Re: Malware Bytes went rogue


Steve Matzura
 

This is exactly what happened to me yesterday, although it wasn't anything to do with a browser that drove my system nuts. Thanks for posting this.


On 1/28/2018 7:02 AM, john s wrote:
Yesterday, my wife and I had problems with our systems and I thought I would pass this information along in case anyone else had problems.  The culprit was Malware Buytes.  Our systems were sluggish almost to the point that we couldn't use them.  Mine straightened out on it's own but my wife had to to into safe mode and uninstall the program.  Here is some information from Malware Bytes.

 Topic Starter
Marcin

RubbeR DuckY  
Root Admin
4,233 posts
Report post  
 
 #1
Posted 5 hours ago (edited)
Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it.
If the update does not resolve the issue automatically for you, please shut down web protection, check for protection updates, and restart your computer.
The root cause of the issue was a malformed protection update that the client couldn't process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.
We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again.
I am personally available to discuss both on this forum via personal message or at mkleczynski@...
Â
*** How to resolve / verify you have the fixed update package ***
Malwarebytes 3
Update package version 1.0.3803 (Malwarebytes 3) or v2018.01.27.12 (Malwarebytes 2.x) or higher contains the fix
Open Malwarebytes
Turn OFF web protection by Clicking on “settingsâ€, click to turn web protection OFF
Under Scan Status (right side), click next to “Updates†to have Malwarebytes download the latest database
Restart PC (Note it may take up to 2 restarts after the update to stabilize the system)
To confirm that you are on the latest database please follow the steps below:
Open Malwarebytes
Click on Settings
Click on the About tab
Next to “Update package version†if you see version 1.0.3803 or higher you are on the latest database which addresses the issue.
Â
Malwarebytes Endpoint Security (on-premises)
First step to get the update is to disable the real-time protection. To do this in the Management console:
Open up the policy the clients are on and go to the protection tab.
From here, disable the ‘enable protection module’ option.
Once this is done click OK. When your clients check in they will get this new policy update.
Once real-time is protection is disabled and your clients can communicate, highlight the endpoints on the client screen and click the update database button at the top.
After the update is applied, a reboot of the machine may be required.
Note: If your client cannot resolve internal addressing, then re-installing the agent manually on the machine will need to be done. The client will not be able to reach out to the server for a policy update and will never be able to turn off the real-time protection.
Â
Malwarebytes Endpoint Protection (cloud)
From the Malwarebytes Cloud console, go to the endpoints pane and select all the endpoints.
In the action drop-down, choose the ‘check for protection updates’ option to force an update on all endpoints to database update 1.0.3803 or higher.
This should fix the problem for the vast majority of Endpoint Protection endpoints. If endpoints are still affected after applying this, please reboot the machine.
If the remote agent is unable to reach out and get this update, then we must disable the web protection:
In the Malwarebytes Cloud console, Go to the settings> policies> and open up the policy the clients are on.
From here, go to the endpoint protection policy and turn off the “Web Protection†portion of the policy. Then:
If the machine is unresponsive, reboot the machine and log in.
Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.
Once updated, cancel the scan and reboot the machine.
When the computers are all online and updated, please turn back on the web protection again in the Endpoint Policy.
If the above doesn’t resolve the issue, please reach out to support at corporate-support@...



                 John


Join main@TechTalk.groups.io to automatically receive all group messages.