Premium account license key entry when internet connection not allowed

[UnCreativeDisplayName]

Our has business has a large number of Malwarebytes premium accounts. We have some computers that do not have internet access. How do we add the license key to those computers and how do we manually update them with new MB data, when its available? We have searched the forums and all info we have come across seems to require an internet connection. These computers will never be connected to internet. But files can be placed on them. We want to keep protection up to date.

[Porthos]

1 hour ago, UnCreativeDisplayName said:

These computers will never be connected to internet. But files can be placed on them. We want to keep protection up to date.

Malwarebytes is basically useless and unneeded if the computers are not connected to the web.

What threats are you attempting to protect the non connected computers from?

[exile360]

Just to add, Malwarebytes also uses cloud detection components as part of its heuristics which also requires connectivity to the internet and it also won't be able to activate its license and keep it active without an internet connection unfortunately.

I will send feedback to the Product team to consider a solution for customers using similar configurations where one or more endpoints does not connect to the internet but still requires protection and hopefully the Developers can come up with a solution.

Edited October 25, 2019 by exile360

[UnCreativeDisplayName]

@exile360 Thank you. Frustrating for our team as we like the product. Obviously we'd like to protect these machines from anything sneaking on them via file xfer, whether intentionally or not. In the mean time, sounds like we will have to check out another product.

[Porthos]

13 minutes ago, UnCreativeDisplayName said:

Obviously we'd like to protect these machines from anything sneaking on them via file xfer, whether intentionally or not.

Malwarebytes strength is protecting computer from online threats. Static file scanning is not as robust. The key is blocking the live infection before it reaches the computer. Also MB detects on execution not by just looking at a file in a folder with out actually scanning the file manually. 

Malwarebytes also updates SEVERAL times in a 24 hr period and that is why update checks are hourly by default.  It would be impossible to keep up with those updates manually off line.

[Firefox]

Just to add...

If you are using Malwarebytes Endpoint Protection (business version) I would assume that the server running the Malwarebytes console would have access to the internet, download the updates and push it to the endpoints.

Are these computers your talking about isolated and not networked at all?

[UnCreativeDisplayName]

@firefox Yes, this network's requirement is complete isolation.

[Firefox]

On 10/25/2019 at 4:38 PM, UnCreativeDisplayName said:

@firefox Yes, this network's requirement is complete isolation.

Thanks for the clarification. I suggest to contact the business support and find out if they support off-line updates. I am not to familiar with the business version at this time.

[AdvancedSetup]

Any computer that is fully isolated from both internal and external networks pretty much only has a potential threat from Optical Media (extremely unlikely attack vector), Floppy Disk (again very unlikely attack vector in 2019) which pretty much only leaves USB as a potential threat vector. As an Enterprise Admin for over 20 years, in my opinion you should disable USB on these systems if possible which would remove the threat vector. Regardless of what product you try to use nowadays they all need to get updates either from an internal network or the Internet.

Safely controlling USB should help protect these systems. I might also add that there is imaging software both paid and free and it might be in the best interest of the company to image the systems in question so as to preserve current states.

 

[kashmiri]

On 10/28/2019 at 6:55 PM, AdvancedSetup said:

Any computer that is fully isolated from both internal and external networks pretty much only has a potential threat from Optical Media (extremely unlikely attack vector), Floppy Disk (again very unlikely attack vector in 2019) which pretty much only leaves USB as a potential threat vector. As an Enterprise Admin for over 20 years, in my opinion you should disable USB on these systems if possible which would remove the threat vector. Regardless of what product you try to use nowadays they all need to get updates either from an internal network or the Internet.

Nope. Imagine, for instance, a vast network of computers used by state embassies for messaging between each others across the world. The computers and the entire are never connected to the Internet. However, all computers need protection in case someone distributed a malicious file via messaging. It makes little sense to suggest disabling USBs, and so on - because it cannot be exluded that a malicious actor somewhere on the network would not bypass the restrictions. Each endpoint of the network must have independent, real-time protection.

Now, can MBAM do that?

k

[AdvancedSetup]

I'd find the details a bit lacking as even at the State and Federal level there are few 100% private networks that  do not somehow take advantage of the Internet in some form or fashion. Most use private networks that ride on top of the Internet backbone when they need to have Global private support. So, the typical user would not have any way to access that network, but it's still not truly a privately built network. Also, it is almost certainly managed by some type of Squid or possibly even proprietary management system. Locking them down to just some type of messaging protocol is certainly up to the business/State. However, I'm not aware of any antivirus product Worldwide that will use a messaging protocol to update machines. If you do find a product though please let me know so that I'm at least aware.

If you'd care to provide real honest details about the network, even if you opened a support ticket we might be able to assist. But with the currently provided information I'm not aware of any product that meets your requirement, but then again I've not researched such a need in my 30+ years as a Network Admin.

Thank you for your follow up

Ron

 

 

 

[UnCreativeDisplayName]

16 hours ago, AdvancedSetup said:

I'd find the details a bit lacking as even at the State and Federal level there are few 100% private networks that  do not somehow take advantage of the Internet in some form or fashion.

Actually, at the Federal level there are a very large number small networks, where it is mandated that no internet access exist for those private networks. "Sneaker Net" reigns, unfortunately. All updates are via hand-carried CD/DVD to the private server.

[AdvancedSetup]

That is protocol lock down and not due to technology, but I can fully understand the need and purpose. As I said to Kashmiri - there is no product I'm aware of that would use messaging to update their product. When/Where/Why/How a network connects and what protocols they use, etc. is up to business. We even have updates performed on submarines but it's not real time. You can use your own internal server for updates but if you're locking that down too then I'm not sure how you'd expect any product to be able to perform updates and Sneaker Net would continue to be the only way. I would suggest though that updating from an internal server would not pose any type of outside threat so not sure why your IT Department would object to that. We have many customers that run updates from within their own local networks and fully under their control.

 

 

[UnCreativeDisplayName]

Apologies, for not being more clear, but Im not looking for real-time updates. I am looking for the ability to grab the most up-to-date protections defs, etc... and hand carry them to the private network and update MB, as mandated to me. I appreciate that MB has such a quality protocol for an internet-connected machine or server. Its my own use-of/expereince-with MB on an internet-connected system that gave me the idea to try an alternate product. 

I was simply hoping for the ability to access a snap-shot of 'that moments' real-time protection and move it to the private network. 

[AdvancedSetup]

Unfortunately we no longer provide just "rules" updates as we did a couple of years back. We do make daily builds of the full program which does have the latest rules but the size as you can imagine is big. There is discussions about bringing back the offline rules update but nothing approved, just discussion for the need.

 

[exile360]

Yeah, it's a bit trickier now I suspect with so many new modules/components added and the large number of separate databases for them as well as separate databases for different classifications of threats/types of detections, not to mention all the config data that tends to be pretty 'touchy' to say the least (this is the reason manually updating offline by copying files over doesn't work because configuration/data files are tied to the date, time and specific system they are installed on which breaks portability, at least the last time I checked this is how it was).  Perhaps an option for business customers to maybe install Malwarebytes on a single server and export a rules/database package that they can then use to install on their endpoints to update them would be a viable option.  It prevents abuse of licensing etc. while still providing a solution for environments like this that are network restricted.  It could even be used to deploy policy/configuration updates so that the IT/Sysadmin for the organization could deploy any policy/settings changes to their endpoints along with database updates.  Obviously something like that would require a lot of work, but it's just a thought I had.

[UnCreativeDisplayName]

22 minutes ago, exile360 said:

Perhaps an option for business customers to maybe install Malwarebytes on a single server and export a rules/database package that they can then use to install on their endpoints to update them would be a viable option.  It prevents abuse of licensing etc. while still providing a solution for environments like this that are network restricted.

I like this direction...Like I mentioned earlier: "...at the Federal level there are a very large number small networks, where it is mandated that no internet access exist for those private networks. "Sneaker Net" reigns, unfortunately..."

[Maurice Naggar]

Hello.

You indicated you are in a business setting, using a network.  Please be very sure that you check with Business support about your needs.

https://support.malwarebytes.com/community/contactsupport/pages/business-support

Scroll down to create a ticket with Business Support

[UnCreativeDisplayName]

2 hours ago, Maurice Naggar said:

You indicated you are in a business setting, using a network.  Please be very sure that you check with Business support about your needs.

Not sure why...Seems like we had a quality discussion here. Maybe you could simply forward this info to Biz support? Thanks again for all the info.

[AdvancedSetup]

I've moved the topic to the business section but for more detailed information and requirements you'd really want to contact Sales to discuss in detail what offerings they have. Most of us here on the Forums have very little experience with the business product offerings.

Thank you

Ron