Rsullinger

Hey Beverly62, The Malicious website blocking will block any malicious IP that is trying to connect to the computer as well. So there may be something else on the computer we are not detecting. I want to have you send me a PM with your e-mail so I can get this over to our ticketing system. I will need to have you gather me some diagnostic logs so I can see why this is occurring. Thank you,

Hey Tamborine, Unfortunately you won't be able to go from the full version to the embedded we install if you already had that setup. However, you can create and install a SQL express instance specifically for our database and connect it that way. To do this: First, download a new SQL Express Server 2008 R2 installation here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=30438 Then, please follow these instructions for setup: 1) Choose to create a New Installation. 2) Choose "New Installation or Add Features" then click Next. 3) Accept the license, then click Next, then Next again. 4) Name the instance (I suggest naming it Malwarebytes) then click Next. 5) Click "Use Same Account for all SQL Server services." a. On the popup, enter your Windows credentials. 7) Choose Mixed Mode authentication. Create a password for the SA account, then click Next. 8) Click Next two more times and finish the SQL installation. Once you do that, you need to attach the database files to the new instance you created. Once you do that: 1. On your existing Management Server, log in to the Management Console 2. Click the Admin Pane on the left 3. On the Overview tab, under SQL Database Setting, click Change 4. Enter the address, instance name, and user information (sql account required) for the SQL server 5. The Management Console should disconnect, and then you should be able to log in again As far as configuration requirements go, you'll need to enable Named Pipes and TCP/IP on your SQL Server if it is a database on another server. Once you do that, you should be all set and connected.

Hey REGITDept, I don't have a time frame on that unfortunately. We usually go through a process of letting the build go through public testing before we push it out automatically to all of the corporate clients. So if the build is needed, it can always be downloaded and tested from here: Are you currently having an issue that 1196 solves or are you just looking to make sure they are on the latest version we have released?

Hey Steelman, Unfortunately there is not a way to save it to a PDF from the report menu. However, like Dave posted, if you use something like that to add the print-to-pdf capability it should give you what you need. Thank you, Ron S

Hey BrentB9193, The newest version of the management console/server can always be found here: https://downloads.malwarebytes.org/file/mbmc However, what you currently have is the latest version of MBMC that is released. If you are curious as to a new version or what has changed from the new version, you can always view the release history from here: https://www.malwarebytes.org/support/releasehistory/business/ Thank you,

Hey Salohcin115, When the managed version is installed on the computer, it archives the logs and sends them to the management server. So it could be that you had anti-malware logs still on the computer from back in 2013 that are being sent to the server. Are you constantly seeing them being sent or was it just that initial bulk check in that you were seeing this on? -Ron S

Hey Osprey, I would like to see some logs from the program to see the IP's that are connecting to the server. Do you mind sending me your e-mail so I can create a ticket for this? Thank you, Ron S

Hey Sabastasio, I want to see about collecting some information about the server so I can see why this is occurring. Do you mind sending me a PM with your e-mail so I can create a support ticket for this? Thank you, Ron

Hey Sojeil, Just to confirm, when you did the push install from the console, did you leave the option for 'do not create start menu and desktop icons' checked or unchecked? If you did, can you try testing it on another computer to see if this is happening on more then one install. Thank you, Ron S

Hey NathanM, The commands we ran in sql management studio for this case was: truncate table dbo.TBL_ClientSystemLog and truncate table dbo.TBL_ClientSecurityLog However note that these commands will wipe any data you have for client detection's. Once we did that, we preformed a shrink on the database which cleaned up the space. If your database is filling up quite fast, then it could be another issue as well like a re-occurring infection or a setting is not enabled in the console. I would like to assist in seeing if one of those is causing this issue as well. Do you mind sending me a PM with your e-mail so I can create an e-mail case for this? I want to have you send me some logs and information so it may be easier in that. Thank you, Ron

Hey bumskull, The option for 'status' can be used to filter offline, online and idle, scanning, and unregistered. However, you can also use policy and policy compliance since an unregistered client would not have a policy. However there is no option to check off to not see unregistered clients. As for the Filter option only including one thing at a time, how are you seeing this? In my testing, I am able to choose different options to see this. For example, when I choose policy 'default policy', my clients show up. However, if I choose status offline as well, my clients disappear from the view. If I change that to online instead, they show up again. What set of options are not working for you when grouped together? As for the next version, there is no changes for the filter view currently in the next version. However, I will send this feedback to our engineering team for a feature request/enhancement. Thank you, Ron S

Hey Ahayz33, No problem. This is something I would want to collect some logs on to see where the issue may be. Do you mind sending me a PM with your e-mail address so I can create a ticket for this? Thank you, Ron S

Hey Ahayz93, It could be a prerequisite issue as well. Just to make sure, confirm if one of the clients you are trying to scan has these items checked: The following prerequisites must be met for all Managed Clients using the Malwarebytes Management Console: .NET Framework 3.5 or higherWindows Installer 4.0 or higherFile and Printer enabledNetBIOS enabledNetwork Discovery enabledIf that does not do it, is the IP range you are trying to scan part of your domain or are they public IP's? If the prerequisites do not end up being the case, we may need to open a ticket so I can have you gather some logs for us to review. Thank you, Ron S

Hey Scott, There is a couple of ways you can do this. The easiest way is through the console itself and to change the cleanup settings. If you go into the management console and go into the admin pane, click on the other settings tab at the top. From here, you can click on the 'change' button for the clean up settings. Then, you will just need to change the amount of days you want to keep the logs too. Once you change that, the next time the clean up process occurs it will lower the database size. Another way is to run a sql query on the database that can shrink the dbo.clientSecuritylogs and dbo.clientSystemlogs tables. If you want to go this route, I can provide some commands and instructions for that as well. But let try the way through the console and let me know if you run into any issues! Thank you, Ron S

Hey Iazzo, That is correct. There is no way in the program to have all of the quarantined files centralized on the server or another external location. I am not sure of any plans on changing this currently, but I can submit this as a feature request/enhancement to our Pm team to show that there is interest in this type of system. Thank you, Ron S

Hey Iazzo, Just to confirm, are you trying to upload the quarantined file to virustotal or just using the quarantine tab on the clients to find the infection location? If you are just looking for the file paths for our detection, you can see that in client pane on the management console. You can click on any client and in the security view area, you can see the exact file path for the detected file. Also, since the quarantined files are encrypted in our C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine directory so you would need to remove the item from quarantine to run them through virus-total as well. Thank you, Ron S

Hey Scowndrel, It looks like you submitted a ticket for this issue as well. If anyone else is running into this issue, please submit at ticket to corporate-support@malwarebytes.org or go through our portal. We would like to collect some logs on this issue to see why this is occurring! Thank you, Ron S

Hey ulrich07, Usually this type of error comes down to either a permissions error or an issue with the IIS 7.5 express instance we install. I want to gather some logs to assist in fixing this issue. Do you mind sending me a PM with your e-mail address so I can create a support ticket on our side? Thank you, Ron S

Hey Matt_WGSB, We have a command in sql we usually run for this. I want to send you instructions on how to do this. Do you mind sending me a PM with your e-mail so I can put this through our ticketing system? I want to collect some information from you as well about the admin account too. Thank you, Ron S

Hey Imperator, Perfect! Let us know if you run into any other issues. -Ron

Hey Scoutt, I do apologize for not getting to you on Friday. I thought that I followed this post when I sent the response, but it doesn't seem like I did. You are correct that it should be "Show in results list and check for removal". I am not sure why I put in the do not portion, but the correct setting should be the way you had it then. If that is the case and you had the setting on with auto quarantine, then I want to have you get me client logs so I can see if the client is getting the policy update correctly. If you would like to move this into a ticket then shoot me your e-mail. If not, go ahead and just follow these instructions: -Locate the this folder on the client computer: C:\Program Files (x86)\Malwarebytes' Managed Client -In this folder, right click the 'CollectClientLog.exe' utility and run it as admin.-Save these logs to the desktop of the computer.-Zip up this folder and attach it to the next reply. Thank you, Ron S

Hey Guy947, If you plan on installing via an image, you'll need to set up the image in a specific way. Please follow these steps: 1.Create an Installation Package of the Policy you'd like the imaged computers to have 2.Copy the install package to the base image 3.Disconnect the base image's network connection. Note: This is critical, as it must not be able to communicate with your Management Server after installing. If you do require internet access on the image after installing, please make sure you stop the SCCOMM service 4. Install the Malwarebytes Managed Client from the install package 5.Upload the image After installing the Managed Client software, it automatically registers to the server and creates a unique identifier on the system. By preventing communication between the Managed Client and the server, when you deploy the image and the computers come online, they'll automatically register as unique clients in the Management Console. Try that and let me know if you run into any issues! Thank you, Ron S

Hey Scoutt, That looks to be from the anti-malware detection and not anti-exploit. I noticed that this is a PuP detection and there is a setting in the policy that may be causing it to not be removed. Open up the management console and go to the policy pane on the left side. Open up the policy this computer is on and go to the scanner tab at the top. Find the 'Action for potentially unwanted programs (PUP):' and make sure it says 'Show in results list and do not check for removal'. If a PuP is found and the quarantine option is set, then that setting will make it so the PuP will be removed. Once you change that setting, click OK in the policy and let your clients get the policy. Then, run a scan on those computers and it should clean up the PuP detection. Try that and let me know if fixes the issue! Thank you, Ron S

Hey Greebz345, Since these are clients in AD, you may need to do a complete re-sync of the added OU. You can remove and re-add the OU groups to remove any unregistered objects that are staying behind. By doing this it does a full query of the added OU groups again. The clients that are online and checking in will slowly fall back into their own groups. If they do show up after doing this, it could be that the entry is still found in AD somewhere and our program is finding it. If it does not exists after checking that, then let me know and we can have you grab some logs to troubleshoot the issue! Thank you, Ron S

Hey Rolltide33, I wanted to give you some of the suggestions I notice our other customers use for this. Normally what our customers do is this: A. Update every hour. B. Quick scan once a day. C. Full scan once a week. However this isn't always the case or needed. So just to answer your questions a bit: 1. Every day should be fine for this. As for the time, a quick scan shouldn't to much of a delay for these laptops. 2. A full scan may not always be needed. As per our help desk article about the differnt business scans: Quick Scan: Quick Scans will scan the most common areas where malware is detected, including the following items: Startup Objects: Executable files and/or modifications which will be initiated at computer startup. Registry Objects: Configuration changes which may have been made to the Windows registry. File System Objects: Files stored on your computer's local disk drives which may contain malicious programs or code snippets. Heuristic Analysis: Analysis methods which we employ in the previously-mentioned objects — as well as in other areas — which are instrumental in detection of and protection against threats, as well as the ability to assure that the threats cannot reassemble themselves. Full Scan: Full Scans allow you to scan an entire drive using Malwarebytes Anti-Malware. So there is not much of a difference between the two. So it is ultimately up to you. Like I mentioned before, most of the customers I assist with have a full scan run once a week. Usually this is during the weekend. 3. You can make a separate policy for them and test the scan times/resource usage on them to see if a quick scan every day is too much for them. Usually this is not an issue and you will most likly be able to use the same schedule on all of your machines. 4. Other then the update item I mentioned above, you should be good with that information. Thank you, Ron S