Jump to content

Business Customers Help Request

Corrigun

By Corrigun
in Malwarebytes Nebula

 Share

Recommended Posts

Corrigun

Corrigun

Posted
Posted

So I am still a little confused.

We seemed to only have network blocking (anything Google and then some) and no memory issues. We have about 100 Windows7 clients most who are turned off for the weekend but about 30 on and affected. My inbox blew up with email notifications that I eventually turned off once I realized it was a false alarm.

According to my console it is running a current signature of 2018.01.27.13 after a early afternoon update. My clients have a "database" of 2018.01.27.12 after an update push.

Is this where I want to be? Honestly I adopted this mess and I have never even had to look at the admin console before.

Any advice would be appreciated.

Link to post
Share on other sites
PimixLabs

PimixLabs

Posted
Posted

Hi Corrigun,

please accept our sincere apology for the situation. 

Yes, the DB should be of version v2018.01.27.12 or higher. Then it should be safe to have the Malicious Website Protection working properly again.

Hope this answers your question.

Regards,

Mike Pikkov
EMEA Support Manager

 

Link to post
Share on other sites
Corrigun

Corrigun

Posted
  • Author
Posted (edited)

Thank you. So the clients are supposed to be a different version number (12 vs 13) than the server?

Also will the machines that are off for the weekend fix themselves on start Monday? Do I need to reboot all of the machines regardless?

Edited by Corrigun
More ?'s
Link to post
Share on other sites
jayt12

jayt12

Posted
Posted
31 minutes ago, PimixLabs said:

Hi Corrigun,

please accept our sincere apology for the situation. 

Yes, the DB should be of version v2018.01.27.12 or higher. Then it should be safe to have the Malicious Website Protection working properly again.

Hope this answers your question.

Regards,

Mike Pikkov
EMEA Support Manager

 

How do we got those machines to that DB version?  It appears the issue is with 2018.01.27.02/03.  None of the pc's can do anything on the network, so far just disabling and solved getting on the network, but not updating the DB.  Only solution to uninstall?  


Can you verify exactly which db versions have the issue, I have a couple hundred at 2018.01.27.02 that appear to have issues, but I also have a few hundred of 2018.01.26.08 that are also offline.

Are you going to open up your support lines?

Link to post
Share on other sites
KDawg

KDawg

Posted
Posted

If you are having this issue while running Malwarebytes Endpoint Protection follow these steps:

1. From the Cloud console, go to the endpoints pane and select all the endpoints.
2. In the action drop down, choose the 'check for protection updates' option to force an update on all endpoints to database update 1.0.3803. This should fix the problem for the vast majority of Cloud endpoints.

If endpoints are still affected after applying this, please reboot the machine.

If the remote agent is unable to reach out and get this update, then we must disable the web protection:

1.  In the cloud console, go to the settings> policies> and open up the policy the clients are on.
2. From here, go to the endpoint protection policy and turn off the "Web Protection" portion of the policy. Then try this:
a. If the machine is unresponsive, reboot the machine and log in.
b. Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.
c. Once updated, cancel the scan and reboot the machine.
3. When the computers are all online and  updated, please turn back on the web protection again in the Endpoint Policy.

Link to post
Share on other sites
PimixLabs

PimixLabs

Posted
Posted
36 minutes ago, Corrigun said:

Thank you. So the clients are supposed to be a different version number (12 vs 13) than the server?

Also will the machines that are off for the weekend fix themselves on start Monday? Do I need to reboot all of the machines regardless?

No, it looks like they are still on the way to talk to the server and will obtain 2018.01.27.13 as soon as they do that.

As offline machine will not pick up the problematic database update but a good one, no action will be needed about those.

Link to post
Share on other sites
PimixLabs

PimixLabs

Posted
Posted
12 minutes ago, jayt12 said:

How do we got those machines to that DB version?  It appears the issue is with 2018.01.27.02/03.  None of the pc's can do anything on the network, so far just disabling and solved getting on the network, but not updating the DB.  Only solution to uninstall?  


Can you verify exactly which db versions have the issue, I have a couple hundred at 2018.01.27.02 that appear to have issues, but I also have a few hundred of 2018.01.26.08 that are also offline.

Are you going to open up your support lines?

We believe the problematic db version were 2018.01.27.02 and 2018.01.27.03 - those you have mentioned.

If machine is experiencing connectivity / name resolution issues then the only solution would be to reinstall the endpoints unfortunately. 

All the support lines are opened at the moment. The support website was down earlier today because of the 3rd party - just a coincidence and bad timing.

Link to post
Share on other sites
jayt12

jayt12

Posted
Posted (edited)
1 hour ago, PimixLabs said:

We believe the problematic db version were 2018.01.27.02 and 2018.01.27.03 - those you have mentioned.

If machine is experiencing connectivity / name resolution issues then the only solution would be to reinstall the endpoints unfortunately. 

All the support lines are opened at the moment. The support website was down earlier today because of the 3rd party - just a coincidence and bad timing.

For us it looks like killing the service hard booting the machine, logging in waiting 2-3 minutes and rebooting resolves the issue.  Sometimes we kill the rules.new rules.ref files  on problematic machines. 

 

About the support lines.  How do we contact?  It says M-F and a webform to submit a ticket.  I submitted a ticket 4 hours or so ago.

Edited by jayt12
Link to post
Share on other sites
PimixLabs

PimixLabs

Posted
Posted
On 1/28/2018 at 3:00 AM, jayt12 said:

For us it looks like killing the service hard booting the machine, logging in waiting 2-3 minutes and rebooting resolves the issue.  Sometimes we kill the rules.new rules.ref files  on problematic machines. 

About the support lines.  How do we contact?  It says M-F and a webform to submit a ticket.  I submitted a ticket 4 hours or so ago.

Hi Jay,

thank you for the update. If you have already logged a support ticket then we will get back to you for sure. We have used all the available resources on the past weekend but that obviously was not enough to respond in a timely manner. I apologize. We are catching up. In the mean time you may find the following information useful:

How to recover from faulty Web Protection update
https://forums.malwarebytes.com/topic/220408-how-to-recover-from-faulty-web-protection-update/

Regards,

Mike Pikkov
EMEA Support Manager

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.