Anti-malware software Malwarebytes, known more commonly as MBAM, has proven useful in the removal of rather difficult types of viruses which test the patience of a user. That said, the aforementioned patience has unfortunately been now tested by the application itself.
On Saturday, information emerged in the company's own forums of high resource usage when MBAM was on, seemingly related to a recent database update and subsequent turning off of Real-Time Protection and Web-Protection.
Users were chiefly reporting extremely high RAM usage (evidence of a memory leak), with some also experiencing high CPU usage. The issue was quite widespread, with users on Windows 7, 8, and 10 chiming in about the problem. Furthermore, the premium version of the software was the most often cited, with those using a premium trial version also being affected.
The majority of reports pin the start of the issue at around 11 AM ET. Those who did provide further information beyond just "Malwarebytes Premium" were running version 22.214.171.1243, component package 1.0.262, and update package 1.0.3798.
Within about an hour of the first report, the software vendor provided update package 1.0.3799, which was to solve the issue. Unfortunately, it did not.
While another patch was being worked on, users reported that even after rebooting their PCs, the Malwarebytes service would start and still end up eating the majority of the available memory, causing systems to lock up.
Following further investigation, yet another patch was issued, which has reportedly fixed the issue described above. For those affected, it is version 126.96.36.1993, component package 1.0.262, and update package 1.0.3803. The company's CEO, Marcin Kleczynski, has also issued a statement on the forums regarding what took place on Saturday:
Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it.
If the update does not resolve the issue automatically for you, please shut down web protection, check for protection updates, and restart your computer.
The root cause of the issue was a malformed protection update that the client couldn't process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.
We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again.
I am personally available to discuss both on this forum via personal message or at firstname.lastname@example.org
The method of dealing with this issue has been provided as well:
*** How to resolve / verify you have the fixed update package ***
Update package version 1.0.3803 (Malwarebytes 3) or v2018.01.27.12 (Malwarebytes 2.x) or higher contains the fix
To resolve, simply reboot your machine. In some cases, a second or third reboot may be needed.
To verify you have this update, go to Settings -> About -> Update package version: 1.0.3803
It is important to stress that a simple close / re-open of Malwarebytes is not enough to mitigate this problem, even after applying the relevant update. The service itself needs to restart, which is why a system reboot is recommended.
Although not quite as severe as the CCleaner kerfuffle that took place last year, the high resource usage undoubtedly had a big impact on productivity. Beyond the officially stated "malformed protection update", no other information was released. That said, users on the forum were speculating about anything from foul play to cryptocurrency mining.
Source: Malwarebytes Forum
What's your take on the situation? Have you been using Malwarebytes and were affected by this? Sound off in the comments!
Thanks to Breach in the forums for the tip!
Update: Malwarebytes has released the statement quoted in the original article on its official blog, while also providing a document that elaborates on what went wrong. In the company's words:
A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs.
Moreover, we now know that the products affected were Malwarebytes for Windows Premium, Malwarebytes for Windows Premium Trial, Malwarebytes Endpoint Security (MBES), and Malwarebytes Endpoint Protection (Cloud Console). To reiterate, the issue was corrected in Update package 1.0.3803 for Malwarebytes and 2018.01.27.12 for MBES.
Thanks to Mando in the comments for the tip!
22 Comments - Add comment