Malwarebytes business solutions not starting on Windows machines

Document created by asmith Employee on Nov 20, 2017Last modified by jgolomb on Nov 1, 2018
Version 10Show Document
  • View in full screen mode

Malwarebytes managed clients are not starting properly on some underpowered Windows 10 machines. The services also fail to restart or freeze, particularly when the user logs into Windows.

 

Environment

The following Malwarebytes software is affected:

  • Malwarebytes Endpoint Agents
    • Malwarebytes Endpoint Protection and Malwarebytes Incident Response clients
  • Malwarebytes Management Console clients
    • Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit

 

Workaround

Deploy a script via Group Policy Object to automatically delay the Malwarebytes client service startup and restart the recovery option in 15 minutes.

 

Step 1: Create the script

Use a text editor to create a script from the template below:

@echo off
REM Sets service to start automatically, with a delayed start
sc config <SERVICENAME> start= delayed-auto
REM Sets service restart option to 15 minutes, failure count reset to 2 minutes
sc failure <SERVICENAME> actions= restart/900000 reset= 120

 

Replace <SERVICENAME> with one of the following Malwarebytes client software services:

  • MBEndpointAgent (Endpoint protection/Incident response Cloud Endpoint Agent)
  • SCCommservice (Malwarebytes Management Console client)

 

Save the text document as a BAT file.  Then copy the file to all affected Windows 10 client machines.  

 

Tip: Copy the file to the same location on each Windows 10 client machine.  For example, copy the file to all Documents folders or all Desktop folders.

 

Step 2: Create a new Registry process

Have your customer create a RunOnce Registry process using the steps below.

  1. Click the Start menu.

  2. Type Group Policy Management, then press Enter.

    • For Windows Server 2008 R2 and older operating systems, type gpmc.msc.

  3. Under Group Policy Management, double-click Forest.

  4. Double-click Domains to view your domain.


  5. Under your domain, right-click Default Domain Policy, then click Edit....


  6. When the Group Policy Management Editor window appears, view Computer Configuration.


  7. Double-click Computer ConfigurationPreferences > Windows Settings.

  8. Right-click Registry > point to New > click Registry Item.


  9. In the General tab, apply the following changes:
    1. Action: Create
    2. Hive: HKEY_LOCAL_MACHINE
    3. Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    4. Value name: Enter a name of your choice.
      Example: MBEP Service Edit
    5. Value type: REG_SZ
    6. Value data: Enter the file path where the script is saved to each machine.
      Example: C:\example\path\to\script.bat


  10. Click Apply.

 

Step 3: Deploy via Group Policy Object

Have your customer deploy the Registry process to the affected Windows 10 machines via their Group Policy Object. When deployed, the Registry process runs once on each machine and deletes itself afterward.

 

Additional information

Attachments

    Outcomes