[ISSUE RESOLVED] Malwarebytes is having a general RAM leak issue, is crashing systems

[Bouzoo]

Seems there is a general issue with MBAM, I just experienced it myself. First the Web protection wouldn't start, and it would use of 20-30%-ish CPU after what it would eat all of your RAM. There is no official response yet, and the only things to do at the moment are to either uninstall it or kill the Malwarebytes service. Just killing the process in Task Manager restarts the program. You can see numerous threads on the official forums with countless people saying they experienced the issue. 

 

EDIT: The issue has been resolved. Explanation on what happened and How to resolve directly from the MB forum

Quote

Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it.

If the update does not resolve the issue automatically for you, please shut down web protection, check for protection updates, and restart your computer.

The root cause of the issue was a malformed protection update that the client couldn't process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.

We are working hard to not only triage your issues and get your computer or business back up and running but to also rebuild your trust. We are going to overhaul how we publish these protection updates so that this never happens again.

I am personally available to discuss both on this forum via personal message or at mkleczynski@malwarebytes.com

 

*** How to resolve / verify you have the fixed update package ***

Malwarebytes 3

Update package version 1.0.3803 (Malwarebytes 3) or v2018.01.27.12 (Malwarebytes 2.x) or higher contains the fix

1. Open Malwarebytes
2. Turn OFF web protection by Clicking on “settings”, click to turn web protection OFF
3. Under Scan Status (right side), click next to “Updates” to have Malwarebytes download the latest database
4. Restart PC (Note it may take up to 2 restarts after the update to stabilize the system)

To confirm that you are on the latest database please follow the steps below:

1. Open Malwarebytes
2. Click on Settings
3. Click on the About tab
4. Next to “Update package version” if you see version 1.0.3803 or higher you are on the latest database which addresses the issue.

 

Malwarebytes Endpoint Security (on-premises)
First step to get the update is to disable the real-time protection. To do this in the Management console:

1. Open up the policy the clients are on and go to the protection tab.
2. From here, disable the ‘enable protection module’ option.
3. Once this is done click OK. When your clients check in they will get this new policy update.
4. Once real-time is protection is disabled and your clients can communicate, highlight the endpoints on the client screen and click the update database button at the top.
5. After the update is applied, a reboot of the machine may be required.

Note: If your client cannot resolve internal addressing, then re-installing the agent manually on the machine will need to be done. The client will not be able to reach out to the server for a policy update and will never be able to turn off the real-time protection.

 

Malwarebytes Endpoint Protection (cloud)

1. From the Malwarebytes Cloud console, go to the endpoints pane and select all the endpoints.
2. In the action drop-down, choose the ‘check for protection updates’ option to force an update on all endpoints to database update 1.0.3803 or higher.

This should fix the problem for the vast majority of Endpoint Protection endpoints. If endpoints are still affected after applying this, please reboot the machine.

If the remote agent is unable to reach out and get this update, then we must disable the web protection:

1. In the Malwarebytes Cloud console, Go to the settings> policies> and open up the policy the clients are on.
2. From here, go to the endpoint protection policy and turn off the “Web Protection” portion of the policy. Then:
   • If the machine is unresponsive, reboot the machine and log in.
   • Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.
   • Once updated, cancel the scan and reboot the machine.
3. When the computers are all online and updated, please turn back on the web protection again in the Endpoint Policy.

If the above doesn’t resolve the issue, please reach out to support at corporate-support@malwarebytes.com

 

[3 Lions]

Yep this caused my PC to hard lock on a black screen. 

[ItsMitch]

Not a problem for me? Seems to be fairly isolated IMO.

[Bouzoo]

Just now, SC2Mitch said:

Not a problem for me? Seems to be fairly isolated IMO.

You might have luck. There is no official response as to what is happening. The thread that I linked has currently 15 pages of people having issues in the last hour.

[3 Lions]

Just now, SC2Mitch said:

Not a problem for me? Seems to be fairly isolated IMO.

It will happen to you, people are experiencing this issue at different times. 

[ItsMitch]

Just now, Bouzoo said:

You might have luck. There is no official response as to what is happening. The thread that I linked has currently 15 pages of people having issues in the last hour.

It appears that it's just coming from people who have the premium version (from what I've read) so feels bad man for people who splash out on the premium features. 

[Bouzoo]

6 minutes ago, LinusTechTipsFanFromDarlo said:

Yep this caused my PC to hard lock on a black screen. 

Literally same thing here. It even crashed BSOD for me, saw 6 of them one on top of another. 

[Morgan MLGman]

I don't have the RAM issue but it does cause occasional CPU usage spikes and Web Protection won't turn on no matter what I tried

[3 Lions]

1 minute ago, Bouzoo said:

Literally same thing here. It even crashed BSOD for me, saw 6 of them one on top of another. 

It's funny that one press of the update button at their HQ can literally break every PC that has it installed  

[ItsMitch]

Malwarebytes forum admin posted this

https://forums.malwarebytes.com/topic/219996-important-web-blocking-ram-usage-issue/

Quote

 

All,

We're aware of an issue with a protection update that shipped an hour ago that is causing all web traffic to be blocked and RAM usage to climb. We are triaging this right now with all hands on deck. I will have an update shortly with root cause and will share with all of you as I get information.

 

I completely appreciate the pain this is causing our users and we are working hard to resolve this.

 

 

 

[Bouzoo]

Just now, SC2Mitch said:

Malwarebytes forum admin posted this

https://forums.malwarebytes.com/topic/219996-important-web-blocking-ram-usage-issue/

 

Saw it few minutes ago and added it to OP. 

[ItsMitch]

The amount of fucking idiots on the Malwarebytes forum is unreal, it blows my mind. "omfgggggggg refund!!!!!!!!!! because malwarebytes isn't secure!!!!!!!!! untrusted software!!!!!!!!" like bitch please, go make software that's as good as a MWB and that doesn't throw an odd update once every 2 years. 

[Bouzoo]

Just now, SC2Mitch said:

The amount of fucking idiots on the Malwarebytes forum is unreal, it blows my mind. "omfgggggggg refund!!!!!!!!!! because malwarebytes isn't secure!!!!!!!!! untrusted software!!!!!!!!" like bitch please, go make software that's as good as a MWB and that doesn't throw an odd update once every 2 years. 

The situation is inconvenient, but the drama is entertaining. 

[ItsMitch]

Just now, Bouzoo said:

The situation is inconvenient, but the drama is entertaining. 

Drama is cool I agree but people blowing their fucking minds over an update (which was caught in the first few hours and MWB fast response to it) is astounding. Makes me feel really sad. 

[Bcat00]

Lol, it’s hilarious reading the comments in the forum?

[Lewellyn]

Yeah, noticed it at random when I just so happened to check task manager. 10GB of RAM but no disk usage seemed strange.

[Bouzoo]

14 minutes ago, ThatGuyWhoTwirlsHisPen said:

Yeah, noticed it at random when I just so happened to check task manager. 10GB of RAM but no disk usage seemed strange.

Apparently it's fixed now. Have to check it myself.

[paddy-stone]

Never saw the problem myself, has been using approx 8.1MB most of the time.

[Bouzoo]

2 minutes ago, paddy-stone said:

Never saw the problem myself, has been using approx 8.1MB most of the time.

Really? It's always 3 digit for me, between 100 and 250. 

[paddy-stone]

3 minutes ago, Bouzoo said:

Really? It's always 3 digit for me, between 100 and 250. 

I'm not running any of the premiums though... just regular MB free, so that would probably count fro the majority of the difference.

[leadeater]

@Bouzoo

Could you add a quote from Malwarebyte's forum post with the recommended resolution steps.

[Equlix]

I spent most of my day fielding calls for this issue. Kinda annoying. 

[Bouzoo]

9 hours ago, leadeater said:

@Bouzoo

Could you add a quote from Malwarebyte's forum post with the recommended resolution steps.

Done

[Doobeedoo]

Oh yeah I've had issued with this yday and noticed memory leak. First I got a freeze so I had to restart, second after some time of running I checked task manager, cause I tend to do so, and noticed 12/16GB used by MBAM and around 15% CPU usage, no scanning or any activity. Killed the process, restarted the program and noticed RAM usage increase. I've killed the process again, restarted program, disabled all real-time protection, updated, restarted system. No issues now.

[ScratchCat]

Malwarebytes: Protecting you from malware but using all your RAM so not malicious software can start!

Premium Bonus: Excessive page file usage slows down and ransomware to a crawl, giving you hours to respond!

 

It is nice they managed to fix the issue quickly and without blaming it on something else. Something the technology industry could learn from.