Jump to content

Rsullinger

Staff
 View Profile  See their activity

  • Posts

    533

  • Joined

  • Last visited

 Content Type 

Everything posted by Rsullinger

  1. Rsullinger
    Hello PriteshPatel, Do you mind getting the logs from these instructions: Also, just so I am clear, do you know if that PDF is safe or is it a random PDF? If so, I would not want anyone clicking on that PDF until we can find out if it is safe or not otherwise.
  2. Rsullinger
    Hello cgh, Unfortunately I don't have a time-frame on that. We are hoping to release it soon, but we will have more information on that when we have a tangible date.
  3. Rsullinger
    Hello Arsh, Yea it seems to be due to the upgrade to 1.09. Can you try installing this build over the top on the client and see if it starts after that: https://malwarebytes.box.com/s/5ej3sggeli8ut9hhktz51wkkzvdtbscl
  4. Rsullinger
    Hello CGH, That is good to hear. That build fixes the C:\Program issue so it allows you to exclude the files that are now getting the block. I am glad to hear that fixed the issue on both of your computers. Please let me know if you have any other questions.
  5. Rsullinger
    Hello Positronemitter, I am not sure of something that would disable the protection just by going to the site. I went to that site to see if I could reproduce the issue and I was not able to. After this issue occurs again, can you collect the logs using the instructions from this post:
  6. Rsullinger
    Welcome to the Malwarebytes Anti-Exploit (MBAE) for Business Technical Support Forum Before you post here please read this completely. This sub-forum is for MBAE for Business, exclusively for discovering and fixing bugs, conflicts, false positives, crashes, etc. For technical support for MBAE Free/Premium technical support , please go here instead. Make sure you are running the latest version of MBAE. The latest available stable version is announced here. Look for existing threads that describe the problem you are having. There's a good chance that we are already discussing a specific problem in an existing thread. If that's the case, simply post to the existing thread describing the symptoms you are experiencing with MBAE. ZIP the entire contents (ALL the files, not just .LOG) of the MBAE user data directory and attach them to your post. The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it. If you are replying to someone else's post, you can click the "More reply options" button at the end of the page to get the file attachment options. You can find the logs in the following locations: Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit Vista, Windows 7 and Windows 8: C:\ProgramData\Malwarebytes Anti-Exploit Describe in as much detail as possible the steps to reproduce the problem, including but not limited to links to third-party software that may be conflicting with MBAE. Detailed system information. To facilitate replicating the problem consider downloading and running FRST and attaching its logs to your post as well. Most of the time this will not be necessary but be ready to provide these logs if asked by a Moderator or Forum Helper.
  7. Rsullinger
    Hello Bumskull, Do you mind collecting the logs outlined in this post here: I want to look at the logs to see why we are blocking it and get you a fix.
  8. Rsullinger
    Hello Arsh, No problem. Let me know when you are able to get those!
  9. Rsullinger
    Hello Trevoralf, Good to hear. I have seen a few of those issues recently with AV's blocking us downloading the .exe to install the update. So it is something I will look into as well. Please keep me updated and let me know if you have any issues!
  10. Rsullinger
    Hello Mitchellwieser, Thank you for the confirmation. I am going to send you a PM with instructions to collect a report of the database just so I can see how much space is being taken up on it.
  11. Rsullinger
    Hello Trevoralf, That is good to hear. I want to answer this as well: " I think to deploy the whole lot (MC, AM, AE) you create a package via the console and then create the GPO to run misexec "path to package" /quiet, but how do I set one up just to install this AE patched version." For anti-exploit you can just deploy the build we give out for the patch through GPO. It will deploy over the top of the existing anti-exploit install. As long as you have the managed client software already on the machine, it will connect to the server just fine like before. We have both .exe and .msi's for the new versions we put out so both are available if needed.
  12. Rsullinger
    Hello Arsh, The log collection would have to be done on the client having the issue. So if you are checking the server, unless it is the one having the issue you will have to check on the other machine. Thank you for the confirmation of the reboot however, I think I know the issue but the logs will confirm it.
  13. Rsullinger
    Hello Mitchellwieser, This sounds like it may be due to the program pulling the data from the sql database. Are you using a external sql database or the embedded database we created? Also, do you know what the current size of that database is?
  14. Rsullinger
    Hello Jamie, I want to have you get me a set of logs from one of the machines so I can look into if this is actually removing the infection or not. To do this: -Locate the this folder on the client computer: C:\Program Files (x86)\Malwarebytes' Managed Client -In this folder, right click the 'CollectClientLog.exe' utility and run it as admin. -Save these logs to the desktop of the computer. -Zip up this folder and attach it to the next reply.
  15. Rsullinger
    Hello Trevoralf, Aside from deploying the package via sccm, gpo, or another package deployment program there will not be an easy way. That update is not pushed through the automatic updates at this time.
  16. Rsullinger
    Hello Arsh, This can sometimes happen when mbae is updated which a reboot should be able to fix quickly. But I also want to have you collect me the logs so I can be certain of the issue. To do this: -Locate the this folder on the client computer: C:\Program Files (x86)\Malwarebytes' Managed Client -In this folder, right click the 'CollectClientLog.exe' utility and run it as admin. -Save these logs to the desktop of the computer. -Zip up this folder and attach it to the thread.
  17. Rsullinger
    Hello Trevoralf, For the 'reboot pending issue' can you search the registry to see if there is any entry of Malwarebytes? It is possible that the clean tool didn't grab all the settings so that would be mainly to check that. It should grab them all, but usually this issue is due to a registry entry still being around. But that is good to hear you were able to find a feature on the firewall that could be causing this. If that is anti-exploit giving that message, I have a build that may help with that. If you see the message again, confirm what program it is and I can get your hands on it.
  18. Rsullinger
    Hello Cgh, Thank you for the logs. Can you have the user try this build to see if they have the issue after that: https://malwarebytes.box.com/s/5ej3sggeli8ut9hhktz51wkkzvdtbscl Just install this build over the top and test it again. They should not have that issue after that.
  19. Rsullinger
    Hello Trevoralf, Do the computers that are not updating share any similarities with each other that the ones updating don't? I am mainly asking as I have seen customers who have front facing computers that are more locked down and are either blocking the CDN or the download of our .exe from the CDN. Make sure that these are allowed to go through for the client: data-cdn.mbamupdates.com port 443 sirius.mwbsys.com Port 443 Other then that, a wireshark may need to be running while you restart the service to see if something is blocking the connection to those said CDN's. As for your second question about updating the package. There is a way you can do it but it is not something we really recommend. Take the latest version of anti-exploit to the server and go to the \\Program Files (x86)\Malwarebytes Management Server\PackageTemplate folder. Back up the old mbae-setup.exe or change it to .old. Then, take the new package and rename it to mbae-setup.exe. You may need to stop the service before doing this but I usually don't have an issue with it.
  20. Rsullinger
    Hello DIgitalSamurai, Please collect the logs if you can. I want to see what portion of the protection is blocking this so I can assist further.
  21. Rsullinger
    Hello CGH, You can either attach them here or send me them in a PM if that is better for you. As for the log collection, the steps are the same. The logs for both versions are found in that C:\ProgramData directory so you can safely use those to get the logs. We don't have an easy 'sticky' for collecting the logs on this side of things so I linked that one for simplicity.
  22. Rsullinger
    Hello Alhazred, It would protect you. The protection layers we put in place make it so nothing can exploit IE (website or addon) to drop an infection on the computer. The different protection layers do this on all of our browser related shields so you can install those without worrying about them opening up any holes. We constantly update our protection to make sure that doesn't happen.
  23. Rsullinger
    Hello CGH, It sounds like it may be due to one of the new protection layers we put in. I want to have you collect me the logs from the computer so I can confirm this and see about getting this fixed without you having to disable all of those settings. To collect these logs, use this link below.
  24. Rsullinger
    Hello Morrile, I want to have you collect me some logs so I can look into this for you. To do this, use the instructions from this link:
  25. Rsullinger
    Hello Marge, I want to have you grab me the logs after this occurs to see what is the issue. Go ahead and follow the instructions here:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.