Jump to content
bbowman

Two Major Issues w/ Endpoint Protection

Recommended Posts

I've got about 150 or so active endpoints and had been having issues off an on with MB randomly running throughout the day and slowing machines down. All our workstations are Windows 10 v. 1803 build 17134.228 and servers are Server 2012 R2 Standard.  We opened a ticket and were advised there was a known issue with the version we had that was causing this and was causing the endpoints to not receive the latest version. We were given an uninstall script to remove MB and advised to redeploy the end point agent, so we did that. 

A few days after this I realized that the End Point Agent had deployed successfully but had not installed the scanning engine. There are errors in the event log that it couldn't establish a secure connection. I only had 29 of our machines that actually had protection running. The cloud console did not give us any alerts or notify us that there was an issue, which is a MAJOR problem with that implementation. There should be warning klaxons going off every time I log in and coming to my email when the agent can't install the actual scanning engine on a machine. Support gave me the direct link it is trying to hit and I don't have any problems popping that in a browser and downloading the scanning engine, and I've manually deployed it to all my servers. 

So anyway, I have an open support case on that and haven't gotten anywhere with it but in the meantime on the machines that DO have protection the issue with them getting slowed down has returned. In fact, it's happening to me right now and about every 5th word I type there is 5-10 seconds of lag. It's also impacting my ERP server and causing that application to run slow, which is costing us serious money. I've got a ton of machines that are unprotected but if I put protection on them I'm afraid it is going to slow them down. 

Has anyone else had similar issues? Any solutions? 

Share this post


Link to post
Share on other sites

Welcome to the Malwarebytes for business forums. I want to apologize for the hurdles this far, and would like the opportunity to try and help get this resolved for you.

The endpoint agent should install without the workaround you are correct. For this, if you can please upload the logs discussed in the support case, we should be able to gain some additional insight.

As well in regards to the lag, we may be able to see that is with the process monitor logs too. 

Do you have any third party security software, any other Anti-virus in addition to Malwarebytes on the systems affected? 

 

Share this post


Link to post
Share on other sites

We have had the same issue last week. Described the same way from our users. Keyboard lag. Restarting the service seems to speed things up. It is pretty intermittent. For ourselves... these are POS machines. Very little installed. No other AV.

 

Share this post


Link to post
Share on other sites

I've submitted multiple Process Monitor logs and packet capture reports as of now, waiting to hear back from support.  MB has been running constantly at over 50% CPU utilization on my primary domain controller, so obviously that is not good. I captured procmon logs from it and submitted them and I just manually ended the process to restore the server to functionality. Very frustrating issue to continue to have, there is no other AV installed on it either, so not some kind of conflict there. The problem is our users don't have local admin so when they run into this issue they can't just restart the service or kill the process. 

Share this post


Link to post
Share on other sites
6 minutes ago, vbarytskyy said:

@bbowman

Could you PM me your Malwarebytes Cloud username (email address). I want to take a look into the issue(s) you are having.

 

Thank you

PM sent. 

Share this post


Link to post
Share on other sites

We are having the same problem with random machines exhibiting high memory and sluggish/choppy operations.  We have an open ticket as well.  We have a mix of machines XP, 7 Pro 32 and 64 bit, and Win 10 Pro, Server 2003 on up to Server 2016.

Just wanted to note that it's not an isolated incident.

Share this post


Link to post
Share on other sites

We have tickets open for both of these issues as well... just an FYI it's not isolated to you.  Looking for answers ourselves...

Share this post


Link to post
Share on other sites
35 minutes ago, Kernel009 said:

We have tickets open for both of these issues as well... just an FYI it's not isolated to you.  Looking for answers ourselves...

Thanks for letting me know. I've been continuing to work with level 2 support and hopefully we're making progress. Just to clarify, are you also having the issue with endpoints not getting updates?

Share this post


Link to post
Share on other sites

Sorry - didn't mean to post twice in a row and there was no delete option for a post that I could find :)

I haven't actually dug into updates not flowing... but I'll let you know.  One of my wishes is for a more streamlined interface with more column choices so we can for instance see what the current version of the client is so we can identify easily... and perhaps a user editable "Label" field (like Trend Micro has) to easily identify a machine when you have a cryptic naming convention (of someone else's design of course LOL).

Share this post


Link to post
Share on other sites

Hi everyone, I just started rolling out Malwarebytes trials and this thread has me concerned for obvious reasons. I know you're busy finding a resolution and hope you don't mind  me asking several questions?

How long did Mbytes work prior?

Does anyone feel installing MBytes on a server slows down network performance? 

Thank you in advance. 

Share this post


Link to post
Share on other sites
23 hours ago, WORKS2016 said:

Hi everyone, I just started rolling out Malwarebytes trials and this thread has me concerned for obvious reasons. I know you're busy finding a resolution and hope you don't mind  me asking several questions?

How long did Mbytes work prior?

Does anyone feel installing MBytes on a server slows down network performance? 

Thank you in advance. 

I've had it deployed for about a year and a half and never had problems on a server until recently. Any issues I had before we always with workstations. 

Share this post


Link to post
Share on other sites

So just to update, still don't know why endpoints are not downloading and installing the scanning agent. I downloaded it and deployed it myself with PDQ so my endpoints are protected, but I suspect the next time an update is released they are not going to get it automatically. We'll see. I haven't had any server trouble, support gave me a number of exclusions to set and that has been done. It was not happening too frequently, but it has been over a week since I had any issues so I'm hopeful that problem is resolved.

Workstations are a different story. Still seeing some performance issues there, I was experiencing them myself this morning. After any action there was a noticeable lag, especially when it came to opening a new tab in Chrome or launching a new browser window. I would see the Malwarebytes service spike in resource utilization briefly during this time and when it finished whatever it was doing the action would complete. I rebooted and haven't had any issues, but asking folks in the middle of design to reboot doesn't tend to go over well as it greatly disrupts their workflow and train of thought. I've added some exclusions to applications we use frequently on our workstations but still seeing this issue crop up from time to time. I'm going to test some more exclusions and see what happens. 

Share this post


Link to post
Share on other sites
On 9/16/2018 at 10:54 AM, WORKS2016 said:

Hi everyone, I just started rolling out Malwarebytes trials and this thread has me concerned for obvious reasons. I know you're busy finding a resolution and hope you don't mind  me asking several questions?

How long did Mbytes work prior?

Does anyone feel installing MBytes on a server slows down network performance? 

Thank you in advance. 

We had it installed on servers. Until there was an issue where it pegged the CPU at 100% awhile back. Couldn't even remote to the machines. Decided then that we would keep it off anything that critical.

Workstation performance has been on and off. Seems intermittent. However just today we had a user that said their machine was slow and unusable. We killed MB and performance was good again. (no scans running but MB was pegged at 25%) MB started back up right after and everything was fine. 

 

Share this post


Link to post
Share on other sites

We just recently deploy to 280 endpoints. We are experiencing the same problem. It has been reported by our engineering department when using ArcGIS and InfoWater. When we uninstall the Malwarebytes client, performance goes back to normal. This is not a good experience for a new customer. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.