When encountering an issue with endpoints hanging or freezing, it is important to gather as much information as possible for the Support team to diagnose the issue.
Before reaching out to Support, complete the following steps to ensure a smooth troubleshooting experience.
Initial steps
Enable debug logging to allow the endpoint agent to capture additional details. For more information, see Enable debug logging on the Malwarebytes Endpoint Agent.
Take note of the time the issue occurs. If the issue consistently happens at a specific time, there may be a conflict with a scheduled scan or another software that performs activities at that time. Also take note of any steps to reproduce the issue if they are known.
Layer testing
Once debug logging has been enabled, specific components of Malwarebytes can be disabled to narrow down the cause of the issue. This is called layer testing. Follow the steps below to temporarily disable Malwarebytes and perform layer testing.
Create a test policy with all real-time protection disabled
- On the left navigation menu, click Configure > Policies.
- Click New to create a new policy.
- Name the policy Troubleshooting - Protection disabled or anything discernible as a test policy.
- On the left, select Protection settings.
- Disable all protection under Real-time protection.
- If you have a subscription for Endpoint Detection and Response (EDR), select Endpoint Detection and Response on the left and disable Suspicious activity monitoring.
- Click Save.
Create a test group
Once a test policy has been created, you need to create a test group and assign the test policy.
- On the left navigation menu, click Configure > Groups.
- Click New to create a new group.
- Name the group Troubleshooting.
- Select the test policy created above.
- Click Save.
Test with endpoints
Lastly, move the affected endpoints you want to test to the new group.
- On the left navigation menu, click Manage > Endpoints.
- Select the affected endpoints from which you already gathered logs.
- In the top right, click Actions > Move.
- Select the Troubleshooting test group.
- Click Save.
After making changes to a policy or group, the endpoint should receive the new policy within a few minutes. To force an immediate policy change instead:
- On the left navigation menu, click Manage > Endpoints.
- Select the affected endpoints.
- In the top right, click Actions > Check for Protection Updates.
- On the left navigation menu, click Tasks.
- Wait for the new task status to show Success.
Attempt to reproduce the issue with all protection disabled. If the issue does not occur, enable protection layers one-by-one and test after each layer is re-enabled. Test the protection layers in the following order:
- Suspicious activity monitoring (EDR only)
- Behavior protection
- Malware protection
- Web Protection
- Exploit Protection
Once the issue returns, collect diagnostic logs and contact support. For more information, check the following links: