Malwarebytes Cloud Platform update - August 2018

New Features

• Malwarebytes cloud platform now supports role-based access control (RBAC). We’ve made RBAC extremely easy, enabling administrators to rapidly protect console access and data with the appropriate role according to their assigned Groups. Super Admin, Administrator, and Read-Only roles satisfy the majority of business use cases:
  • Super Admin users have full access to all Groups and features within the cloud console. Only Super Admin users can add, modify, or delete global Exclusions. All existing users have been converted to Super Admin users.
  • Administrator users have access to everything within the cloud console per their Group-level access, except for editing global settings.
  • Read-Only users can view all information within the cloud console per their Group-level access but cannot make any changes and are not authorized to use the Discovery & Deployment Tool. They can generate Reports and opt-in to receive Notifications.
• Malwarebytes cloud platform now supports single sign-on (SSO) with popular SAML 2.0 identity providers (including Okta, OneLogin, and Azure). When enabled, administrators can easily and securely connect to our Malwarebytes cloud console using unsolicited SSO via a single identity provider they’ve already provisioned. Administrators using the Malwarebytes cloud console are automatically logged in using the same SSO tool they currently use to access other applications throughout the day.
• New advanced deployment option: Active Directory. The Malwarebytes cloud platform Discovery and Deployment (D&D) Tool has been updated with a new Active Directory (AD) integration which supports advanced deployments. This updated D&D Tool connects with the customer’s AD to discover and map the organizational unit (OU) structure of the customer’s AD and use that to instruct which endpoints belong to all the different parent OUs and child OUs. When endpoints connect to the Malwarebytes cloud console, they are automatically added into their appropriate Group thanks to the D&D Tool’s mapping process.
• New advanced deployment option: custom Group installation parameter. Endpoints can now be automatically assigned to a custom Group during installation thereby enabling rapid deployment across the enterprise. When an admin installs using manual (e.g., via command line interface) or scripted deployment methods (e.g., via GPO, SCCM, PDQ) they may now specify a Group ID parameter to identify the Group the endpoints should belong to within the cloud console. If a Group ID is not set, is unspecified, or is incorrect (e.g., typo, doesn’t exist)—then the default Group will be used.
• [For Malwarebytes Endpoint Protection and Response customers] Malwarebytes cloud console now features a Process Graph. This provides administrators with greater visibility into Suspicious Behavior across their endpoints. Administrators can click on the Suspicious Behavior page in the cloud management console, select an item to inspect and then click on any of the icons to see visual details of the process, network, filesystem, and registry activities that caused the Suspicious Activity event. This additional context enables administrators to make better-informed remediation decisions:

Improvements

• Quarantined items for endpoints which have been deleted/uninstalled will no longer persist in the web console.
• Malwarebytes Endpoint Protection and Response now supports Windows 7 platforms.
• Added support for Mac end users to easily generate diagnostic logs by using <Control + Click> on the Malwarebytes icon.
• Updated Policy label format to be consistent.
• Some customer environments require additional time starting system services on boot.
• Fixed: Pagination would sometimes display negative counts.
• Fixed: Free memory is incorrectly reported for Mac endpoints.
• Fixed: The Deployment and Discovery tool shows installation success when the installation fails due to needed .NET upgrade.
• Fixed: Some users are not receiving all of their daily scheduled reports.
• Fixed: If the Endpoint Agent service has to wait too long for other system services to start, Windows kills it.
• Fixed: Discovery and Deployment tool doesn’t show more than 1000 results when AD scan is used

Known Issues

• Exclusions that have been entered with short file name paths such as “c:\progra~2\” are not being applied.
• User Verified account notifications are not getting emailed to administrators.
• Windows Server 2008 scans can crash when scanning .lmk files.
• Sysprep can fail to run with Self-Protection enabled in the policy.
• Within the Endpoint Properties page under the Detections tab, the Action Taken and Category dropdowns are cut off.
• Modal windows are showing an unnecessary scroll bar.
• Malwarebytes Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays “Pending Remediation”.
• Malwarebytes Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats.
• Malwarebytes Endpoint Protection for Mac: Timestamps in Scan History tab for macOS endpoints are in GMT, and not the web browser’s locale.
• Malwarebytes Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install