// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE INT-02DTG 0600Z
ColdRecon / Competitor Intel / Malwarebytes
Endpoint Security Vendor

Malwarebytes

2 PUBLIC SECURITY EVENTS ON FILE · 2023-06-01 — 2023-09-13

Publicly-known security events concerning Malwarebytes — CVEs, advisories, and incidents drawn from open-source reporting. Every item links to its original source.

Category

What Malwarebytes sells

EDR is agent-based endpoint tooling that monitors process/file/network activity, detects malicious behavior, and enables response. It is detection-led by design: it observes and acts after code executes. Its efficacy depends on recognizing a threat, so novel/zero-day techniques are a window of exposure until detected.

SOURCE · ColdRecon Reference

Malwarebytes competes in the endpoint-security category. ColdRecon publishes only the factual public record below — no competitive analysis or positioning.

The Public Record

Recent security events

On file: 1 vuln disclosure · 1 research poc.

2023-09-13
vuln disclosure
ALPC Port Blocking Vulnerability Affects Multiple Windows EDR AgentsCVE-2023-3280
A denial-of-service vulnerability in multiple Windows EDR products allows a low-privileged user to permanently disable the agent after a reboot by preemptively registering an ALPC port name used by the EDR. The affected EDRs fail to handle the case where the port is already in use, causing user-mode components to crash or become non-functional. Kernel components remain running but lose detection/blocking capabilities in most cases.
2023-06-01
research poc
New malware tool claims to terminate multiple EDR and antivirus agentsEDR-Terminator
A video and Reddit post surfaced on May 28, 2023, showing an executable that allegedly disables tamper protection and terminates the on-premise agents of numerous endpoint security products. The tool claims to work against vendors including CrowdStrike, SentinelOne, Carbon Black, and Windows Defender. ThreatLocker notes that its application allowlisting would block such an unknown executable from running.
Every event on this page is a record in ColdRecon's canonical set, drawn from public reporting and linked to its source above. ColdRecon monitors open-source signal only; it publishes no non-public or customer information.

Malwarebytes ships. Your prospect reads the headline. Do you?

ColdRecon turns this signal into one short daily brief, written from the seller's seat — what changed, why it matters to your deals, how to position. Request clearance and the first lands tomorrow at 0600.

Request Clearance →