Jump to content

Disabling TLS < 1.2


Recommended Posts

After disabling TLS < 1.2 on Win/10 workstations, we see event logs flooded with schannel errors "error occurred while creating a TLS client credential".  It appears these are from the Malwarebytes endpoint agent attempting a TLS 1.0 connection to ec2-34-193-90-6.compute-1.amazonaws.com.  Is there any configuration change we can make to force the agent to use TLS 1.2?  Are we breaking the agent by blocking TLS 1.0?

Link to post
Share on other sites

  • 3 months later...

We're experiencing this issue as well. Through process of elimination and many different configuration scenarios, I determined the Malwarebytes agent is attempting a TLS 1.0 connection to one of your backend servers. When Schannel client support for TLS 1.0 is disabled and the MBAM agent is installed (and all other software/services are stopped or disabled) the event log is flooded with the Schannel error the OP indicated. The errors are generated every 30 seconds, like clockwork. After enabling TLS 1.0 these errors cease entirely.

The specific error appears in the "System" log:

Schannel, Event 36871
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

This issue occurs across all of our Windows 10 systems - v1809 LTSC through v21H1 (2009). Each system is properly configured for TLS 1.2 in regards to Schannel and .NET (v2.x & v4.x) following Microsoft's published guides and aided by IISCrypto by Nartac.

I'm ready to provide whatever further information you require to find a resolution to this issue - that doesn't involve enabling TLS 1.0 for the Schannel client or disabling Schannel logging or ignoring the log.

Link to post
Share on other sites

I heard back from Malwarebytes Support. The Malwarebytes engineering team is aware of this issue and are working on "deprecating the TLS 1.0 dependencies" of the product that are causing these event errors to be logged. They emphasize that TLS 1.0/1.1 is not needed for the product to "work as intended".

There's no ETA on when this will be completed. However, I'm confident they will be ultimately successful in resolving this issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.