Jump to content

MEP causing high memory usage on client PCs


Recommended Posts

Several of our weekend employees have contacted me this morning about MEP eating up the memory on their stations. The errors they are describing match what is happening in this thread on the consumer forum:

I havn't seen it mentioned here yet on the MEP forums so I thought I would start a topic on it. I'm on hold now waiting to get a hold of someone in business support but I've attached the compiled FRST and MB Checks logs below.

 

mb-check-results.zip

Edited by Brandon_Lutz
Link to post
Share on other sites

KDawg, please confirm which signature update contains the fix?  I'm on v2018.01.27.12 now.

Does the latest signatures just fix the memory exhaustion errors or does it also fix all of the issues with the false positive detections and emails as well?

Please confirm.

Link to post
Share on other sites

I'm getting back several automated messages from MEP after I tried to run the client updates.

I get the error message below. It appears the stations are not taking the update from MEP.

 

Based on your preferences, you are being notified that a new event has occurred on your account:

 

  • Endpoint Name: clientname.domain
  • Source: managed.machines
  • Severity: warning
  • Type: machine.command.failed

Details: command.protection.update.now

 

Edited by Brandon_Lutz
Link to post
Share on other sites

Ok this is what I've done:

I've moved everyone back to a our default MEP policy with Web Protection Turned OFF
I've forced a network wide restart
I then forced the update across the board

Stations are still moving slow and it appears nothing is applying like it should. Can I get an official case number so I can call into support again and provide them the number? I called earlier and told I was going to be sent an email with case number but I never got that email which is understandable given the circumstances. However I now have my CFO, CEO, and COO breathing down my departments back about this problem. Can I please get a case number so I can call in and get someone on the phone?

Link to post
Share on other sites

I think it is starting to finally work on workstations that were not hung up. The workstations that are hung up in my environment, i'm having to touch them manually and run one of the mb clean utilities to remove part of the install so I can remove the rest via the deployment tool. Then I can go in and reinstall after a reboot.

Link to post
Share on other sites

Lost 40+ PCs this morning and this has ruined my whole day.

MEP is really a half-baked product - even before this I was very frustrated with it - endpoints not checking in, detections on PCs but unable to quarantine, no way to clear stats on the web portal, no way to clear detections lists, very limited info overall and, the biggest pisser - can't even open up an interface on the PCs themselves to see if things are actually working or to see which set of signatures is installed.

So, how to I tell if the corrected signatures are installed?

Edited by lockon
Link to post
Share on other sites
59 minutes ago, itmindscape said:

This is a disaster...I've rebooted machines 10 times...its random on whether it updates or not...how do I force the update???

Go into the cloud console, got to the endpoints section. Tick the box to select all of your endpoints. Then click on the actions button to open the drop down menu. Select the last option to Check for Protection Updates. This will force the updates to the clients.

Now here is where I ran into similar issues that you had. Some of my older stations got hung up really bad, about 20 out of 400. I had to do a force reboot on them via command prompt and I verified that they restarted. I showed a little patience and waited about 20 minutes and starting remoting into them to check their resources. It appears after letting them sit for a period of time they pulled down the update and that fixed the problem.

I highly recommend you bounce your workstations so they can pull down the workstations.

Link to post
Share on other sites

 

3 minutes ago, Brandon_Lutz said:

Go into the cloud console, got to the endpoints section. Tick the box to select all of your endpoints. Then click on the actions button to open the drop down menu. Select the last option to Check for Protection Updates. This will force the updates to the clients.

Now here is where I ran into similar issues that you had. Some of my older stations got hung up really bad, about 20 out of 400. I had to do a force reboot on them via command prompt and I verified that they restarted. I showed a little patience and waited about 20 minutes and starting remoting into them to check their resources. It appears after letting them sit for a period of time they pulled down the update and that fixed the problem.

I highly recommend you bounce your workstations so they can pull down the workstations.

Thanks Brandon - problem is...the leak is so exponentially bad...I can't wait 20 minutes...in 4 minutes, the machines with 8 GB of ram (standard workstation and smaller servers) are absolutely dead....and I have 27 sites...and - like you...my patience was shot about 5 hours ago =)

Edited by itmindscape
Link to post
Share on other sites

Do you have any of the mbam removal tools? If so on the really bad ones, I ran them while in safe mode. Rebooted when prompted and then finished the uninstall after they rebooted into Windows normally via the deployment tool.

Then I restarted and reinstalled. That fixed the issue on the ones that had their resources get eaten up very quickly.

Link to post
Share on other sites
  • Staff

We're sorry you had issues with our program today. We've addressed the issue and here's what you need to do to fix it

Malwarebytes Endpoint Protection (Cloud Console)

  1. From the Malwarebytes Cloud console, go to the endpoints pane and select all the endpoints.
  2. In the action drop-down, choose the ‘check for protection updates’ option to force an update on all endpoints to database update 1.0.3803 or higher.

This should fix the problem for the vast majority of Endpoint Protection endpoints. If endpoints are still affected after applying this, please reboot the machine.

If the remote agent is unable to reach out and get this update, then we must disable the web protection:

  1. In the Malwarebytes Cloud console, Go to the settings> policies> and open up the policy the clients are on.
  2. From here, go to the endpoint protection policy and turn off the “Web Protection” portion of the policy. Then:
    • If the machine is unresponsive, reboot the machine and log in.
    • Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.
    • Once updated, cancel the scan and reboot the machine.
  3. When the computers are all online and updated, please turn back on the web protection again in the Endpoint Policy.

To learn more about what happened, please go here: 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.