Endpoint Security , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Malwarebytes Users Battle Botched Protections Update

Bad Update Results in High Memory Usage, Blocked Sites and Crashing
Malwarebytes Users Battle Botched Protections Update
Malwarebytes software console showing the web protection feature.

Many Malwarebytes users had a busy weekend after a Saturday software update led their Windows systems to experience "out of memory" errors, high memory usage and, in some cases, crashing.

See Also: Break the Attack Chain with XDR

On Sunday, Malwarebytes pushed a fix for the problem. "The root cause of the issue was a malformed protection update that the client couldn't process correctly," Malwarebytes says in a security alert. "We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines and will work to ensure that this does not happen again."

The company says four of its products were affected:

  • Malwarebytes for Windows Premium;
  • Malwarebytes for Windows Premium Trial;
  • Malwarebytes Endpoint Security (MBES);
  • Malwarebytes Endpoint Protection (Cloud Console).

The security software company has now issued guidance for consumer users, as well as separate recommendations for on-premises and cloud-based product corporate users, so they can recover their systems and install a version of its updates that doesn't cause system instability.

Guidance from Malwarebytes for Malwarebytes Cloud Console users affected by the bad protection update.

Malwarebytes says anyone who didn't use their endpoint from Friday until after 11 am U.S. Pacific Time on Saturday will not have downloaded the faulty protection update.

Out-of-Memory Errors

One retail business owner in Scotland who uses Malwarebytes tells Information Security Media Group that the first signs of trouble came when his store's Windows PCs began reporting "out of memory" errors near the end of Saturday business hours. Thankfully, the systems, which handle point-of-sale transactions, could still be used for card payments. But the errors meant that the store lost real-time visibility into transactions.

The business owner says he took to Twitter to attempt to figure out what might be wrong, noting that the Malwarebytes Twitter feed, unhelpfully, hadn't pinned its security alert to the top of its Twitter feed.

But he says he located a blog post from Malwarebytes explaining the problem and how to resolve it, which began by disabling the software's web protection feature. "It advised through a blog post to go into the dashboard, switch off web protection, download the patch and reinstall the software" he says. "But you had to reboot the system two to three times to clear everything out."

Another Malwarebytes user, posting to the company's forums, also reported seeing unexpectedly high memory usage. "I spent a ton of time earlier trying to fix this," the user posted on Sunday. "First real time protection off, and then the memory usage at 95 percent so it was freezing my system. Nice to read it now, wish there was something earlier."

Malwarebytes Apologizes

Malwarebytes has apologized for the bungled update. "All our updates go through rigorous internal testing, note our team is investigating what happened and will inform you," the company tweets. "We're sorry for any inconvenience this caused."

The security firm says the bungled update began with protection update version 1.0.3798, released Saturday for all versions of Malwarebytes for Windows.

"As endpoints updated to this release, customers noticed their machines were reporting many internet block notifications and a sudden large increase in RAM usage," the company says, adding that its customer service team immediately notified its engineering and research groups, which began investigating and quickly disabled the security update to try and limit the problem.

"A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs," Malwarebytes says.

The security firm says the problem was present in its protection updates, versions 1.0.3798 thru v1.0.3802 - or for MBES customers, v2018.01.27.03 through v2018.01.27.11. The problem was resolved with the release of protection update v1.0.3803, or for MBES customers, v2018.01.27.12.

Malwarebytes says its investigation into the flubbed update "will result in identification and implementation of changes to the release process of these detections, specifically - but not limited to - stricter verification and validation of detection syntax and scope."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.