Jump to content
MikePahl318

MBAM Cloud Web Protection Problems

Recommended Posts

We have 80 days left on our MBAM Cloud licensing, and for the first time since I began using MBAM (I was an early enterprise adopter) we will likely not be renewing. MBAM Cloud feels extremely half baked, and the lack of options and features makes managing mbam cloud a nightmare right now. For example I can not even rename and endpoint in the cloud console or execute a scan from the Endpoint overview page.

With that said, our primary issue is the lack of Enterprise support options (forum coming soon?) and the bugs that have been introduced to MBAM Cloud that never existed in MBAM EE or previous versions before that.

Right now for example, any users that connects to our Split Tunnel L2TP VPN has to have MBAMs Web protection module disabled, or else IE/Chrome grind to a halt. Disabling the web protection module instantly resolves the issue.
We also can not add custom URLs or IPs to the blocked website lists, so as we get phishing attempts into our various enterprise mailboxes I am forced to create a forum entry and pray its adopted quickly - or blacklist it to our 8 firewalls and pray I beat users to the punch. 

 

A loyal but extremely disappointed and let down customer since Day 1,

Mike

Share this post


Link to post
Share on other sites

I won't turn this into a running list, but here is another one. I can not copy the location or expand it. There is no way to copy the location of the file of this false positive event into exclusions. 

 

 

image.png.4cddde7d9da8d63e97a29ad8a07a8472.png

Share this post


Link to post
Share on other sites

Mike it pains me to hear about these issues you are experiencing

For future serious issues like these please do submit a ticket for fastest support

For the VPN issues this is a currently known defect with the web protection module, leaving the web protection module disabled should allow the other features to function without issues.

User added blocks is a highly requested feature we hope to release soon

Cscript exploit block is resolved in the latest version of anti exploit and we will be releasing it with the next update

Share this post


Link to post
Share on other sites
2 hours ago, KDawg said:

Mike it pains me to hear about these issues you are experiencing

For future serious issues like these please do submit a ticket for fastest support

For the VPN issues this is a currently known defect with the web protection module, leaving the web protection module disabled should allow the other features to function without issues.

User added blocks is a highly requested feature we hope to release soon

Cscript exploit block is resolved in the latest version of anti exploit and we will be releasing it with the next update

Thanks for the response. Obviously with the need to disable web protection we feel we are leaving users at risk. Right now in order to leave our enterprise users non-impacted by MBAM we need to disable web protection, exploit protection, and continue to report URLs to the forums. Its painful.

Please help me out by expanding on your ticket comment. We have submitted tickets but we don't typically hear back. Can you confirm the process for me? Maybe i'm getting it wrong. 

Share this post


Link to post
Share on other sites

Have you tried uninstalling everything and then reinstalling everything and then disabling everything?

 

Rinse and repeat.

Share this post


Link to post
Share on other sites
Just now, IT_Guy said:

Have you tried uninstalling everything and then reinstalling everything and then disabling everything?

 

Rinse and repeat.

Well, we tried both 1.) uninstalling everything as well as 2.) disabling everything. those worked great!
As far as reinstalling everything and enabling everything, both of those options break everything.

 

/s

Share this post


Link to post
Share on other sites

Cleatus, Coming from a long long long time Enterprise customer of MBAM, this pains me but here is my current list of reasons to probably hold off on Cloud 

 

1.) Long list of issues using VPN with web detection enabled. (its broken)
2.) Cscript known bug (anti-exploit is broken)
3.) Unable to rename endpoint in console (DESKTOP-1R1CUKD.domain.local for example)(Client portion is broken)
4.) Unable to add URLs to custom/company blacklist 
5.) Unable to copy file path of detected virus in Quarantine and Detections section. (Hover only, no expand or copy)
6.) Unable to view logged on user to any domain connected endpoint.

Share this post


Link to post
Share on other sites

Mike, I'm sure your list is longer.

Continuum pulled MBAM Business Edition out of its RMM tool last month and I was really and truly hoping that this offering would work in the same fashion.

All I asked for was one location with which to attend to any malware issues on all of my clients' computers...

It seems that this product - as it stands now - is not the solution.

So I'm simply going to have to purchase licenses for the desktops, go the completely unmonitored route and check back with y'all in another year...

 

Share this post


Link to post
Share on other sites

thx for the info--if you have any more as you think of, or come across-- post em

we (were) working on going to cloud version...about 1800 of em...many on VDI/VPN, etc

Share this post


Link to post
Share on other sites

I think it's important to note i'm not, and never have, bashed MBAM. These are things we're talking about from a purely objective perspective. 

We were extremely happy on MBAM EE. The issue was the dashboard look identical all through beta and into release, so we assumed development was halted. Then we had clients on users machines that carried the same version for a year, so we figured MBAM Cloud was getting all the dev attention. Jumping ship we felt like we landed in an early Alpha product (subjective) but the features simply are not there (objective), the bugs are there in great numbers (objective) and the support is not there either (objective). 

MBAM is clearly the leader in definitions - it'll be hugely successful when it catches up in other areas. 

Share this post


Link to post
Share on other sites

@MikePahl318 MBAE is not broken, CScript launching in particular ways with homebrew apps, browser add-ons, office doc opening or printing scripts and can trigger it depending on what you are having CScript do or what calls it. If it is Explorer.exe or a browser calling it, that's a no no as that is typical exploit behavior, basically your browser has no business running command line. We will need to review your MBAE hit to give you a workaround for it. Did you have a case open for that already?

Share this post


Link to post
Share on other sites
On 2/23/2018 at 12:14 PM, Cleatus said:

thx for the info--if you have any more as you think of, or come across-- post em

we (were) working on going to cloud version...about 1800 of em...many on VDI/VPN, etc

 

15 hours ago, djacobson said:

@MikePahl318 MBAE is not broken, CScript launching in particular ways with homebrew apps, browser add-ons, office doc opening or printing scripts and can trigger it depending on what you are having CScript do or what calls it. If it is Explorer.exe or a browser calling it, that's a no no as that is typical exploit behavior, basically your browser has no business running command line. We will need to review your MBAE hit to give you a workaround for it. Did you have a case open for that already?

MBAE might not be broken (any more) but the cloud console is not production ready. We have a meeting at 2pm with our account rep to talk about features we need to see in production antimalware. A few are as follows

 

MFA
Endpoint Rename
Custom URL Blacklist
View active user
Endpoint Isolation
Can't Copy File Paths
Can't whitelist by policy
Viewing reports past 30 days
MBAM Cloud Admin Log
Business Support Forum / Portal
Poor VPN Performance
Install Errors
Easily Select Multiple Entries
No Filter in Detections
Poor Performance in RDS Environment
Clients show as offline
Console Periodic Sluggishness 
Client is installed but not showing in console
.NET False Positives
Cscript False Positives
Automated Tasks
Apply Tags
Restrict App Execution
Can't view past detection statistics
Limited Deployment Methods
Non Existent User Management
User Management based on Policy
Set Data Retention to 180 days
Fix Breach Remediation
Shortcut to generate install pckgs on dashboard
Generate install packages based on policy
Cant Sort by Group/Policy or OS in endpoints menu
Failed Scans do not give detailed explanation

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.