Business Products Release History
A complete history of product changes, updates, and fixes.
Malwarebytes Cloud Platform
November 29, 2018
New Features:
- Malwarebytes cloud console now features new user experience improvements for the Exclusions page along with enhanced capabilities. This provides administrators with visibility into exclusion status and enables them to temporarily disable exclusions—saving the previous effort and time spent permanently deleting the exclusion for testing purposes.
- In a single view, administrators can see whether an exclusion is enabled, the name, the exclusion type, the admin user who last updated it, when it was updated, and the protection technology layers applied to that exclusion.
- Exclusions were globally applied across all of our layers of protection technology. Now, you can control which layers the exclusion will be applied to and visually see at a glance which layers have been affected via icons in the “Applied To” column on the Exclusions page. Additionally, you can add an optional comment or description for the exclusion.
- Added ability to automatically exclude commonly detected potentially unwanted modifications(PUMs). Malwarebytes detects Windows registry changes caused by common Group Policy Objects as PUMs. Enabling this feature automatically excludes 18 registry keys. This ensures our protection capabilities do not interfere with common business applications or operating practices.
- Added an endpoint interface option that, when enabled, places shortcuts in the Start Menu and on the Windows desktop of the end-user’s computer. This empowers your users with additional methods to run Threat Scans on their Windows device:
- [For Malwarebytes Endpoint Protection and Response only]: Added an aggressive detection mode policy option for Suspicious Activity. This setting is ideal for businesses with an extremely conservative security posture. We recommend administrators only enable this setting for their most sensitive endpoints.
Improvements:
- [For Malwarebytes Endpoint Protection and Response only] Customers with Syslog Logging enabled, Suspicious Activity detections will now be included in your syslog messages
- Changed our unmonitored email address from no-reply@cloud.malwarebytes.com to do_not_reply@cloud.malwarebytes.com to reduce the chance of Malwarebytes cloud console emails being flagged as spam
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
- Fixed: The Deployment and Discovery tool would throw a 504 error when importing Active Directory groups that contained a large number of endpoints
- Fixed: Some temporary files were being left behind after installation or endpoint agent updates
- Fixed: Customers with large number of endpoints were unable to sort by “Last Seen At” on the Manage Endpoints page
- Fixed: In some cases, when a reboot prompt is shown, the reboot timer sometimes reset with a 1-minute countdown
Known Issues:
- Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
- Modal windows are showing an unnecessary scroll bar
- [For Malwarebytes Endpoint Protection for Mac only]: Scan History tab does not get information populated if Threat Scan does not detect any threats
- [For Malwarebytes Endpoint Protection for Mac only]: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- All Malwarebytes scans will inspect archived files regardless of the policy setting
- When administrators reboot endpoints from the cloud console, if the initial reboot task has not completed subsequent reboot commands are queued rather than replacing the initial reboot command (this would result in multiple reboots executing)
- When administrator chooses “Restart Immediately” option in the Restart Options dialog, end users are still allowed to postpone the reboot even though the “Allow user to postpone“ option is grayed out. Current workaround involves selecting the “Restart in ___ minutes” radio button, unchecking the “Allow user to postpone” checkbox, then select the “Restart Immediately” radio button and click the blue Restart button
- Clicking on the Remediate button causes the Remediation Required indicator to lose its badge on hover and on click behavior—nothing happens on click (should give you the option to view details) and nothing happens on hover (should show “Remediation Pending”). This issue is resolved by refreshing the browser
- Memory and storage objects in endpoint properties are not visible until the page is refreshed
- The Endpoint Agent can fail to initialize when using the GROUP ID parameter that has an incorrect format
- [For Malwarebytes Endpoint Protection for Mac only]: Check for Protection Updates action does not update “Last Refreshed” on first run
October 18, 2018
New Features:
- Malwarebytes cloud console now features endpoint status icons in the Manage Endpoints page. This allows administrators to take immediate action by clicking directly on the icons. You can see when an endpoint restart is needed, if remediation is required, or if any suspicious activity is detected on that endpoint (for Malwarebytes Endpoint Protection and Response)
- Hovering over an icon provides additional info, and clicking on the icon presents specific actions you can take
- Endpoint status icons are also displayed when viewing the details of an individually selected endpoint
Improvements:
- [For Malwarebytes Endpoint Protection and Response only]: Updated the Suspicious Activity Details page to display an expanded set of rules triggered when making cloud sandbox detections. This provides administrators with greater context of why a cloud sandbox detection was made on a suspicious file or process
- [For Malwarebytes Endpoint Protection and Response only]: Updated the Process Graph details pane. This allows administrators to click on Activities links and see specific file operation details, including File Rename, File Write, Set Security, Registry Set Value, Net Connect Inbound, and Net Connect Outbound activities
- [For Malwarebytes Endpoint Protection and Response only]: Granular Endpoint Isolation is now supported for Windows Server 2008 R2, Server 2012 R2, and Server 2016 allowing businesses to remotely isolate servers for further investigation
- [For Malwarebytes Endpoint Protection and Response only]: Updated the Remove Endpoint Isolation notice to specify the endpoint name
- Added capability for end users to enable/disable debug logging from the tray icon using ctrl + right click, and via command line
- Updated endpoint agent to support macOS Mojave 10.14
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – BSOD with SamSam ramsomware variant on Windows10x86
- Fixed: Not cleaning up all temp files in c:\Windows\Temp
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – Some suspicious activities viewed in Process Graph returned Error 500 and other general improvements needed
- Fixed: [For Malwarebytes Endpoint Protection for Mac only] – Error appearing in logs: ERROR WebServiceStore: remove: request.guid=…
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – Yes button in the dialog box for Lock icon status indicator doesn’t work
- Fixed: [For Malwarebytes Endpoint Protection for Mac only] – Endpoint Agent does not report update_package_version on fresh Endpoint Protection install
Known Issues:
- Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
- Modal windows are showing an unnecessary scroll bar
- [For Malwarebytes Endpoint Protection and Response only]: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
- [For Malwarebytes Endpoint Protection for Mac only]: Scan History tab does not get information populated if Threat Scan does not detect any threats
- [For Malwarebytes Endpoint Protection for Mac only]: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- All Malwarebytes scans will inspect archived files regardless of the policy setting
- In some cases, when a reboot prompt is shown, the reboot timer may reset with a 1-minute countdown
- When administrators reboot endpoints from the cloud console, if the initial reboot task has not completed subsequent reboot commands are queued rather than replacing the initial reboot command (this would result in multiple reboots executing)
- When administrator chooses “Restart Immediately” option in the Restart Options dialog, end users are still allowed to postpone the reboot even though the “Allow user to postpone” option is grayed out. Current workaround involves selecting the “Restart in ___ minutes” radio button, unchecking the “Allow user to postpone” checkbox, then select the “Restart Immediately” radio button and click the blue Restart button
- Clicking on the Remediate button causes the Remediation Required indicator to lose its badge on hover and on click behavior— nothing happens on click (should give you the option to view details) and nothing happens on hover (should show “Remediation Pending”). This issue is resolved by refreshing the browser
- Memory and storage objects in endpoint properties are not visible until the page is refreshed
September 13, 2018
New Features:
- None
Improvements:
- Malwarebytes Endpoint Protection and Response only] Added granular Endpoint Isolation options, enabling administrators to specify one or more isolation methods to be applied to the selected endpoint. By default, all three isolation types will be selected.
- Added Malwarebytes AdwCleaner for use and download from the “Add Endpoints” page within the cloud console. Please note this is an unmanaged solution
- Added capability to use shift key + mouse click to select ranges of items for tables that allow batch actions
- Updated Malwarebytes tray icon so that end users who are permitted by policy to initiate scans can bring their minimized scan progress window back into focus by simply double-clicking on the Malwarebytes tray icon
- Changed the Malwarebytes Self-Protection Module so it’s enabled by default for all new customer accounts.This setting controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. Enabling this setting introduces a one-time delay as the Self-Protection Module is enabled. While not a negative, the delay may be considered undesirable by some end users. We strongly recommend existing customers enable this setting in their security policies.
- Added a loading spinner animation while paginating through large sets of data
- Removed Anti-Exploit shield from Chrome due to Google’s new policy against code injection into Chrome.
- Extended the timeout toggle for “Remote Assistance” to 4 hours
- Updated Syslog Communication feature so that the designated endpoint cannot be uninstalled using the Deployment & Discovery tool unless it’s first unselected within the Syslog Communication setting. This prevents administrators from inadvertently losing syslog messages. Before removing an endpoint, Malwarebytes cloud administrators will need to first disable Syslog Communication in the console or promote a different endpoint
- Fixed: Malwarebytes Single Sign-On settings page styling and page scroll
- Fixed: Read Only users can log into the Deployment & Discovery tool
- Fixed: Could not edit a user’s email address if the user account has not been verified
- Fixed: After Endpoint Agent upgrades, some .zip files under …\windows\temp are not deleted
- Fixed: Filter options on the Endpoints and Detections pages are sometimes cut off abruptly
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – Several bugs were impacting administrator’s experience interacting with the Process Graph feature
- Fixed: [For Malwarebytes Endpoint Protection and Response only] – Reset the network adapter on the endpoint to enforce network isolation
- Fixed: For Mac endpoints, the “Check for Protection Update” action does not update the “Last Refreshed” attribute on first run
- Fixed: Endpoints could not be moved to a different group when selected using the “Select All” checkbox
- Fixed: Windows Server 2008 scans can crash when scanning .lmk files
- Fixed: User Verified account notifications are not getting emailed to administrators
- Fixed: Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off
- Fixed: [For Malwarebytes Endpoint Protection for Mac only]: Scans are occurring every hour, regardless of what the scheduled scan interval is set to
Known Issues:
- Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
- Modal windows are showing an unnecessary scroll bar
- [For Malwarebytes Endpoint Protection and Response only]: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
- [For Malwarebytes Endpoint Protection for Mac only]: Scan History tab does not get information populated if Threat Scan does not detect any threats
- [For Malwarebytes Endpoint Protection for Mac only]: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- [For Malwarebytes Endpoint Protection for Mac only]: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install
August 16, 2018
New Features:
- Added role-based access control (RBAC).
- Added support for single sign-on (SSO) with SAML 2.0 identity providers (including Okta, OneLogin, and Azure).
- Discovery and Deployment (D&D) Tool has been updated with Active Directory (AD)
- Added New advanced deployment option: custom Group installation parameter.
- Added Process Graph (For Malwarebytes Endpoint Protection and Response only)
Improvements:
- Quarantined items for endpoints which have been deleted/uninstalled will no longer persist in the web console
- Malwarebytes Endpoint Protection and Response now supports Windows 7 platforms
- Added support for Mac end users to easily generate diagnostic logs by using Control + Click on the Malwarebytes icon
- Updated Policy label format to be consistent
- Some customer environments require additional time starting system services on boot
- Fixed: Pagination would sometimes display negative counts
- Fixed: Free memory is incorrectly reported for Mac endpoints
- Fixed: The Deployment and Discovery tool shows installation success when the installation fails due to needed .NET upgrade
- Fixed: Some users are not receiving all of their daily scheduled reports
- Fixed: If the Endpoint Agent service has to wait too long for other system services to start, Windows kills it
- Fixed: Discovery and Deployment tool doesn’t show more than 1000 results when AD scan is used
Known Issues:
- Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied
- User Verified account notifications are not getting emailed to administrators
- Windows Server 2008 scans can crash when scanning .lmk files
- Sysprep can fail to run with Self-Protection enabled in the policy
- Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off
- Modal windows are showing an unnecessary scroll bar
- Malwarebytes Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
- Malwarebytes Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
- Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- Malwarebytes Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install
July 19, 2018
New Features:
- Added easy access to contextual threat information. When viewing detection details, an administrator can click on the detection name (which opens a new browser tab to a Malwarebytes Labs resource) to gain additional background and insights on the threat
Improvements:
- Relocated the “Add Endpoints” link to a new dedicated page in the main navigation of cloud console
- Added new link to the Malwarebytes Business Support webpage – administrators can access it by clicking on their logged-in user name in the top right corner of the cloud console
- Renamed “My Account” page to “Profile” to reduce confusion with the Malwarebytes My Account customer account platform
- Added the license key for subscribed products to the License Information tab within the user’s Profile page
- Added capability for Endpoint Agent plugins to resume downloading if interrupted – beneficial for customers with very slow Internet connections
- Added the administrator’s IP address within User Invited events when new users are added to the console
- Added new event types for Endpoint Remediation Success and Endpoint Rollback Success for Malwarebytes Endpoint Protection and Response
- Addressed anti-ransomware technology issues for Windows Server and will be enabled based on Policy setting
- Updated Syslog Logging feature so that when an administrator adds, removes, disables, or enables the Syslog Communication Endpoint it will now create an Event
- Table headers now remain visible when scrolling down on paginated pages
- Improved header messaging that appears when selecting multiple items in a table (e.g., Manage Endpoints, Quarantine)
- Improved validation for Policy form fields
- Changed “Ransomware Protection” label in Policy Settings to “Behavior Protection”
- Improved Detections page so that Location ellipses will truncate the middle portion of the path
- Fixed: The Endpoint Agent emitted excessive errors to the Windows log when an excluded file path did not exist on an endpoint
- Fixed: Endpoint Protection for Mac – If a scan was triggered imminently after endpoint agent installation but before the Endpoint Protection plugin was fully installed and loaded, the agent would be stuck in a “busy” state
- Fixed: Endpoint Protection for Mac – Scheduled scans are no longer triggered incorrectly
- Fixed: Endpoint Protection for Mac – Now sends up Agent Information
- Fixed: Endpoint Protection for Mac – Protection Updates version was reporting SDK version instead of DB version in Scan History, was not reporting in Endpoint Details
- Fixed: Endpoint Protection for Mac – Non-administrative users are now able to interact with the tray icon
- Fixed: Endpoint Protection for Mac – User interface now stays minimized during on-demand scans if initiated from endpoint
- Fixed: Endpoint Protection for Mac – Endpoint Protection plugin will no longer get stuck in “busy” state if a scan is triggered immediately after startup
- Fixed: Endpoint Protection for Mac – Free Physical memory is being reported as “0” in the Overview tab of Endpoint Properties
Known Issues:
- User Verified account notifications are not getting emailed to administrators
- Windows Server 2008 scans can crash when scanning .lmk files
- Sysprep can fail to run with Self-Protection enabled in the policy
- Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off
- Modal windows are showing an unnecessary scroll bar
- Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”
- Endpoint protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
- Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install
June 21, 2018
New Product Announcement: Malwarebytes Endpoint Protection and Response
Endpoint Protection and Response is our new easy-to-use solution that allows you to extend your existing Malwarebytes Endpoint Protection with new endpoint detection and response (EDR) capabilities. Purchase of Endpoint Protection and Response enables the following features and changes within the cloud management console:Flight Recorder – Continuously monitors and stores endpoint events in the cloud. Administrators can track file system events, network connections, process events and registry activities, and can view full command line details of executed processes on the endpoint. Automatically displays suspicious activity in cloud console. Flight Recorder is enabled via policy setting.Endpoint Isolation – Provides administrators with the ability to isolate or remove isolation from one or more endpoints. Endpoint Isolation locks down the desktop, network activity, and process activity. When isolation is activated, a pre-defined message is displayed on the end-user’s machine until isolation is removed. Endpoint Isolation is enabled via policy setting.Ransomware Rollback – Leverages just-in-time backups to provide administrators with the capability to roll back changes and restore files that were encrypted, deleted, or modified in an attack for up to 72 hours (default 48 hours). Administrators can expand protection by adjusting two options that trade off disk space for additional storage—rollback time and maximum file size. Ransomware Rollback is enabled via policy setting.Added two new tiles to the cloud console Dashboard page:
- Suspicious Activity detections over the past 24 hours
- Top 10 Suspicious Activity rules that have been triggered in the past 24 hours
Added Suspicious Activity page to the cloud console which displays suspicious activities on endpoints across the network. Administrators can see the location, severity, affected endpoint, status, date and time, the detection rules that triggered for the detection verdict, and available actions—including the ability to view additional details, remediate/rollback an item, or mark an item as a false positive.Added Suspicious Activity tab on the Endpoints Properties page which shows all suspicious activity detections specific to that endpoint with location, severity, status, date and time, detection rules that triggered, and available actions (view additional details, remediate/rollback, mark as a false positive).Added Suspicious Activity Details page, allowing administrators to drill down to a specific detection to view additional details such as child processes and the detection rules triggered.Added notifications for high severity Suspicious Activity detectionsAdded ability for administrators to manually mark a Suspicious Activity item as a false positive and add it to the exclusions list or reverse this and mark a false positive as a Suspicious Activity (and remove it from the exclusion list)New status indicators in the cloud console Endpoints page show administrators which endpoints have suspicious activity and which endpoints are isolated
New Features:
- Added capability for Endpoint Agent diagnostic logs to be easily generated from the endpoint. An end-user can hold the CTRL button while right-clicking on the Malwarebytes tray icon, producing a new menu to appear with an option to “Generate Diagnostic Logs”. The logs will be available as a zip file on the user’s desktop when complete.
Improvements
- Improved new Malwarebytes cloud accounts so their installers will be imminently available (prior to this, it could take up to 10 minutes for the installers to be available for a new Malwarebytes cloud account)
- Added mb-clean-results.txt to the diagnostic log package
- Added dbupdate.log and Mb_setup.log to the diagnostic log package
- Fixed: Some pagination drop-down elements were unnecessarily wide in appearance
- Fixed: Sometimes users received multiple website Real-Time Protection block notifications when a block event occurred
- Fixed: Some customers reported that upon boot, their users would be loaded into a temporary profile. This was due to MBCloudEA.exe opening NTUSER.DAT with sharemode set to none
Known Issues
- Endpoint Protection for Mac: Scheduled scans could be triggered incorrectly
- Endpoint Protection for Mac: Is not sending up Agent Information
- Endpoint Protection for Mac: Protection Updates version is reporting SDK version instead of DB version in Scan History, not reporting in Endpoint Details
- Endpoint Protection for Mac: User interface does not stay minimized during on-demand scans if initiated from endpoint
- Endpoint Protection for Mac: Non-administrative users are unable to interact with the tray icon
- Endpoint Protection for Mac: Free Physical memory is being reported as “0” in the Overview tab of Endpoint Properties
- Endpoint protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats
- Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale
- Endpoint Protection for Mac: Endpoint Protection plugin stuck in “busy” state if a scan is triggered immediately after startup
- Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install
April 12, 2018
New Features
- Added Syslog support. Now the Malwarebytes cloud console can transmit detections with Syslog servers and SIEM solutions capable of receiving Syslog messages. This allows organizations to centralize Malwarebytes’ threat detections with their existing threat data. All of this is accomplished without the need to install any additional software. Administrators can enable Syslog support by clicking on the Settings tab in the cloud console, select Syslog Logging, and then pick an existing Windows endpoint to be the communication proxy. Syslog Settings include specifying the IP address/host, port, and protocol along with options for message severity and communication interval (default 5 minutes).
Improvements
- Updated and redesigned Policies page to improve usability and match ongoing UI improvements. Policy settings are now feature-based vs. product-based.
- Updated Policies page to inform Malwarebytes Incident Response customers of features available with Malwarebytes Endpoint Protection.
- Enhanced Detection notification emails to include additional information about detections
- Events are now recorded for Scheduled Scans, regardless if the scans were successful or failed
- Added text field validation (character count) in Policies for custom reboot messages
- Improved pagination performance for organizations with thousands of paginated pages of data
- Fixed: Tray icon would not appear for some users of Terminal Services
- Fixed: When a modal dialogue was open and an automatic log-out occurred, the modal was still visible
- Fixed: Some administrators were receiving their scheduled reports twice
- Fixed: Advanced Anti-Exploit settings dialog was saving changes even when the dialog was dismissed or canceled
- Fixed: Upon logging into the console, a large number of “Unable to retrieve one or more dashboard data summaries” errors were displayed
- Malwarebytes Endpoint Protection for Mac: Not sending up Agent Information
Known Issues
- The tray icon is not visible for the builtin\Administrator user on Windows platforms
- Malwarebytes Endpoint Protection for Mac: Non-administrative users are unable to interact with the tray icon
- Malwarebytes Endpoint Protection for Mac: Scheduled scans can be triggered incorrectly
- Malwarebytes Endpoint Protection for Mac: For scans initiated from the endpoint, the cancel button loses focus
- Malwarebytes Endpoint protection for Mac: Scan History tab does not get information populated if threat scan does not detect any threats
- Malwarebytes Endpoint Protection for Mac: Shows enabled/disabled notification even if tray icon is not present
- Malwarebytes Endpoint Protection for Mac: Protection update version is reporting SDK version instead of DB version in Scan History, not reporting in Endpoint Details
- Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints is in GMT and not the web browser’s locale
- Malwarebytes Endpoint Protection for Mac: Free Physical memory is being reported as “0” in the Overview tab of Endpoint Properties
March 8, 2018
New Features
- Added macOS support for Malwarebytes Endpoint Protection. Now businesses can centrally deploy and manage Malwarebytes Endpoint Protection across all of their Windows and macOS endpoints. Administrators can apply real-time protection via policy setting and perform manual on-demand scans and schedule automated threat scans of macOS endpoints — all from the cloud console
- Added option within policy setting that allows Mac end users to initiate on-demand scans
- Added a “Seats in Use” counter to the License Information tab of the My Account section of the cloud console. Together with Term type (Evaluation or Subscription), Seat Count, Status (Active, Grace, Expired), and Expiration Date — administrators now can see how many seats are being used toward their subscription license
- Added hourly scan options for scheduled scans. This allows businesses to scan more often than just daily or weekly to detect threats and reduce potential threat dwell time
Improvements
- Updated the Endpoint Properties page and My Account section of the cloud console with horizontal tabs to match ongoing UI improvements
- Added Endpoint Protection Protection Update version to the Asset reports
- Updated Reboot Options in policy setting so they now apply to installation, updates, uninstallation, and detection removal
- Updated Threat Cleaned email notification to include “Scan Type”, a deep link to the Scan Report, and a deep link to the Group that the endpoint belongs to
- Updated and reorganized the Add Endpoint page (within Endpoints tab) to the new UI look and feel
- Replaced scrolling records throughout the cloud console with pagination (default of 25 records)
- Added audit event that is logged in the Events tab of the cloud console when a Scheduled Report is generated
- Renamed “OS Platform” to “OS Version” (i.e., “Windows”) and renamed “OS Release Name” to “OS Friendly Name” (i.e., “Microsoft Windows 10 Pro”) within Endpoint Properties page and reports
- Updated the Endpoint Properties page so that if an OS Version is not available, the UI will now display “Unknown”
Fixes
- Quarantine page displays old quarantined items on top of the list
Known Issues
- Endpoint Protection for Mac: Shows enabled/disabled notification even if tray icon is not present
- Endpoint protection for Mac: Scan History tab does not get information populated if threat scan does not detect any threats
- Endpoint Protection for Mac: Protection update version is reporting SDK version instead of DB version in Scan History, not reporting in Endpoint Details
- Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints is in GMT and not the web browser’s locale
- Endpoint Protection for Mac: Free Physical memory is being reported as “0” in the Overview tab of Endpoint Properties
February 8, 2018
New Features
- Added option for end users to perform context menu scans: Users can scan files on their Windows computer by right clicking on the desired file(s) and selecting “Scan with Malwarebytes”. This gives end users the power to scan any file they deem suspicious or out of an abundance of caution. Administrators must enable this optional feature in policy by toggling “Show Malwarebytes option in context menus (Windows only)” to ON
- Added scheduled reporting: Administrators have the option to automatically receive an email for any desired report—providing them with daily, weekly, and monthly reports proactively in their inbox. Click on the Reports tab in the cloud console, click on Scheduled, select a single or multiple report(s), and click the Save Changes button. The CSV formatted report will be delivered once report generation is complete, based on the chosen frequency
Improvements
- Added “MD5” and “Affected Application” fields to Detection Summary report
- Added product Version and Protection Update fields to Agent Info within Endpoint Overview
- Endpoint name now deep links to its’ Endpoint Overview screen from the Detections, Quarantine, Events, and Tasks tabs
- Updated Forgot Password page — now email address field is in focus when navigating there
- Updated cloud console to display an event when an end user postpones a required reboot
- Updated Quarantine page so that items identified by Real-Time Protection will no longer show zeros for the Scan ID
Fixes
- If an endpoint was powered down ungracefully (i.e., power outage) while a scan was running, a configuration file could become corrupted
- 100% CPU spike if an endpoint administrative user forcefully kills the Malwarebytes tray process when the Self-Protection Module is enabled
- Customers migrating from legacy Malwarebytes products (including Malwarebytes Anti-Malware v1.6, Malwarebytes Anti-Exploit v1.08, and Malwarebytes Management Console v1.6) will require 2 reboots in a row to complete the installation
- Some customers who have already migrated from legacy Malwarebytes products were stuck in a reboot loop during the last cloud update due to legacy products leaving behind orphaned registry keys
- Running Sysprep with the Malwarebytes Endpoint Protection agent installed fails. The workaround is to stop the Endpoint Protection agent tray process before launching Sysprep
- Detections that are found, but not quarantined, are not being counted in the Detection History tile on the Dashboard page—however the Number of Detections chart on the Dashboard page is counting them correctly
- Exploit Protection doesn’t start on Windows XP
Known Issues
- When attempting to scan a shortcut file, the scan is not following the shortcut to the root file. Users can work around this by scanning the actual file(s) rather than the file’s shortcut
January 11, 2018
New Features
- Added new data fields in the Detection Details dialog window: Administrators now can see the affected applications from Real-Time Protection events and an MD5 hash from Exploit Protection events. By adding the Process Name for Website Protection events, administrators can now see and better understand the exact process which was trying to access the malicious site
- Added new on-demand reports for Asset, Event, and Task summaries: Administrators can request a CSV format export of endpoint asset details, events, and tasks for the previous 24 hours, 7 days, or 30 days. Click on the Reports tab in the cloud console, then click the “Generate Now” link for the desired report. The request is placed into a queue for processing. When the report is ready, an email with a link is sent to the requestor’s email address allowing them to download the desired report
- Added new Websites Blocked tile in the cloud console dashboard: This provides administrators with visibility and a running tally of the malicious websites and IP addresses that were blocked during the past 24 hours. Simply log into the cloud console where you can view the Websites Blocked tile on the main Dashboard page
Improvements
- Updates for the Malwarebytes Endpoint Protection engine will be automatically metered by Malwarebytes to prevent overloading customer networks
- Updated the title bar of Endpoints detail page to display the selected endpoint’s name
- Added deep link to view Scan Reports in the Event Details dialog window for Threat Found and Threat Cleaned event types
Fixes
- Under certain conditions for some customers, the endpoint agent service would fail to start in a timely manner leaving the endpoint agent in a stopped state
- The Malwarebytes Discovery & Deployment Tool would display an error if the download server couldn’t be reached
- Tasks now show the correct quantity when filtered by Status
- Using browser navigation from many pages required clicking the browser’s back button twice to navigate back
- When installing the new Malwarebytes product, endpoints were stuck in a reboot loop when removing the legacy Malwarebytes Anti-Malware 1.6 product
Known Issues
- Customers migrating from legacy Malwarebytes products (including Malwarebytes Anti-Malware v1.6, Malwarebytes Anti-Exploit v1.08, and Malwarebytes Management Console v1.6) will require 2 reboots in a row to complete the installation
- Running Sysprep with the Malwarebytes Endpoint Protection agent installed fails. The workaround is to stop the Endpoint Protection agent tray process before launching Sysprep
- Detections that are found, but not quarantined, are not being counted in the Detection History tile on the Dashboard page—however the Number of Detections chart on the Dashboard page is counting them correctly
December 18, 2017
New Features
- Added exclusion support for Exploit Protection in Malwarebytes Endpoint Protection: This enables administrators to enter the MD5 hash of a file they’d like excluded from protection. Click on the Settings tab in the cloud console, choose Exclusions, select New, then scroll down and click the circle for “Exclude a file from Exploit Protection (Windows)” and type in the desired MD5 hash.
- Added new on-demand reports for Quarantine and Endpoint summaries: Administrators can request a CSV format export of quarantined items and endpoint records for the previous 24 hours, 7 days, or 30 days. Click on the Reports tab in the cloud console, then click the “Generate Now” link for the desired report. The request is placed into a queue for processing. When the report is ready, an email with a link is sent to the requestor’s email address allowing them to download the desired report.
- Added support for nested Groups: This provides administrators the flexibility to create an organizational structure in the cloud console that reflects their real-world environment (e.g., different businesses, business units, departments, locations). Click on the Settings tab in the cloud console, choose Groups, then click on the Add button. Type in the new Group Name, select the security policy for this group, and select the box to nest this group within an existing group.
- Added a scan progress dialogue window for Malwarebytes Endpoint Protection: When a user initiates a Threat Scan, they will see the details of all scan phases, files being scanned, number of items being scanned, elapsed time, and threats identified on their endpoint. They also have the option to cancel their Threat Scan in this dialog window
Improvements
- Display selected Detection Details and Quarantine Details in their own modal dialog window
- Added new detection data fields within Detection Details (where applicable) for the group name the endpoint belongs to, IP address, and port number
- Enhanced cloud console Endpoint page by converting the list of Group names to a simple drop-down selector with filter capabilities
- Updated Malwarebytes Discovery and Deployment Tool to warn if disk space is unavailable for installation on remote endpoint (To be released on 12/20 at 12:00PM PST)
- Updated Malwarebytes Discovery and Deployment Tool to display an error if download server cannot be reached (To be released on 12/20 at 12:00PM PST)
- Reduced Endpoint Agent error logging to only log unrecoverable errors
Fixes
- macOS tray icon tool tip doesn’t reflect policy setting
- Inconsistent verbiage when no threats or infections are found in the console
- Renamed “NebulaAgent” to “EndpointAgent” in macOS logs to maintain convention
- Incorrectly formed exclusions prevent subsequent exclusions from being applied
- Endpoint Agent Tray exceptions when switching between user accounts while an active scan is running
- User-initiated scan UI Time Elapsed field resets when logging into a different user account
- Visio 2010 uninstall string causes installed software list to not populate correctly
- Malwarebytes Discovery & Deployment Tool would show a failure even if the agent was successfully installed
- macOS handling of GMT (+0000) time
- Web Protection will prevent web traffic for some customers who connected to a VPN. If you experience issues, please contact Malwarebytes Customer Success team with your VPN details for assistance
- If an exclusion was entered incorrectly, the Endpoint Agent would ignore any subsequent exclusions
Known Issues
- We are not currently listing the MD5 hash for processes that Exploit Protection detects. In order to add an Exploit Protection exclusion, administrators must calculate their own MD5 hashes.
November 15, 2017
New Features
- Created new “Detections” page in the cloud console — combining the previous “Threats” and “Real-Time Protection” pages
- Added on-demand reporting — beginning with Detection Summary reports — that are generated in CSV format (additional reports coming soon)
Improvements
- Completedmultiple improvements to the cloud console user interface
- Enhanced the cloud console “Dashboard” page to include Real-Time Protection data
- Added additional information to detection details (with more to come in the future)
- Extended the download timeout period up to 30 minutes for software installations to assist with slow network connections
- Updated the end-user license agreement
Fixes
- Addressed an issue discovered when moving large numbers of endpointsbetween groups
- Localized the Timestamp on the Quarantine page
- Unicode characters are now processed correctly in scan result data
Known Issues
- Web Protection will prevent web traffic for some customers who are connected to a VPN. For most customers, simply adding the VPN domain as an exception in the Malwarebytes cloud console resolves the issue. We are working on a resolution
October 23, 2017
New Features
- Added option for end users to run Threat Scans on Windows and macOS endpoints
- Added option to display real-time protection notifications (Malwarebytes Endpoint Protection, Windows only)
Improvements
- Enhanced the console user interface (UI), reflecting direct user feedback — the first of two major updates for the UI
- Added an audit event which appears on Event page to indicate when an end user postpones a required reboot
- Enhanced the optional required reboot alerts to display upon threat removals, installations, updates, and uninstalls
- Delivered ongoing platform performance and stability improvements
- URLs now contain parameters so that you can share your working view with other console users
- Incident Response updates will now be metered to prevent overloading a customer’s network
- Running the installer on a system which already has the agent installed will no longer uninstall the agent
Known Issues
- Web protection will prevent web traffic for some customers who are connected to a VPN. For most customers, simply adding the VPN domain as an exception in the Malwarebytes cloud console resolves the issue. We are working on a resolution
September 18, 2017
New Features
- Added support for Mac endpoints in Discovery & Deployment Tool, enabling administrators to deploy, install and uninstall Malwarebytes Incident Response on Apple computers running macOS
- Added policy option to display Malwarebytes tray icon on Windows and Mac endpoints (enabled by default) providing end-users with visibility of scan status when hovering over the Malwarebytes icon
- Added policy option to alert users of required reboots for threat remediation with configurable display message in the associated policy and permits them to restart immediately or postpone viauser-selectable reminders
Improvements
- Added proxy support in Discovery & Deployment Tool, allowing the tool to propagate proxy settings to endpoints when the “Use Proxy” checkbox is selected
Fixes
- Nothing at this time
August 8, 2017
New Features
- Added Malwarebytes 3.0 unmanaged (standalone) client for Malwarebytes Endpoint Protection customers, agreat option for smaller businesses that don’t require central management or prefer to manage each endpoint manually
- Added option to delay Real-Time Protection when Malwarebytes Endpoint Protection starts on an endpoint, helping eliminate potential conflicts with other applications or services
- Added Self-Protection Module, controlling whether or not Malwarebytes Endpoint Protection creates a safe zone to prevent malicious manipulation of the program and its components
- Added Self-Protection Module Early Start option, starting the Self-Protection Module earlier in the computer’s boot process—essentially changing the order of services and drivers associated with startup
- Added Protection Updatessetting, defining how often Malwarebytes Endpoint Protection checks for protection updates—default setting checks for updates every 1 hour
Improvements
- Added ability to change scan impact priority, with “Low Priority” providing better multi-tasking response and “High Priority” enabling faster scan times (but may affect other application performance)
- Added Quarantine tab notifications that appear when administrators Delete or Restore threats
- Added new “Check for Protection Updates” action, enabling administrators to select endpoints and perform on-demand checks for the latest Malwarebytes updates
- Added functionality so pressing the enter key has same effect as clicking the “OK” button within the cloud management console
Fixes
- Updated URL links in the new user verification email, pointing trial users and active subscription holders to the correct support webpages
Malwarebytes Endpoint Security
1.9 / November 20, 2018
New Features
- Added the option to manage Malwarebytes Anti-Ransomware endpoint agent from the Endpoint Security Management Console, including:
- Install & uninstall Anti-Ransomware from the Management Console
- Visualize ransomware detections on many areas of console, email alerts, and syslog
- Add and remove Anti-Ransomware Exclusions to/from Policies
- Restore Anti-Ransomware quarantine items
- Added unmanaged Breach Remediation, Mac Real-time protection, and Android clients
Improvements
- Changed Sccomm logs for Adhelper to debug mode only
Stability/Issues Fixed
- Fixed: Sccomm service does not start on some clients running Windows 10
- Fixed: Issue creating temporary file when updating Policies in the Management Console
- Fixed: Issue with server memory spike in certain cases during login on Management Server 1.8.1 upgraded from 1.8
- Fixed issue with Client tab and Home dashboard showing different number of online clients
1.8.1 / May 21, 2018
Improvements
- Improved logic to show endpoints offline after missed check-ins in large environments
Fixes
- Addressed an issue where certain endpoints may fail to check-in due to duplicate key value
- Fixed an issue where server was not receiving database updates depending on the update frequency set
- Addressed an issue where certain Active Directory accounts could not log-in after upgrading
1.8 / March 22, 2017
New Features
- Improved the scalability and stability of the management console when operating in larger environments
- Added logic to optimize automatic check-in interval based on number of endpoints
- Added the ability for Anti-Malware updates to be obtained via UNC path as primary location
- Improved Anti-Exploit email alerts to include additional data from Anti-Exploit security log
- Added the ability to configure email notification throttling settings
- Added the ability to set console inactivity timer
- Added the ability to force updated server contact information if the IP/hostname of the management server has changed
- Added support for Windows Server 2016 for management server and managed clients
Improvements
- Addressed an issue where duplicate client names may appear as “Unregistered”
- Addressed an issue where Active Directory synchronization may not function
- Addressed an issue where Active Directory child OUs may fail to sync
- Addressed an issue where some user accounts imported from Active Directory could not authenticate
- Addressed an issue where domain query account could not be added
- Fixed an issue where client status legend failed to display values greater than 999
- Fixed an issue where client installer could be blocked by some third-party antivirus installers
- Fixed an issue where email notifications may fail to work during evaluations
Updated Malwarebytes Anti-Exploit for Business to version 1.09
- Hardened and more secure API hooking framework
- Added self-protection mechanisms
- Added sandbox technique for Silverlight
- Added Layer3 techniques against Macro exploits
- Added Layer3 techniques against social engineering exploits
- Added Java advanced configuration options for companies
- Added dynamic configuration feature to manage conflicts
- Added support for MS Play Ready
- Changed balloon notification to off by default
- Remove Run entry during uninstallation
- Fixed conflict with Symantec DLP
- Fixed conflict with Chinese banking software
- Fixed conflict with Office TabLoader
- Fixed conflict with Kobil mIdentity software
- Fixed false positive with Adobe and .NET modules
- Fixed issue when adding invalid custom shield
1.7 / May 26, 2016
New Features
- Updated Malwarebytes Management Console to version 1.7
- License subscription expiration date is now displayed
- Local and global managed seat counts are now displayed
- Implemented additional licensing improvements to clarify usage
- Improved syslog compatibility by adding CEF data format support
- Added the ability to export Client View and Threat View grid data to a CSV file
- Added the ability to perform SQL database cleanup on-demand
- Added percentage indicator to show SQL Express database disk usage
- Added the ability to copy policy settings to a new policy
- Added remote console support for Windows 10
- Added under-the-hood logging improvements for better supportability
Improvements
- Fixed issue where client installer could be blocked by some third-party antivirus installers
- Fixed issue where Data Backup and Restoration utility may not launch properly
Updated Malwarebytes Anti-Malware for Business to version 1.80.2
- Improved update handling by requiring SSL for downloads
Updated Malwarebytes Anti-Exploit for Business to version 1.08
- Added Layer0 Dynamic Anti-HeapSpraying mitigation
- Added Layer0 Anti-Exploit fingerprinting mitigation
- Added Layer0 fine-tuned VBScript mitigation for IE
- Added Layer1 ROP-RET gadget detection mitigation
- Added Layer3 Application Behavior rules
- Added protection for Microsoft Edge
- Added protection for LibreOffice
- Added failover upgrade mechanism
- Added auto-recovery for Anti-Exploit service
- Fixed conflict with third-party products that use the same hooks
- Fixed conflict with Office family profile
- Fixed conflict with banking software plugin for browsers
- Fixed conflict with Citrix when opening IE
- Fixed conflict with components from Asus and Huawei
- Fixed conflict with Kaspersky 16
- Fixed conflict with Comodo
- Fixed conflict with Imprivata OneSign
- Fixed issue when custom shields were not kept after upgrade
- Fixed issue with exclusions sometimes not applied to PDF profile
- Fixed issue with Layer3 Application Behavior
- Fixed issue with missing balloon notifications
- Fixed false positive with Adobe Acrobat
- Fixed false positive with certain .NET modules under IE
- Fixed PhantomPDF crash when converting to doc
1.6 / September 21, 2015
New Features
- Added the ability to send security events to Syslog server (in JSON format)
- Added advanced configuration options for Anti-Exploit
- Added support for SQL Server 2012 and 2014
Improvements
- Fixed an issue where upgrades could fail if a password contained certain special-character patterns
Updated Malwarebytes Anti-Malware for Business to version 1.80
- Added substantial improvements to core detection and removal technology
- Added support for Windows 10 (32/64-bit)
- Added support for Windows Server 2003 (32-bit), Windows Server 2008/2008 R2 (32/64-bit), Windows Server 2012/2012 R2 operating system (Server Core excluded)
- Enhanced safeguards to prevent false positives on legitimate files
- Modified incremental database update process to allow 50 incremental updates before requiring a full database update
- Fixed issue which caused managed clients to not download incremental updates via Internet
- Fixed issue which caused BSOD when scanning a drive encrypted with BitLocker
- Fixed various issues that could result in crashes or system hangs
Updated Malwarebytes Anti-Exploit for Business to version 1.07
- Added new Layer0 exploit mitigations for IE VB scripting
- Added new Layer1 exploit mitigations for ROP detection
- Added new Layer1 exploit mitigations for IE VB scripting
- Added new Layer3 exploit mitigations for Powershell abuse
- Added ability to automatically update software (applies to version 1.07 and future releases)
- Added telemetry from Firefox & Chrome
- Added ability to edit custom shields
- Added ability to log protection events to UI
- Added ability to auto-upgrade corporate builds
- Added support for Windows 10 (32/64-bit)
- Improved Java shield in corporate environments
- Improved exploit telemetry
- Removed “shielded applications” counter from UI
- Removed duplicate default shields for portable browsers
- Fixed issue when printing to Adobe PDF
- Fixed issue with Speedbit Download Accelerator
- Fixed issue with plugins from PowerDVD and GAS Tecnologia
- Fixed issue with certain exclusions not respected
- Fixed issue with Knowledge Coach Office Add-In
- Fixed issue with false positive from IE
- Fixed issue with Foxit Reader startup
- Fixed issue with Excel PowerQuery
- Fixed issue with Excel DEP Enforcement
- Fixed issue with nProtect GameGuard Anti-Cheat
- Fixed issue with IE VB scripting block
- Fixed issue with Chrome crashes
- Fixed issue with Arcom Masterworks
1.5.0.2701 / March 9, 2015
New Features
- Added the ability to send email notifications for malware and exploit detections
- Added the ability to send email notifications if signatures on the management server are outdated
- Added the ability to send email notifications if the SQL Express database is nearing capacity
- Added support for Microsoft Server 2012 R2
- Updated Anti-Exploit managed client to version 1.05, incorporating several new detection features and bug fixes (requires Anti-Exploit license)
- Added ability to manage (add/delete) Anti-Exploit custom shields (requires Anti-Exploit license)
- Added the ability to restrict administrative access to specific groups
Improvements
- Fixed issue that prevented Active Directory users from logging into the console after upgrade.
- Fixed issue that prevented Active Directory users from logging into the console using DNS name.
- Fixed issue to prevent SQL Express from installing if an external database is selected.
- Fixed issue that prevented the Management Console reports from printing correctly.
- Fixed error caused by syncing a domain user account that does not have a user principal name.
- Fixed error caused by importing a user account that already belongs to an imported domain user group.
- Set the page size to default in the client view to optimize performance during login.
1.4.1.2329 / October 20, 2014
New Features
- Added 1.04.2.1012 version of Malwarebytes Anti-Exploit for Business
- Added various new layer 1 and layer 2 detection techniques
- Improved various aspects of installation and automatic upgrades
- Improved threat information telemetry
- Improved shields to prevent slowdowns and FPs in desktop-based applications
- Fixed FP with Excel addon
- Fixed bug executing Desktop shortcut after install
- Updated hooking framework
Improvements
- Added capability to perform a 30-day trial of Malwarebytes Business Products
- Updated default policy for Malwarebytes Anti-Malware to enable the protection module
- Fixed a bug that prevented organizational units (OU) from being imported to the management console using Active Directory
- Fixed a bug that applied incorrect policy settings to the Malwarebytes Anti-Exploit endpoint after install
- Fixed a bug that prevented the management console from filtering log events that contain the operation value of “none”
1.4.0.2268 / June 12, 2014
New Features
- Integrated new Anti-Exploit for Business technology.
- Added ability to independently deploy Anti-Malware for Business and Anti-Exploit for Business applications to endpoints on the network.
- Added ability to export custom Anti-Exploit for Business installation packages for use with 3rd party deployment tools.
- Added ability to detect the number of Anti-Exploit for Business installations across the network.
- Added new Anti-exploit for Business Reports.
- Added new Anti-exploit for Business policy settings.
- Added new application protection status icons in the client pane.
- Removed the default “Admin” password on new installations, signing on the management console for the first time will require the administrator to set a new password.
- Updated end user license agreement.
Malwarebytes Breach Remediation
3.6.1 / October 30, 2018
Updated Malwarebytes Breach Remediation for Windows to version 3.6.1
Updated Malwarebytes Forensic Timeliner to version 3.6.1
New Features:
- Consolidated 32bit and 64bit executables into a single package
- Added Low Impact scan option to reduce CPU usage while scanning
- New machine learning based file anomaly detections
- Error Out configuration command added to Forensic Timeliner
Improvements:
- Up to 4x faster scan speeds
- Converted all input/output files from XML to JSON format
- Added new remediation methods and reduced overall number of reboots required for remediation
- Updated Forensic Timeliner to include events for Windows 10 and Server 2012
Known Issues:
- Launching Malwarebytes Breach Remediation for Windows from a network drive will cause the endpoint to crash
2.7.4 / June 21, 2018
Updated Malwarebytes Breach Remediation for Windows to version 2.7.2
Stability/issues fixed:
- Fixed an issue causing Windows 10 to crash when an Anti-Rootkit scan was run
2.7.3 / October 17, 2017
Updated Malwarebytes Breach Remediation for Mac to version 1.3.1
Improvements
- Added option to skip browser extensions during scans
- Improved quarantine functionality
Fixes
- Fixed an issue that can cause the program to be unable to scan
- Miscellaneous minor defect fixes
2.7.2 / January 24, 2017
Updated Malwarebytes Breach Remediation for Mac to version 1.2.6.730
Issues Fixed
- Fixed a bug that causes scanning to freeze under rare conditions
Updated Forensic Timeliner to version 1.0.1.1060
New features
- Added proxy server support
2.7.1 / November 2, 2016
Updated Malwarebytes Breach Remediation for Windows to version 2.7.1.1627
New Features
- Automatic fail-over capabilities for access to license enforcement and engine updates
- MBBR.exe enhanced as a self-extracting executable for easier deployment and upgrades
- Tamper protection to files and scan engine, making it less susceptible to attack
Updates
- Removed –confirmremove parameter associated with scan command
Improvements
- Bug fix to address incorrect error message when a firewall is blocking communication
- Bug fix to address incorrect error message in errorout.log when a custom path is used for the log output
Updated Malwarebytes Breach Remediation for Mac to version 1.2.5.715
New Features
- Enhancements to the engine to allow improved detection of new threats
- Added capability to GUI app to detect threats in all user folders
Improvements
- Fixed bug that could cause a crash under rare circumstances, if bad data is received from the update server
- Cleaned up log file to remove duplicate entries
2.7 / May 26, 2016
New Features
- Added support for Mac computers
- Added Forensic Timeliner feature to collect and export system timelines on Windows computers
2.6.2 / May 6, 2016
Fix
- Fixed small issue with error message handling – no impact to functionality
2.6.1 / March 08, 2016
Improvements
- Fixed bug which caused the program to become unresponsive when running it from anywhere but its home directory
2.6.0 / February 29, 2016
New Features
- Added enhancements to the custom IOC database feature to support new terminology
- Added the ability to create a custom reboot message with wait time option if a reboot is required to remove threats detected during a scan
- Added error return codes in mbbrerr.h (located in the doc subdirectory) for troubleshooting purposes
Improvements
- Changed product name from Malwarebytes Malware Remediation to Malwarebytes Breach Remediation
- Changed access controls to require Admin privileges when making any changes to Malwarebytes Breach Remediation
- Changed default registration for subsciption licenses from 48 hours to 14 days
- Changed the error message shown if an invalid proxy setting is used
- Changed executable name from mbmr.exe to mbbr.exe
- Changed the scan log output filename from MBMR-STDOUT.XML to MBBR-STDOUT.XML
- Changed the log error output filename from MBMR-ERROUT.TXT to MBBR-ERROUT.TXT
- Changed the identifier of quarantined items from an integer value to a unique string value
Malwarebytes Anti-Malware for Business
1.80.2 / May 26, 2016
Stability/Issues fixed
- Fixed security vulnerability to ensure database updates are downloaded over SSL connections only
1.80.1 / November 11, 2015
Improvements
- Add wildcard handling for registry exclusions
1.80.0 / September 21, 2015
Improvements
- Enhanced safeguards to prevent false positives on legitimate files
- Added substantial improvements to core detection and removal technology
- Added support for Windows 10 (32/64-bit)
- Added support for Windows Server 2003 (32-bit), Windows Server 2008/2008 R2 (32/64-bit), and Windows Server 2012/2012 R2 operating systems (excludes Server Core)
- Modified incremental database update process to allow 50 incremental updates before requiring a full database update
Issues Fixed
- Fixed issue which caused BSOD when scanning a drive encrypted with BitLocker
- Resolved various issues that could result in crashes or system hangs
1.75 / April 9, 2013
Changes
- Added ability to scan within archives
1.7 / December 27, 2012
Changes
- New program logo and icons
- Heuristics for 0-day exploit detection now implemented in protection module for PRO version
- Threats detected by the protection module are now quarantined automatically by default
- Malwarebytes Anti-Malware now shows Windows 8 START screen notifications
- Malwarebytes Anti-Malware now identified in scan logs, registry and About tab
- More Tools tab enhanced with tons of new content and more to come in the future
- Option to allow a threat to run temporarily (Allow Temporarily) added to filesystem protection prompts
- Option to add a detected item to the Ignore List (Allow Always) added to filesystem protection prompts
- Heuristics for detecting new and unknown threats improved
- Scanner efficiency improved
- Microsoft Windows 8 and Internet Explorer 10 now identified correctly in scan logs
- Help file updated to include information on new features
- Better compatibility with many other security products in realtime
- Minor issue with password creation from CLI fixed
1.65.1 / October 17, 2012
Changes
- Upgrading from a previous version on Windows Vista or Windows 7 may sometimes result in the protection module starting with a delay. (Fixed)
- The protection module does not start with Windows under under certain conditions. (Fixed)
- Scans sometimes complete prematurely. (Fixed)
1.65 / September 10, 2012
New Features
- Implemented comprehensive APIs for controlling Malwarebytes Anti-Malware (Corporate)’s settings and configuration for Corporate customers
- Added ability to import/export settings
- “Exit” option now removed from the tray when ‘limitedusermode’ is enabled
- Future versions will be able to upgrade without requiring a reboot after installation
- Protection module now controllable for the entire machine instead of being limited to individual user accounts
- Filesystem Blocking and Website Blocking can be enabled or disabled separately via the Protection tab
- Protection logs now show when malicious file execution blocking is enabled or disabled
- Realtime protection may now be cleanly terminated via the ‘Exit’ option in the tray without leaving any running processes
- Japanese language support added
Improvements
- Malwarebytes Chameleon enhanced to be even more effective against the latest threats
- Realtime protection now starts much faster on Windows Vista and Windows 7
- Eliminated performance issues caused by database updates and Ignore List manipulation on Windows Vista and Windows 7
- Pop-ups for threats detected by realtime protection can not be minimized
- All registry settings are now stored under HKLM
Issues Fixed
- Saving logs to custom locations after scans now works correctly
- Context menu setting is now honored correctly after performing a program upgrade
- Dates and times of items listed in the Quarantine are now displayed correctly
1.62 / July 11 , 2012
New Features
- New advanced program updater improves upgrade speed and reduces needed bandwidth
Improvements
- Enhanced Chameleon (v1.62) technologies to handle the latest threats
- Installation wizard now includes more information and guidance
- Streamlined and optimized database update module
- Updated System Requirements
- Logs enhanced to show drives and paths scanned
Issue Fixed
- Korean language now displayed correctly in language drop down menu
1.61 / April 9, 2012
New Features
- New Chameleon technologies gets Malwarebytes Anti-Malware running even when blocked by malware infections.
- Incremental database updates.
- Ability to password protect key program settings.
- XML logging capabilities now included.
- Scheduled scans now support XML logging.
- MSI installer now available.
Improvements
- Improved reliability and performance of the update process.
- Detection and removal engine enhancements.
- System tray icon now dynamically displays selected language.
- Settings for Protection Module behavior can be changed without protection being active.
- Improved DOR (Delete On Reboot) technology to enhance threat removal process.
- Restructured log formats to include greater detail on system information and detected threats.
- Improved error messages to make them more user friendly.
- Custom log locations now displayed in Logs tab.
- Protection logs can be saved in custom locations.
- Program version release date now displayed on About tab.
- Up to 25% faster Quick scans for 64-bit operating systems.
- Enhanced reliability of program updates with additional security checks.
Issues Fixed
- Fix for database not updating properly on Czech installations of Microsoft Windows.
- Fix for specific scenarios where scans failed to complete.
- Scheduled scan logs now include accurate protection status.
- Context menu ‘Scan with Malwarebytes Anti-Malware’ now displays in selected language.
Malwarebytes Anti-Exploit for Business
1.12.2.141 / December 6, 2018
Performance/Protective Capability:
- New Updated Protection for Chrome and Edge Browsers
Stability/issues fixed:
- Fixed False positives with Leawo Blu-ray Player
- Fixed False positives with ViewRight plugin
- Fixed alert notification issues
1.12.2.124 / September 5, 2018
Performance/Protective Capability:
- Removed protection for Chrome due to Google’s new policy against code injection into Chrome
Stability/issues fixed:
- Fixed crashes with Adobe Acrobat Reader
- Fixed scanner issues with Adobe Acrobat Reader
- Fixed False positives with Process Hollowing Protection
1.12.2.109 / August 13, 2018
Stability/issues fixed:
- Fixed False positives with Grammarly Add-in
- Fixed false positives with Edge browser
- Improvements in Exclusion capability
- Improvements in Detection Information and Telemetry
- Fixed page freeze issues with Browsers
- Fixed slowness issues with Adobe Acrobat Reader
1.12.2.90 / June 25, 2018
Stability/issues fixed:
- Fixed False positives with Microsoft Office due to Process Hollowing Protection
- Fixed False positives with Adobe Reader
- Fixed conflict with AOL Data Mask
- Improved protection
- Improvements in Exclusion capability
- Improvements in Telemetry
1.12.1.81 / May 14, 2018
Stability/issues fixed:
- Fixed false positives with Microsoft Office
- Improvements in Exclusion capability
1.12.2.68 / April 19, 2018
Malwarebytes Anti-Exploit
- Protection against exploit-driven Process Hollowing attack
Usability
- Hypervisor Code Integrity (HVCI) Compliant
- Compatible with Windows Device Guard
Stability/issues fixed
- Fixed crashes in Firefox browser
1.11.2.55 / January 9, 2018
Fixes
- Fixed a conflict with Norton Security
- Fixed opening/closing/hang issues with MS Office apps
- Fixed issues with opening of applications on Windows XP
- Fixed ROP block with a Chinese Bank plugin
- Fixed user notification issues on Windows XP
1.10.2.41 / September 20, 2017
New Features:
Added Dynamic Hooking Feature to manage conflicts
Fixes:
Fixed dll uninjection issues resulting in ghost process
Fixed dll uninjection issues with chrome extensions
Fixed false positive with FLTLDR.exe
Fixed false positive with QTTabBar plugin in Opera
Fixed hooking and detection issues with archive application
1.09.2.1413 / May 17, 2017
New Features
- Hardened and more secure API hooking framework
- Added self-protection mechanisms
- Added sandbox technique for Silverlight
- Added Layer3 techniques against Macro exploits
- Added Layer3 techniques against social engineering exploits
- Added Java advanced configuration options for companies
- Added dynamic configuration feature to manage conflicts
- Added support for MS Play Ready
- Changed balloon notification to off by default
- Remove Run entry during uninstallation
Fixes
- Fixed conflict with Symantec DLP
- Fixed conflict with Chinese banking software
- Fixed conflict with Sophos AV
- Fixed Edge browser crashes on Windows Insider Preview builds
- Fixed MS Office application crashes with MBAE
- Fixed conflict with McAfee HIPS
- Fixed false positives with Java Protection Technique
- Fixed a logging issue for critical errors
- Fixed service restart issues
- Fixed IE Freeze issues on Windows 7
- Fixed an FP with WMI protection technique
- Fixed an FP with HP Scanner application
- Fixed conflict with Comodo Secure Shopping
1.09.2.1384 / April 19, 2017
New Features
- Hardened and more secure API hooking framework
- Added self-protection mechanisms
- Added sandbox technique for Silverlight
- Added Layer3 techniques against Macro exploits
- Added Layer3 techniques against social engineering exploits
- Added Java advanced configuration options for companies
- Added dynamic configuration feature to manage conflicts
- Added support for MS Play Ready
- Changed balloon notification to off by default
- Remove Run entry during uninstallation
Fixes
- Fixed conflict with Symantec DLP
- Fixed conflict with Chinese banking software
- Fixed conflict with Sophos AV
- Fixed Edge browser crashes on Windows Insider Preview builds
- Fixed MS Office application crashes with MBAE
- Fixed conflict with McAfee HIPS
- Fixed false positives with Java Protection Technique
- Fixed a logging issue for critical errors
- Fixed service restart issues
1.09.2.1334 / February 15, 2017
New Features
- Hardened and more secure API hooking framework
- Added self-protection mechanisms
- Added sandbox technique for Silverlight
- Added Layer3 techniques against Macro exploits
- Added Layer3 techniques against social engineering exploits
- Added Java advanced configuration options for companies
- Added dynamic configuration feature to manage conflicts
- Added support for MS Play Ready
- Changed balloon notification to off by default
- Remove Run entry during uninstallation
Fixes
- Fixed conflict with Symantec DLP
- Fixed conflict with Chinese banking software
- Fixed conflict with Office TabLoader
- Fixed conflict with Kobil mIdentity software
- Fixed false positive with Adobe and .NET modules
- Fixed issue when adding invalid custom shield
1.09.2.1291 / November 15, 2016
New Features
- Hardened and more secure API hooking framework
- Added self-protection mechanisms
- Added sandbox technique for Silverlight
- Added Layer3 techniques against Macro exploits
- Added Layer3 techniques against social engineering exploits
- Added Java advanced configuration options for companies
- Added dynamic configuration feature to manage conflicts
- Added support for MS Play Ready
- Changed balloon notification to off by default
- Remove Run entry during uninstallation
Fixes
- Fixed conflict with Symantec DLP
- Fixed conflict with Chinese banking software
- Fixed conflict with Office TabLoader
- Fixed conflict with Kobil mIdentity software
- Fixed false positive with Adobe and .NET modules
- Fixed issue when adding invalid custom shield
1.08.2.2572 / August 02, 2016
Fixes
Hotfixes on the following:
- Layer1 self-protection mechanisms for MBAE DLL
- Layer1 Stack Pivoting detection technique
- Layer3 Application Behavior protection
- Self-protection for MBAE IPC
1.08.2.2563 / June 29, 2016
New Features
- Added Layer1 self-protection mechanisms for MBAE DLL
- Improved Layer1 Stack Pivoting detection technique
- Improved Layer3 Application Behavior protection
- Improved self-protection for MBAE IPC
1.08.2.1045 / December 2, 2015
New Features
- Added Layer0 Dynamic Anti-HeapSpraying mitigation
- Added Layer0 Anti-Exploit fingerprinting mitigation
- Added Layer0 finetuned VBScript mitigation for IE
- Added Layer1 ROP-RET gadget detection mitigation
- Added Layer3 Application Behavior rules
- Added protection for Microsoft Edge
- Added protection for LibreOffice
- Added failover upgrade mechanism
- Added auto-recovery for Anti-Exploit service
Fixes
- Fixed conflict with third-party products that use the same hooks
- Fixed conflict with Office family profile
- Fixed conflict with banking software plugin for browsers
- Fixed conflict with Citrix when opening IE
- Fixed conflict with components from Asus and Huawei
- Fixed conflict with Kaspersky 16
- Fixed conflict with Comodo
- Fixed conflict with Imprivata OneSign
- Fixed issue when custom shields were not kept after upgrade
- Fixed issue with exclusions sometimes not applied to PDF profile
- Fixed issue with Layer3 Application Behavior
- Fixed issue with missing balloon notifications
- Fixed false positive with Adobe Acrobat
- Fixed false positive with certain .NET modules under IE
- Fixed PhantomPDF crash when converting to doc
1.07.2.1015 / July 24, 2015
New Features
- Added new Layer0 exploit mitigations for IE VB scripting
Improvements
- Removed “shielded applications” counter from UI
Fixes
- Fixed issue with nProtect GameGuard Anti-Cheat
- Fixed issue with IE VB scripting block
- Fixed issue with Chrome crashes
- Fixed issue with Arcom Masterworks
1.07.2.1010 / July 1, 2015
New Features
- Added new Layer1 exploit mitigations for ROP detection
- Added new Layer1 exploit mitigations for IE VB scripting
- Added new Layer3 exploit mitigations for Powershell abuse
- Added telemetry from Firefox & Chrome
- Added ability to edit custom shields
- Added ability to log protection events to UI
- Added ability to auto-upgrade corporate builds
- Added support for Windows 10
- Added blacklisting of pirated and fraudulent license keys
Improvements
- Improved Java shield in corporate environments
- Improved exploit telemetry
- Removed duplicate default shields for portable browsers
Fixes
- Fixed issue when printing to Adobe PDF
- Fixed issue with Speedbit Download Accelerator
- Fixed issue with plugins from PowerDVD and GAS Tecnologia
- Fixed issue with certain exclusions not respected
- Fixed issue with Knowledge Coach Office Add-In
- Fixed issue with false positive from IE
- Fixed issue with Foxit Reader startup
- Fixed issue with Excel PowerQuery
- Fixed issue with Excel DEP Enforcement
1.06.2.1018 / March 31, 2015
New Features
- Added new Layer3 mitigations for IE, Java and Office.
- Added default protection for more popular browsers.
- Added Chromium-based browser application family.
- Added new alert window with exploit details.
- Added protection traybar tooltip notification.
- Added advanced configuration of mitigations per family.
- Added configuration for general settings.
- Added browse button when adding custom shields.
- Added new mechanism to reduce known false positives.
- Added anonymous submission of blocked exploits.
- Added confirmation window for file-format exploit submissions.
- Added Premium notifications in Free/Trial builds.
Improvements
- Improved upgrade process to maintain existing custom shields.
- Improved visibility in GUI of Management Console exclusions.
- Improved error and crash reporting.
- Improved missing GUI notification for guest user accounts.
- Improved managed installation to avoid Start Menu folder creation.
Fixes
- Fixed false positive with Word or Excel under certain conditions.
- Fixed false positive with LoadLibrary exploit mitigation.
- Fixed false positive with web-based Java applications.
- Fixed bug with timestamp conversions.
- Fixed bug which could cause protection to stop during startup.
- Fixed bug whereby LUA could start/stop protection.
1.05.2.1016 / December 11, 2014
New Features
- Engine (DLL) code re-write to improve stability and compatibility.
- Added mitigations DEP Enformcement, Anti-HeapSpraying and BottomUp ASLR.
- Added new Layer0 “Application Hardening” protections.
- Added Layer1 new generic ROP protection mitigations.
- Added Layer1 new StackPivoting 64bit protection mitigation.
- Added Layer1 new StackExec 64bit protection mitigation.
- Added Layer2 new caller mitigations for 64bits.
- Added Layer3 new application behavior mitigations.
- Added trial mode to allow for testing of Premium version.
- Added Quarantine of blocked payloads from Layer3 detections.
- Added filename details for default and custom shields.
- Added graphic user interface bitmaps.
- Added new “Protection stopped” traybar balloon.
- Added new counter which counts apps instead of processes.
Improvements
- Improved IPC communication between Service and protection DLL.
- Improved management of 64bit processes by keeping mbae64.exe running.
- Improved “other” custom shield profile to reduce potential FPs.
- Improved Foxit Reader default shield to shield the latest version.
- Improved exploit threat telemetry and logging.
- Improved end user license agreement for corporate build.
Fixes
- Fixed false positive when opening Word or Excel under certain conditions.
- Fixed false positive when installing and running Silverlight for the first time.
- Fixed injection driver to resolve conflicts with third-party applications.
- Fixed multi-select and edit options in Shields and Exclusions tab.
- Fixed traybar icon right-click bug under Windows 8.1.
- Fixed UI closing when right-clicking on traybar icon.
- Fixed bug when double-clicking the traybar icon with UI open.
- Fixed issues with shielded apps counter with Chrome and Java.
- Fixed bug when uninjecting under certain conditions.
- Fixed remaining issues which caused Java FPs under certain conditions.
- Fixed DoS condition in the MBAE driver.
- Fixed memory leak under Windows 8.
1.04.2.1012 / September 04, 2014
New Features
- Added various new layer 1 and layer 2 detection techniques
- Improved various aspects of installation and automatic upgrades
- Improved threat information telemetry
- Improved shields to prevent slowdowns and FPs in desktop-based applications
- Fixed FP with Excel addon
- Fixed bug executing Desktop shortcut after install
- Updated hooking framework
1.03.2.1220 / June 12, 2014
New Features
- Added new protection techniques for “Operating System Security Bypass Protection” Layer.
- Added new protection techniques for “Application Behavior Protection” Layer.
- Added ability to enable or disable pre-determined shields from the GUI.
- Added ability to manage (add/delete) custom shields from the GUI.
- Added visual distinction in traybar icon between started and stopped.
- Added visual distinction between pre-determined, custom and CLI shields.
- Improved application termination when an exploit is blocked.
- Improved optimizations results in reduced size of MBAE.EXE by 3.5 times.
- Changed MBAE logs directory to %AllUsersProfile%/Malwarebytes Anti-Exploit.
- Updated end user license agreement.
- Fixed bug with GUI flashing for a second before minimizing to traybar.
- Fixed bugs with certain API hooks.
- Fixed bug with unshielding right after installation.
- Fixed bug with MBAE-CLI /excl-list parameter.
- Fixed false positive when playing DVDs in Windows Media Player.
Malwarebytes Anti-Malware Remediation Tool
2.5.2 / February 3, 2016
New Features
- Updated program to fetch signature updates over a secure HTTPS channel.
2.5.1 / November 11, 2015
Improvements
- Addressed a memory exception error during a scan that is affecting systems containing many users.
2.5 / October 19, 2015
Improvements
- Ability to selectively restore files using two different methods
- Added command to specify program environmental settings
- Added setting to enable/disable color display, which caused issues with some deployment utilities
- Added capability to track endpoint name and IP address in scan log
- Added capability to exclude several types of objects from scanning
- Enhanced Proxy settings and moved it to the “Settings” command
2.1 / June 24, 2015
Improvements
- Added full system scan
- Added selective remediation capability
- Added scan parameter to allow later remediation without requiring a second scan
- Updated threat detection engine
- Show progress indicators during scan to keep user informed
- Added option to create scan progress file in XML format, along with specification to determine how frequently this file is generated
- Program is now callable from any directory by prepending the path to the executable file
- Implemented new quarantine command which controls all quarantine parameters
- Removed separate quarantine-related commands
- Several bug fixes related to program crashes
Malwarebytes Anti-Malware Small Business Edition
1.75 / April 9, 2013
Changes
- Added ability to scan within archives
1.7 / December 27, 2012
Changes
- New program logo and icons
- Heuristics for 0-day exploit detection now implemented in protection module for PRO version
- Threats detected by the protection module are now quarantined automatically by default
- Malwarebytes Anti-Malware now shows Windows 8 START screen notifications
- Malwarebytes Anti-Malware now identified in scan logs, registry and About tab
- More Tools tab enhanced with tons of new content and more to come in the future
- Option to allow a threat to run temporarily (Allow Temporarily) added to filesystem protection prompts
- Option to add a detected item to the Ignore List (Allow Always) added to filesystem protection prompts
- Heuristics for detecting new and unknown threats improved
- Scanner efficiency improved
- Microsoft Windows 8 and Internet Explorer 10 now identified correctly in scan logs
- Help file updated to include information on new features
- Better compatibility with many other security products in realtime
- Minor issue with password creation from CLI fixed
1.65.1 / October 17, 2012
Changes
- Upgrading from a previous version on Windows Vista or Windows 7 may sometimes result in the protection module starting with a delay. (Fixed)
- The protection module does not start with Windows under under certain conditions. (Fixed)
- Scans sometimes complete prematurely. (Fixed)
1.65 / September 10, 2012
New Features
- Implemented comprehensive APIs for controlling Malwarebytes Anti-Malware (Corporate)’s settings and configuration for Corporate customers
- Added ability to import/export settings
- “Exit” option now removed from the tray when ‘limitedusermode’ is enabled
- Future versions will be able to upgrade without requiring a reboot after installation
- Protection module now controllable for the entire machine instead of being limited to individual user accounts
- Filesystem Blocking and Website Blocking can be enabled or disabled separately via the Protection tab
- Protection logs now show when malicious file execution blocking is enabled or disabled
- Realtime protection may now be cleanly terminated via the ‘Exit’ option in the tray without leaving any running processes
- Japanese language support added
Improvements
- Malwarebytes Chameleon enhanced to be even more effective against the latest threats
- Realtime protection now starts much faster on Windows Vista and Windows 7
- Eliminated performance issues caused by database updates and Ignore List manipulation on Windows Vista and Windows 7
- Pop-ups for threats detected by realtime protection can not be minimized
- All registry settings are now stored under HKLM
Issues Fixed
- Saving logs to custom locations after scans now works correctly
- Context menu setting is now honored correctly after performing a program upgrade
- Dates and times of items listed in the Quarantine are now displayed correctly
1.62 / July 11 , 2012
New Features
- New advanced program updater improves upgrade speed and reduces needed bandwidth
Improvements
- Enhanced Chameleon (v1.62) technologies to handle the latest threats
- Installation wizard now includes more information and guidance
- Streamlined and optimized database update module
- Updated System Requirements
- Logs enhanced to show drives and paths scanned
Issues Fixed
- Korean language now displayed correctly in language drop down menu
1.61 / April 9, 2012
New Features
- New Chameleon technologies gets Malwarebytes Anti-Malware running even when blocked by malware infections.
- Incremental database updates.
- Ability to password protect key program settings.
- XML logging capabilities now included.
- Scheduled scans now support XML logging.
- MSI installer now available.
Improvements
- Improved reliability and performance of the update process.
- Detection and removal engine enhancements.
- System tray icon now dynamically displays selected language.
- Settings for Protection Module behavior can be changed without protection being active.
- Improved DOR (Delete On Reboot) technology to enhance threat removal process.
- Restructured log formats to include greater detail on system information and detected threats.
- Improved error messages to make them more user friendly.
- Custom log locations now displayed in Logs tab.
- Protection logs can be saved in custom locations.
- Program version release date now displayed on About tab.
- Up to 25% faster Quick scans for 64-bit operating systems.
- Enhanced reliability of program updates with additional security checks.
Issues Fixed
- Fix for database not updating properly on Czech installations of Microsoft Windows.
- Fix for specific scenarios where scans failed to complete.
- Scheduled scan logs now include accurate protection status.
- Context menu ‘Scan with Malwarebytes Anti-Malware’ now displays in selected language.
Malwarebytes Enterprise Edition
1.3.1.1962 / December 2013
Improvements
- Addressed failed server upgrades from 1.2 to 1.3 build which was caused by insufficient user permissions when opening the existing embedded database.
- Addressed issue where managed client with a DNS IPv6 address was unable to register to the server after push installation.
- Improved Active Directory Domain queries to address failed organziation unit (OU) sync issue.
- Increased organizational unit (OU) name character length limitation from 32 to 64 characters.
- Optimized organizational unit (OU) queries to prevent console web service timeouts when querying large Active Directory environments.
- Fixed import issue where a computer in a Active Directory child domain was placed into the “ungrouped” folder instead of the correct group in the MEE console.
1.3.0.1936 / October 2013
New Features
- Microsoft Active Directory integration, capable of querying AD to import admin users, computers, groups, and organizational units
- Expedited deployment of Malwarebytes managed clients based on membership in Active Directory groups
- Set a Domain Query Account to synchronize Active Directory changes
- Restoration of quarantined objects from any managed client using the Management Console
- Ability to utilize third-party tools to deploy managed clients exported as MSI files
- Automatic configuration of managed client polling intervals based on the number of clients
- Policy option added which allows managed clients to download signatures directly from the internet
Improvements
- Addressed a memory leak caused by the management server log clean up process
- Addressed issue where managed clients equipped with a Bluetooth PAN adapter failed to register to the server causing the error “NullReferenceException”
- Addressed Remote Service Control crashes during push install
- Replaced customer name in the user interface with ID field which will contain a random fixed length string
1.2.1.1665 / May 2013
New Features
- New Program logo and icons
- Installation of the management server on localized versions of Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 are now supported
- Client package updated to 1.75.0.1300:
- Archive Scanning is now available (with certain limitations)
- Only archives of 30MB or smaller will be scanned
- Archives within archives will be scanned, maximum recursion level is 2
- Only certain formats can be checked at this time (ZIP, RAR, 7z, CAB, MSI for archives. ZIP, 7z, RAR and NSIS for SFX (self-extracting executable) files)
- Only 300MB of data will be decompressed from any archive for the sake of scanning
- Once an infection is detected within an archive, the scanner moves on to the next file, it does not continue to scan the remaining files within the archive
- Archives cannot be disinfected at this time, they will be placed in quarantine and the admin/user can choose to restore or delete the archive
- Password protected archives are skipped (no prompt to enter password etc)
- If an archive contains multiple threats, only the first threat scanned by MBAM will be listed as the vendor name
Improvements
- Enhanced reliability of program signature updates with additional security checks
- Addressed database character limitation that prevented certain client computers from registering successfully to the management server
- Removed “Licensed Users” information on Admin tab/Overview pane as a short term solution to allow the purchase of additional user seats without having to enter a new license key
- The management server can now be installed using a remote database and then migrated over to another server with a different OS language/locale setting without any issues
- Eliminated the error “String was not recognized as a valid Date Time” during an attempt to update the signature database
1.2.0.1578 / March 2013
Note: We recommend performing a full backup of the database prior to upgrade. Refer to the admin guide for instructions. If you are upgrading your existing MEE server it is important to log in with the built-in admin account first and ensure you have the correct credentials. After performing an upgrade, legacy created administrator accounts will default to read only and will not be able to log into the MEE server. You will need to log in with the built-in admin account and set the new permissions for all the legacy administrator user accounts. This note does not apply to new installations of MEE. If you have any questions please contact support.
New Features
- Client package update to 1.70.0.1200
- New program logo and icons
- Heuristics for zero-day exploit detection now implemented in protection module
- Malwarebytes Anti-Malware now shows Windows 8 START screen notifications
- Option to allow a threat to run temporarily (Allow Temporarily) added to filesystem protection prompts
- Option to add a detected item to the Ignore List (Allow Always) added to filesystem protection prompts
- Heuristics for detecting new and unknown threats improved
- Scanner efficiency improved
- Microsoft Windows 8 and Internet Explorer 10 now identified correctly in scan logs
- Help file updated to include information on new features
- Better compatibility with many other security products in real-time
- Scan IP or hostname from a text file during client push installation to minimize deployment time
- SQL embedded data backup and restore utility
- New policy protection settings to show or hide tooltip balloon when filesystem threat is blocked
- Top risk report displays threat statistics if administrator selects a threat name
- Administrator user access control: IMPORTANT NOTE: Legacy created administrator accounts will default to read only after server upgrade, login with built-in “admin” account to assign new permissions
- Client push install has new scan option to enable serial client IP detection if management server could not detect clients in the network
- Maximum password setting increased from 10 to 32 characters
Improvements
- Created a warning prompt during installation if a DHCP IP is assigned to the management server
- Ability to disable or enable Windows proxy setting for client and server communication
- Validate that the management server address, localname, or FQDN matches the backup during database restoration
- Upgrading management server retains embedded and external database
- Enable Windows Management Instrumentation (WMI) if push install, simulation install, or detect client software failed
- Policy option to create right click context menu on client gets disabled properly if option is unchecked
- Addressed server exception that causes the scan button to become greyed out under client push install tab
- Right click and adding a registry object to the Ignore List from the client security logs in the console does not generate an error
1.2.0.1517 / December 2012
New Features
- Client package update to 1.65.1.1000
- Upgrading from a previous version on Windows Vista or Windows 7 may sometimes result in the protection module starting with a delay (Fixed)
- The protection module does not start with Windows under under certain conditions (Fixed)
- Scans sometimes complete prematurely (Fixed)
- Implemented comprehensive APIs for controlling settings and configuration
- Added ability to import/export settings
- “Exit” option now removed from the tray when ‘limitedusermode’ is enabled
- Future versions will be able to upgrade without requiring a reboot after installation
- Protection module now controllable for the entire machine instead of being limited to individual user accounts
- Filesystem Blocking and Website Blocking can be enabled or disabled separately via the Protection tab
- Protection logs now show when malicious file execution blocking is enabled or disabled
- Realtime protection may now be cleanly terminated via the ‘Exit’ option in the tray without leaving any running processes
- Japanese language support added
- Realtime protection now starts much faster on Windows Vista and Windows 7
- Pop-ups for threats detected by realtime protection can now be minimized
- All registry settings are now stored under HKLM
- Dates and times of items listed in the Quarantine are now displayed correctly
- Data backup and restoration feature for SQL Embedded databases
- Scan client IP addresses/hostnames from a text file to minimize scan time
- Display threat detail info when administrators select Top 10 threats
- New alternate push installation method using WMI (Windows Management Instrumentation)
Improvements
- If a SSL certificate being imported does not contain a private key an error will be generated informing the administrator to select another file
- Ability to create client installation packages without requiring any policy or group configuration
- Policy ignore list now restricts the use of invalid characters
- Validate server address IP/hostname during data backup restoration