MalwareBytes
-
We thought we had a problem on the firewall due to random high CPU usage on I7 proc. It turns out the culprit was a test of 2 AV clients. We even had to reboot the firewall to ensure it wasn't an error. MalwareByte AV product was just atrocious. We were going to roll this out to a 200-person org but with two workstations causing this much traffic in less than two hours - no thanks. pFBlocker enabled us to easily find the culprit.
-
@charlieblalock said in MalwareBytes:
two workstations causing this much traffic in less than two hours - no thanks
And what happens when you don't block it? Many applications will bang their heads against the wall trying to resolve or get to their sites..
-
@johnpoz My job is to recommend options, and in this instance, there are many more options in the same space that does not abuse network traffic. One PC created 1 GB of data in about 2 hours on the firewall. Multiple that by ~200 client Pcs and we would be DDOSin the network.
-
@charlieblalock oh don't take that the wrong way - was just curious more than anything.
And its something I despise - and feel its horrible coding... I get it try and resolve something and it fails, sure try again. But some devices are just insane - their should be a back off built in... Hey 3 attempts don't work, wait X seconds, don't work wait X minutes, doesn't work wait X hours, etc..
Roku's are horrible at it as well.
But its really a known thing in dns blocking - some things will just go insane when you block what they are looking for..
I mean really do you have to ask every freaking second ;) Or every 30 seconds even..
Stupid ass if you ask me
Every freaking minute - come on, your not getting it ;)
-
Of possible interest. MB Forum
-
@charlieblalock said in MalwareBytes:
MalwareByte AV product was just atrocious.
Malwarebyte was quiet useful in the past.
That's all gone now. Their programmers now want to get paid, share holder want their stake, and so on.
Same thing for AVAST, and many others like 'utorrent' (was useful in the past,and then they added a crypto miner).@charlieblalock said in MalwareBytes:
We were going to roll this out to a 200-person
Wait. Visit your companion's health care centre first - and human resources.
You'll be needing them.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@johnpoz said in MalwareBytes:
I mean really do you have to ask every freaking second ;) Or every 30 seconds even..
"I tried to get to my site every 10 secs, but failed once so I have to try every 5 secs and when that fails I now try every second until it succeeds"
-
@mer hehehe exactly! Just such nonsense..
Another thing that rubs me the wrong way is these iot devices that need to talk to something every X seconds.. Ok fine - not an issue you want/need to talk to something every X seconds.. But if your going to have to look up some fqdn every X seconds - how about you cache that for some time, you know say the life of the ttl.. Vs having to do a dns query every 10 seconds when you want to go to something.whatever.tld
Not saying you need to run a full blown caching name server on your iot device... But JFC - can you not at least cache the few entries your talking to vs having to ask dns for it every single time.
-
@johnpoz Now why would you want to do that. I mean 4bytes for every IPV4 address you cache, 16 bytes per IPV6 address, that can add up over the 3 or 4 addresses you need.
And parsing the response for TTL and setting a timer way too much code.Actually worked at a place that had redundant cards in a chassis, did the heartbeat thing to see if you needed to fail over. And yes the initial implementation used the exact opposite of an exponential backoff when they did not receive an ACK in time.
And folks wondered why things wouldn't work sometimes. -
@mer said in MalwareBytes:
that can add up over the 3 or 4 addresses you need.
hahah.. Exactly how 1 or 2 devices sending a query to my dns every X seconds isn't a big deal... But if I have 100 of those devices on the network.. That can add up to unwanted dns traffic ;)
I mean who would ever have more than a couple of say light bulbs on their network.. What tops a half dozen.. So sure just query my dns every 1 second you POS ;) its not like on a wifi network where you know other things might want to talk and use the wifi at the same time as your flooding it with needless chatter.. Oh while your at it - could you broadcast looking for other devices every second as well..
-
-
This 'telemetry' crap is common as dirt. Telemetry my arce. They are collecting data about usage- like where you go on the internet. See it with Firefox (incoming.telemetry.mozilla.org), my phones once I switched them to my internet carrier (v-collector.dp.aws.charter.com), MS does it (v10.vortex-win.data.microsoft.com)... you name it, they are trying to make a buck off your usage. Malwarebytes also has that 'browser guard'. I keep saying NO and sure enough it pops up again 'please turn me on'. Where else to better see where you are going, than with a plugin in the browser?
These days, many AV products are moving away from local 'definition' files/local scanning, to cloud based scanning. I get it, real time scanning, zero day bla bla. But I wonder what they are storing up there 'in the cloud'- their servers, and how it affects computer performance. Malwarebytes is on the mild side here- we use Fireeye at work and their xagt process can chew up 80% of the processor- you really feel it. Horrible. Maybe Malwarebytes has a central control console (not familiar with what they offer for business use) where you can turn telemetry off without having to manually do it on 200 machines...
