Malwarebytes managed clients are not starting properly on some underpowered Windows 10 machines. The services also fail to restart or freeze, particularly when the user logs into Windows.
The following Malwarebytes software is affected:
- Malwarebytes Endpoint Agents
- Malwarebytes Endpoint Protection and Malwarebytes Incident Response clients
- Malwarebytes Management Console clients
- Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit
Deploy a script via Group Policy Object to automatically delay the Malwarebytes client service startup and restart the recovery option in 15 minutes.
Step 1: Create the script
Use a text editor to create a script from the template below:
REM Sets service to start automatically, with a delayed start
sc config <SERVICENAME> start= delayed-auto
REM Sets service restart option to 15 minutes, failure count reset to 2 minutes
sc failure <SERVICENAME> actions= restart/900000 reset= 120
Replace <SERVICENAME> with one of the following Malwarebytes client software services:
- MBEndpointAgent (Endpoint protection/Incident response Cloud Endpoint Agent)
SCCommservice (Malwarebytes Management Console client)
Save the text document as a BAT file. Then copy the file to all affected Windows 10 client machines.
Tip: Copy the file to the same location on each Windows 10 client machine. For example, copy the file to all Documents folders or all Desktop folders.
Step 2: Create a new Registry process
Have your customer create a RunOnce Registry process using the steps below.
Click the Start menu.
Type Group Policy Management, then press Enter.
For Windows Server 2008 R2 and older operating systems, type gpmc.msc.
Under Group Policy Management, double-click Forest.
- Double-click Domains to view your domain.
- Under your domain, right-click Default Domain Policy, then click Edit....
- When the Group Policy Management Editor window appears, view Computer Configuration.
- Double-click Computer Configuration > Preferences > Windows Settings.
- Right-click Registry > point to New > click Registry Item.
- In the General tab, apply the following changes:
- Click Apply.
Step 3: Deploy via Group Policy Object
Have your customer deploy the Registry process to the affected Windows 10 machines via their Group Policy Object. When deployed, the Registry process runs once on each machine and deletes itself afterward.