Jump to content

Recommended Posts

hello all.

I have the Incident Response and Endpoint Protection product installed, via LGFL , at a number of my LGFL schools  and this is all working fine. However yesterday I noticed that on a number of pcs at one of these schools the “C:\programdata\malwarebytes\mbamservice” was in excess of 25Gb which is a fair chunk of data if the pc only has an ssd drive of 128Gb. The files taking up space are shown , as an example, on the screenshot below.

 

On some pcs the folder size was considerably less so I guess this is something to do with malware infections either being quarantined items or log files of some sort

.

Can  you advise what I need to do to get this folder size back to something more manageable please?

 

thank you

 

Phil Walker

malwarebytes folder.jpg

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Greetings,

Unless I am mistaken, those appear to be the temporary backup copies of the various user registry hives that get created during scans by Malwarebytes.  They're supposed to get cleaned up automatically whenever the scan completes but some issue with those particular systems such as a buggy install of Malwarebytes, some third party security tool or data monitoring/management tool, or perhaps some permissions issue may be causing them to be left behind.  You should be able to delete all of them safely (the ones named with obvious user hive profile names, i.e. the ones starting with anything like S-1-5-*) as long as a scan isn't currently running (they're probably being created during whatever scheduled scans you have configured on the endpoints) and it should be fine, though a clean uninstall/reinstall of the endpoint client software may be in order if it is a corrupt configuration issue with the software itself.  You can test by deleting the files on one of the affected endpoints, then running a scan (a manual Threat scan is fine), then check to verify that those files it creates during the scan get deleted when the scan completes.  If they do not, then whatever is causing the issue must still be present.

I hope this helps.  Please let us know how it goes.

Thanks

Link to post
Share on other sites

thank you for the response - that is what I was expecting (i.e. temp files that I can delete) so I will give a test when I am next in the school and post a response then. May not be until next week but I will also check my other schools in the meantime. thanks again. Phil

Link to post
Share on other sites

Excellent, just for reference this is a behavior we've seen occasionally in the past on some systems, but to my knowledge no specific bug or culprit/cause was ever identified so my personal suspicion is that it is most likely either related to permissions or simply a corrupt installation of Malwarebytes and hopefully a fresh install of Malwarebytes will fix it.  Hopefully the solution will be as simple in your case.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.