malicious website blocking when protection module starts and updating the policy appears to have quieted things down on our end.  Only getting alerts from machines that are still scanning from the initial outbreak of this and don't appear to be updating while those scans are still running.

KDawg, will you post when things are fully resolved and we can switch back on the Start malicious website blocking when protection module starts setting?

Thank you!

Link to post
Share on other sites

As I'm digging into the data a bit more I thought this part was perhaps also worth noting.  

Those machines we've switched over to the newer Cloud hosted MB service did not appear to have had this issue with the  false positive website blocked detections.  It was only running the on premise server hosted version that picked up the bad signatures and got hammered.

What is interesting is that a number of the Cloud protected endpoints did send out memory exhaustion alerts that I didn't see from the on premises protected endpoints.  But the cloud admin portal does not show any detections for today.  And the On prep shows almost 21,000 now.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.