.jpg.9677e5689bab176f751e57ec4ce6e9a4.jpg)
Rsullinger
-
Posts
533 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Rsullinger
-
-
Hello Preyash,
What was the error message? I am not seeing the message in the last response. Is it saying that you must log into the administrator account or the account originally used to install the product?
-
Hey Stevem,
Sorry about that. Looks like it was only set for people in the company to use that link. Use this one instead:
https://malwarebytes.box.com/s/zkjnx7znvzavge5wdtpgoin7hlpv7yvz
Just tested it logged out and it should work now.
-
I think there is a way, but it would be easier just to provide you with the version of the build packaged as .msi:
https://malwarebytes.box.com/s/zkjnx7znvzavge5wdtpgoin7hlpv7yvz
-
Hello HaiDuongVN,
When you click on the scan button, can you choose the option for 'scan and detect client software? When you do that, you should notice 2 options at the bottom. 1 for serial IP connection and 1 for WMI. I want to have you preform 3 test for this. 1 test each of using either wmi or serial IP by themselves. Then, 1 test where you use both of them selected. Usually checking both will find all of the clients but I would test each one to make sure.
-
Hello Neonred,
Can you try the instructions I left above to do a clean re-install? It seems a majority of the issues are just coming from the upgrade and a re-install will fix it. Make sure you use the clean tool and run it as admin as it will make sure all of our directories are removed so you can do a clean re-install.
-
Hello Mdfi13,
I want to have you collect the logs for the program so I can look into this further. To do this:
-
Hey VeryParanoid,
Yea they are very good at doing that. This is something our anti-ransomware product will help to protect from. So it should help with these types of cases in the future. It is still in beta, but if you want to use it you can find it here:
-
Hello Veryparanoid,
Anti-exploit will prevent exploit based infections from infecting your computer. However, the infection you are mentioning doesn't use an exploit kit to infect computers usually. The main form of infection for that is usually through a spear phishing e-mail that is sent that includes a zip file with an infection hidden as a .xls or pdf file. It can also be hidden as a word file with a macro enabled that will infect the computer. Both of those methods are not something anti-exploit would block in this scenario.
Did you happen to receive any e-mail lately with files attached that was from an unknown source?
-
Hey NewVillage,
I want to have you collect me the anti-exploit logs using these instructions:
-
Hello SecGuru,
Use this build instead and follow the same instructions I put in the last post:
https://malwarebytes.box.com/s/8xrz3rkvo5dqvu1m58esl2gmgr8uwypf
-
Hey Preyash,
In the last entry it shows the client was simply just trying to send a client update status to the server and it stopped. It didn't go through the normal stop procedure. One thing I noticed in the log that was odd was these two time stamps:
2016-10-20 16:42:52.865: Launch mbae api, filename: C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe, parm: /shield helpctr
2016-10-24 08:21:11.298: mbae-cli.exe exit code: 0, parm: /shield helpctrIt took 4 days to launch that command and give the error code back. The service never stopped in between those 4 days, it just did nothing. This is something similar I saw in an older version of the managed client. In the logs, I see the managed client is on version 1.5 which is a couple of versions out of date. Do you have the latest version of the management console? You can find this out by signing in and looking at the bottom left corner. The current most up to date version is 1.7.0.3208. If you do have that version of the console, then I want to have you deploy the client over the top on this computer and see if the issue still occurs.
If you are not on the latest version, then you can use the instructions here to upgrade the server so you can deploy the new client version:
https://support.malwarebytes.com/customer/portal/articles/1835539?b_id=6401
-
Hello Djd6771,
Please follow the instructions here to collect the logs for our program:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
Please make sure you also include the logs in step 5.
-
Hello everyone,
Thank you for the logs. I am going to be sending each of you that has provided the logs so far a PM to give further instructions on some logs to collect. You will be hearing from me soon!
-
Hello Xop,
I posted it in the other thread, but I will post it here as well in case you want to keep your separate:
If you installed the product on a single client and do not see it then I want to have you do a couple of things. First, go to the client and see if the meeclientservice service is started. This is the managed client service and if it is not started, it will not be able to connect to the server to show an online status. If that does not fix it or it was already running, then we will need to see the diagnostic logs from the clients to find what the issue is. To do this:
-Locate the this folder on the client computer: C:\Program Files (x86)\Malwarebytes' Managed Client
-In this folder, right click the 'CollectClientLog.exe' utility and run it as admin.
-Save these logs to the desktop of the computer.
-Zip up this folder and attach it to the next reply.Thank you,
-
Hello Sixpack,
I just want to confirm first that the clients you are trying to scan meet all of these pre-requisites:
The following prerequisites must be met for all Managed Clients using the Malwarebytes Management Console:
- .NET Framework 3.5
- Windows Installer 4.0 or higher
- File and Printer sharing enabled
- NetBIOS enabled
- Network Discovery enabled
The main one in this case is the nettbios/network discovery. Those are required for the actual scan and detect portion of the program and if they are disabled, then the clients will not show up in the client push install menu.
As for your other question about the 'add ad ou as group, can you show exactly what you are seeing? You will never see the actual endpoints show up in the list only the AD tree. For example, see the screenshot of what I see on mine. I have 1 client under each of those (for testing purposes) but you will not see the actual computer shown there.
-
Hello Everyone,
If you installed the product on a single client and do not see it then I want to have you do a couple of things. First, go to the client and see if the meeclientservice service is started. This is the managed client service and if it is not started, it will not be able to connect to the server to show an online status. If that does not fix it or it was already running, then we will need to see the diagnostic logs from the clients to find what the issue is. To do this:
-Locate the this folder on the client computer: C:\Program Files (x86)\Malwarebytes' Managed Client
-In this folder, right click the 'CollectClientLog.exe' utility and run it as admin.
-Save these logs to the desktop of the computer.
-Zip up this folder and attach it to the next reply.Thank you,
-
Hello Preyash,
We would need to get logs to know for sure. It could be due to windows updates or interacting with the service (like an AV). Can you get those logs so I can see if anything in the log shows why it stopped?
-
Hello RTL434,
What you are seeing is what we pushed out. That is from our dynamic config. We put in place that if we detect trusteer we will disable. What I was having you check mainly to see if the system itself was doing it which it looks like it has in this case. If you already had them then you won't see a change.
-
Hello Everyone,
If you are having the issue with Edge and the ROP gadget detection's, please try rebooting the computers and see if you still have the issue. We pushed out something and we want to see if it fixes the issue for you. Please let me know if you still have the issue after that or confirm that it fixed it!
-
Hello Everyone,
If you are having the issue with Edge and the ROP gadget detection's, please try rebooting the computers and see if you still have the issue. We pushed out something and we want to see if it fixes the issue for you. Please let me know if you still have the issue after that or confirm that it fixed it!
-
Hello Everyone,
If you are having the issue with IE and the ROP gadget detection's, please try rebooting the computers and see if you still have the issue. We pushed out something and we want to see if it fixes the issue for you. Please let me know if you still have the issue after that or confirm that it fixed it!
-
Hello Rigsby,
I want to collect some more system information from you. I want to have you use a tool called FRST. To do this:
1: Please download FRST from the link below and save it to your desktop:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.
3: Click the Scan button
4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
-
Hey Garioch7,
This definitely isn't due to trusteer. Trusteer normally causes ROP gadget blocks so this is caused by something else. This may be an issue with bitdefender we are testing. Can you try rebooting the computer and see if that fixes the issue? We deployed something that may help with this.
I am getting these logs to our team as well so they should have more information for me!
-
Hey Stevejc,
Perfect! Thank you for the logs. I am getting this over to our team to look at.
VBA code gets blocked - need selective exclusions
in Anti-Exploit Beta
Posted
Hello Nick-d,
We will be fixing this issue soon and will be releasing a new version to address this. We will update you when we get this fix in place. In the mean time, you will need to uncheck that option to open the files. I do apologize for the inconvenience.