Jump to content

MBMC RAM usage and crash


Recommended Posts

2 hours ago, dyoderii said:

So we had done all of the above. There are no logs files on the user clients. We have cleaned the database of all log files. All services are off.

When we turn the services back on it works for a moment and then all the logs (that have been deleted on the client) start flooding back in.

Why?

THERE ARE MORE LOGS...  (on the clients)

x:\programdata\sccom\txthrlog\tempthreatlog_XX.....XXX.txt

This must be a left over from stopping the clients. There are others logs adjacent to this folder however the above logs clearly captured its data during the issue Saturday morning.

Change the name of this file or delete it. No more flooding.

Your approach is yielding results for me.  Thank you for finding this.

Link to post
Share on other sites

  • Staff
7 hours ago, techsmith said:

Is this an okay approach Malwarebytes staff?

Yes guys, this is totally fine, items in that location are ones that are waiting to write to SQL and haven't been archived. I suspect those with a full pending folder likely have the mismatched client version check-in problems.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

If you have MBMC installed, your client does use that folder, no if's about it. But there are different locations for pending alerts to be sent to the console versus archived results sent to the console. Both pending and archived results will be resubmitted if the client see's they are missing from the database after clearing the SQL, clearing the SQL alone is an incomplete fix, client side must be dealt with as well. These are the three folders needing to be cleared on the client side, make sure to stop the client communication service as the pending log it is writing will not be cleared if the service is not stopped!

Here is an example script:
net stop sccommservice
del /f /s /q "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"*.*
del /f /s /q "C:\ProgramData\sccomm\txthrlog\temp\"*.*
del /f /s /q "C:\ProgramData\sccomm\txthrlog\"*.*
net start sccommservice

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.