Jump to content

IMPORTANT: Web Blocking / RAM Usage


Recommended Posts

  • Staff

Updated guidance, tools, and processes have been posted in the following post:

Please refer to the new guidance for any and all situations where the previous guidance was failing.

Thanks and again, sorry for all the troubles this is causing people. We are deeply sorry and continue to work throughout the weekend and night to make things right. If you are still affected, please feel free to reach out to me directly at pbustamante@malwarebytes.com.

 

Link to post
  • Replies 761
  • Created
  • Last Reply

Top Posters In This Topic

Thank you Porthos,

Issue solved - via un-install and re-install per your link provided.

Thank you MBAW staff for your fast response.

In the future may I suggest a mass mailing notification to advise of these type of issues... to prevent the mass frustration experienced my so many.

Task manager, processes, sort by cpu/memory - MSconfig / stop services is a simple initial solution, but I imagine the vast majority of your retail customers are unaware of such basic troubleshooting...

Kind regards, 

 

Edited by hwkaiser
grammar
Link to post
7 hours ago, thais said:

But the real difference between you and I is that I live in the real world, where mistakes happen; I have made mistakes, I have no doubt that you have made mistakes, and on this occasion MWB made a mistake.  But they identified it, reported it (on the forum), and set to rectifying it in a timely manner.  What more could any reasonable person ask ?

Well, the thing is, this little mistake is not the root of the problem (I think). The problem is there is no fail safe what so ever. This 'little' mistake proofs (in my eyes) that the way MB is setup is faulty. How can a little mistake in a protection update result in:

- crashed pc's
- loss of data (in my case loss of all unsaved data)
- corrupted data (in my case veracrypt volumes were affected)
- loss of time (took me an hour to figure it out and not to mention the time I have to spend to re-do all the work I lost)

And not to mention the fact that this affected all MB users, most of them with no IT skills what so ever. They will see their pc crash and reboot every couple of minutes and have no idea what the hell is going on. The fact that such a 'little' mistake can have these kind of results makes me think twice about trusting this program ever again. Mistakes are made everywhere, not one program is 100% safe, but I have never ever seen such a little mistake turn into such a disaster (which I think is fair to call it that considering all the thing mentioned above). 

Doesn't matter how soon they identified, reported and 'fixed' it. Fact is: it happened. And what will happen when they make the same mistake or an even bigger one? 

Edited by FreaZ
Link to post
6 hours ago, pbust said:

Updated guidance, tools, and processes have been posted in the following post:

Please refer to the new guidance for any and all situations where the previous guidance was failing.

Thanks and again, sorry for all the troubles this is causing people. We are deeply sorry and continue to work throughout the weekend and night to make things right. If you are still affected, please feel free to reach out to me directly at pbustamante@malwarebytes.com.

 

I was wondering how to refer to the new guidance as it wasn't intuitive, at least, to me.

By accident, my mouse cursor floated over the hidden linked text in pbust's post quoted above of "How to recover from faulty Web Protection update". 

Here's the link to the subject post: 

https://forums.malwarebytes.com/topic/220408-how-to-recover-from-faulty-web-protection-update/

In that post, linked text opens a PDF containing MB's analysis, description, findings/cause, and corrective action:

https://www.malwarebytes.com/pdf/WebProtectionFP.pdf

I agree that this incident is serious; however, I also see a company owning it's culpability plus demonstrating significant effort in a very transparent and honest way to mitigate the oversight.

And unless I'm missing or misunderstanding something in the analysis, MB's response was fast and focused.

We've all seen tech companies do much less, a lot slower, with less ownership, and no sense of ethical direction whatsoever.

We all live in glass houses.

Link to post
13 hours ago, Walo said:

Moreover, by far, most users don't even know and never will know about this forum.

In that case two things should be done to sort that.

  1. Malwarebytes should generate an email to all consumers, upon successfully purchasing the product, with links to Customer Support, these forums, etc., letting them know what to do in the event of an issue. (I actually find it difficult to believe that Malwarebytes do not do this already.)
  2. Customers should use their brains for something besides a hat rack, and do their own research. Finding information on a product, and learning what to do if you have an issue requiring Tech Support, should be the first actions performed before buying said product. There are too many search engines online today, to use the excuse, "I can't find information showing me what to do." 
Link to post
10 hours ago, thais said:

Then you need to get a life.  Read back, and you will see that I was one of those affected (15,6GB of VM used by MWB).  And as for being an employee of MWB, I wish -- I am ten years into retirement and have paid for all of my MWB licences out of my own pocket.  But the real difference between you and I is that I live in the real world, where mistakes happen; I have made mistakes, I have no doubt that you have made mistakes, and on this occasion MWB made a mistake.  But they identified it, reported it (on the forum), and set to rectifying it in a timely manner.  What more could any reasonable person ask ?

Preach it! I'm with you 100%.

Edited by Asia_Off_Grid
Link to post

To those who think MB  did a good job, and its up to users to use their heads to solve this...umm, no.

Are you aware that its reasonable to assume 10's of millions of users around the world were likely affected by this? Maybe hundreds of millions based on MB's statements on how many computers they affect.

Are you aware that many are not tech savvy or anywhere near tech savvy? There are stories of grandparents calling their kids to come over and figure what went wrong.

Are you aware that MB still hasnt sent a simple email to users to tell them no, it wasnt a virus taking over your computer?

I consider myself tech savvy, and was 10 minutes away from reformatting 3 PC's because I was certain it was the worst virus I'd ever experienced. I got lucky because I noticed Malwarebytes service taking 100% of my 64 GB RAM and 100% of my system SSD. I was certain it was a virus masquerading as Malwarebytes, and googled that. I got lucky because I clicked the link to this forum.

Ask the businesses around the world who were freaking all weekend because their systems crashed, an the IT guys awake all night trying to fix it.

The response has been shameful. Just because YOU recovered fine is irrelevant. Think of others.

 

Link to post
23 minutes ago, Asia_Off_Grid said:

In that case two things should be done to sort that.

  1. Malwarebytes should generate an email to all consumers, upon successfully purchasing the product, with links to Customer Support, these forums, etc., letting them know what to do in the event of an issue. (I actually find it difficult to believe that Malwarebytes do not do this already.)
  2. Customers should use their brains for something besides a hat rack, and do their own research. Finding information on a product, and learning what to do if you have an issue requiring Tech Support, should be the first actions performed before buying said product. There are too many search engines online today, to use the excuse, "I can't find information showing me what to do." 

Both excellent points!!!  Thanks!!! Hopefully once/if MB puts in place a mass email procedure/service, they can test it out by pushing a note out to all current subscribers that this has been one positive result of this event. Maybe some other vendors would pick up on doing likewise in similar circumstances. And yes – spot on with # 2

Link to post
On 1/27/2018 at 3:22 PM, MichaelRight said:

You can view it in scan history or navigate to the updateconfig folder under programdata\malwarebytes

It'll be in the UpdateControllerConfig.json file under this key "dbcls_pkg_version" 

 

With our February update, it will be visible in the cloud console on the endpoint overview page.

Thanks, appreciate it. 

Link to post
On 1/27/2018 at 10:34 PM, SawtoothID said:

Looking back in time, I can’t immediately recall instances where other vendors with customer bases in the millions sent out emails to all their customers in events similar to this. Most seem to just put out some select news releases + info on their websites. That should change (at least in events like this)! MB, you have millions of customers. You’re a well-recognized & respected vendor in the industry (for good reason). You could help start a trend in this direction. Put in place an email/text policy going forward & advertise it. Maybe if other companies see the end result of that type policy is more customer loyalty (not less), more firms would start doing the same thing. In this litigious world, I’m sure corporate attorneys would weigh in and muddy the waters, but events like this have & will continue to happen periodically across the IT industry. Most of the damage on events like these are not from the bad code itself, rather all the rabbit holes some users go down erroneously thinking they have a failing hardware component or a virus & need to restore or reformat a drive. For sure there are many users who would benefit greatly by becoming more familiar with the basics of safely handling the inevitable mystery meltdowns that happen, but a policy like this would really help! For the folks who espouse anger & negative dialog to get things done, i totally disagree.

 

Link to post

I can tell you as an IT professional in a mom and pop shop who has sold upwards of 1,200 MBAM licenses we're barely able to tread water this morning. This is going to take us days to straighten out and is costing us a *fortune* in unbillable time and resources to rectify.

We're sticking with MBAM - great product and they truly took ownership of their mistake, but it's going to take quite a while for us to recover from their mistake.

A big concern is those residential users who got spooked and are dumping MBAM en masse and going to Norton or McAfee - they are the real ones who will pay in the long run with substandard AV protection.

Link to post
  • Staff
29 minutes ago, TheMSBob said:

I had to modify the mbes-fixer.bat for corporate use to use C$ and not C% in the line, "net use Z: "\\%%a\C$" /user:"%%a\%LOCALADMIN%" "%PASSWORD%""

Good catch, I fixed it already.

Are you seeing the script delete the *.ref file successfully or is it failing in that step?

Link to post
5 hours ago, Asia_Off_Grid said:

Customers should use their brains for something besides a hat rack, and do their own research. Finding information on a product, and learning what to do if you have an issue requiring Tech Support, should be the first actions performed before buying said product. There are too many search engines online today, to use the excuse, "I can't find information showing me what to do." 

There're three things we always need to determine before we take action or form an opinion: Should be. Could be. Is. Then we always need to work with what is because that is all we have. 

Consumers should do as you stated.

Consumers could evolve into perfect consumers.

Consumers are not what you think they should be and odds are they never will be even if they could be.

What remains is what we have to work with, plan on, prepare for, and manage because it is what it is and it is, after all, the real world, not what we think it should be or could be.

I do think MB would look better if they pushed an email out to every address they do have linking to amplified information on the front/landing/home/index page of their public-facing site. 

PS. The study of Web usability and design of anything is a humbling experience along with a priceless education in human behavior. It quickly and clearly strips assumptions, presumptions, and expectations about how folks interact with everything. It's almost guaranteed to be something other than what the designers planned for.

Edited by Walo
Link to post

We use the MWB Endpoint protection in my environment with 300 machines. We had to physically touch 200 to regain connection. Kind of hard when you have 10 locations from coast to coast. Renewal up next month, hoping MWB will make up for the man hours my team and I put in this past weekend. I personally put in 28 hours due to this mess along with 4 employees. Glad it is fixed, but I am not feeling good vibes but more importantly my boss isn't and if "he ain't happy, nobody is". Additionally, an email message would have been nice vs. us having to find out through a Google search.

Please make it right $ for us on our renewal Mr. Kleczynski or I will be forced to jump ship.

 

- Kirk Miller

IT Manager - Rochester Gauges & Gas Equipment Co, Inc.

kmiller@rochestergauges.com

972-280-8443

Link to post

MB has the email address of every person who purchased the Premium MBAM. Thats how they sent us the product keys.

MB sent an email to their associates and resellers on Saturday explaining the situation.

MB posted an explanation on this forum on Saturday.

Now, why could they not send emails to its Premium users on Saturday? And now its 3 days later and still no email

Edited by ebergerly
Link to post
2 hours ago, pbust said:

Good catch, I fixed it already.

Are you seeing the script delete the *.ref file successfully or is it failing in that step?

It does remove the *.ref file(s) but doesn't solve the problem. We are able now to run the command line client install “MBAM-Rules-2018-1-28.exe” via PSExec. That appears to be fixing things pretty well.

Link to post
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.