Rsullinger

Hey Imperator, No problem! If you run into any snags let me know and we can assist further. Thank you, Ron S

Hey Helpdesktndusa, I would like to take a look at the logs to see what files were removed and what we can do to get those restored for you. Can you send me an PM with your e-mail address so I can create a support ticket on our side for this? If this is a FP, I want to collect information for our team so we can get this fixed as well. Thank you, Ron S

Hey Imperator, What version of the management console/management client are you on? If you open up the management console and look in the bottom left, you will see the version number written out there. In version 1.6.1, we put in the ability to add wildcard registration entries like the one you put above. So if you do have version 1.6.1, you can simply put in what you wanted to enter in: HKEY_USERS\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp That will exclude it on all user accounts on the machines. If you are not on 1.6.1, you will just need to update to that and push the new managed client and anti-malware client version to the computer. You can use the instructions here for that: https://support.malwarebytes.org/customer/en/portal/articles/1835539-how-do-i-upgrade-to-the-latest-version-of-the-malwarebytes-management-console-?b_id=6401 Thank you, Ron S

Hey Guy947, These clients are completely disappearing correct? I want to have you run a few things and gather some logs. For this I would like to create a support ticket to gather this information. Can you send me a private message with your e-mail so we can do this? Thank you, Ron S

Hey Jasonsly, The new version of the management console version 1.6. has syslog server support. So you will just need to get onto the newest version for this. You can find the download here: https://downloads.malwarebytes.org/file/mbmc We have some instructions for upgrade as well if it is required: https://support.malwarebytes.org/customer/portal/articles/1835539?b_id=6520 Thank you, Ron S

Hey Cjslaby98, Much like what I mentioned with scoutt, I want to give you some instructions but I want to confirm a few things first with this. Do you mind sending me a PM with your e-mail? I want to create a support ticket on our side to do this. Thank you, Ron S

Hey Jcst, Would you mind sending me a private message with your e-mail? I want to look into your account and give you some instructions to do this. So it may be best to do this with a e-mail ticket. Thank you, Ron S

Hey Scoutt, With the anti-malware for business version 1.80.1.1011, you can exclude that key with a wildcard symbol so it will exclude all the different users and machines. For example: HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools That will stop your policies from being detected. Thank you, Ron S

Hey Mike, No problem! Go ahead and let us know if you run into any other issues! Thank you, Ron S

Hey Mike, I think this may be due to .net framework 3.5 not being enabled. The management client uses .net framework 3.5 and by default windows 10 does not have that enabled. You just need to go into programs and features on the computer and enable it. I am attaching a screenshot to show what I mean. Let me know if that ends up not fixing it. We may need to create a case in our ticketing system if I need to grab more information from the computers. Thank you, Ron S

Hey Guy947, We unfortunately do not have a list of recommended files, folders, or registry keys that Symantec would recommend. However, a basic blanket exclusions of their C:\ProgramFiles(x86) and any Program data files should be enough. One thing you may want to do if you exclude this is to add a \* at the end of the exclusion. For example, C:\Test\*. That will exclude the test folder and all sub folders and files in that folder. So it will help exclude the entire path. Thank you, Ron S

Hey Guy947, It is basically like you mentioned at the end of the post "My first thought is to not use this feature unless I start hearing complaints from users about boot times". You shouldn't need to use the option unless you notice any issues that require the setting. For example, there are some customers I have helped in the past that needed that option because of their log in scripts. Because anti-malware starts on startup, it tries to scan the scripts to make sure they are not that was being run which led to a longer boot then normal. However, if they delayed it by 30 seconds they would not see that boot delay because the script would run its course. So you can leave that setting unchecked unless you run into this type of issue. If you run into such an issue as well, you can contact me or any of our support team at corporate-support@malwarebytes.org and we can assist you there as well! Thank you, Ron S

Hey Scoutt, I have seen this error before and it is usually due to how it is reading the database. I want to give you some instructions but I want to confirm a few things first with this. Do you mind sending me a PM with your e-mail? I want to create a support ticket on our side to do this. Thank you, Ron S

Hello Bmccubbin, Sorry for the extreme delay in response for this. I want to assist you with this matter. If it is possible, can you please PM me your e-mail so I can create an e-mail support case on our end. I want to look up your account and give you some information so I don't want to put that out in the public forums. Thank you, Ron S

Hello Aznxcoconut, For this issue, would you be able to open a ticket referencing this thread? We'll be able to take a closer look at the logs in a support ticket. You can use this link for this: https://support.malwarebytes.org/customer/portal/emails/new?b_id=6401 Thank you, Ron

Hey Jgaswint, I did a quick search on our side and it does not seem to be one created for this. If you have any questions with the requirements for the products if it will assist you let me know! Thank you, Ron S

Hey Mike! That is correct that they will drop in 30 days. If you are on the 1.5 version of the program, you can change how often those clients drop off. This can be found under the admin pane and under the other settings tab. As for an alternative way, you can remove and re-add your OU group. That will re-populate the entries on the management console since it has to query the OU group completely again. Also, if you go to the admin pane and go to the other settings tab you should see the AD sync settings there as well. If it is only showing as un-registered, hitting the sync now button should remove the entry if it is no where to be found in that OU group. If these do not fix it or if you have any other questions, let me know and I can create an e-mail case through our support system. That way I can get any logs if we need to troubleshoot the issue! Thank you, Ron S

Hello Paul and John, I am sorry to hear that happened. That is not something that should have happened and I am interested in why it may have occurred and how our product may have had a hand in it. You mentioned you were able to provide a fix for this, if you want to see why this may have occurred I can assist in troubleshooting this with an e-mail case. Let me know if that is something you wish to do! Thank you, Ron S

Hey Peteo, Sites like virustotal may give you more of an incite as to why this is being blocked. However, it may not have the reason why we have it in our database. If you would like to know more about it, I can get more information about it. But I would like to create a e-mail ticket for this. There may also be an infection on the computer which I would like to verify with a diagnostic log. Is this something you would like to do? Thank you, Ron S

Hey Averum, I would like to see some logs of the clients that are finding the GPO setting to see what could be causing this. I would like to create an case in our ticketing system to process this easier. Do you mind sending me a PM with your e-mail so I can create a case and send you instructions on what to grab? Thank you, Ron S

Hey Pferreira, After you did the update to the management console, did you do a push install to the clients to make sure they have the new version of the software that manages the communication between client and server? If you did and it didn't fix the issue, I would like to have you grab some logs for me. For this, I would like to make a ticket. If you could, shoot me a PM with your e-mail and I can reach out to you further for this. Thank you, Ron S

Hello Crickard, No problem. I can assist with this. We use a sql query on the database to reset the password. I would like to reply to the ticket that you submitted to give you the instructions for this. Can you send me your e-mail that you used for the ticket through a private message? I will get the instructions sent out to you when I get that! Thank you, Ron S

Hello Jasonsly! Unfortunately we do not have an eta on that. We currently do not have an easy way to export our data to a syslog server. It is something we are looking to improve, but I am not sure how far something like that would be. But it has been brought up and submitted as a feature request to our development. Thank you, Ron S

Hello Littleadam! We have not heard of any issues with pushing out the package with other deployment programs such as SCCM. I am not as familiar with Lansweeper, but is there any log that is made in it to show if there was any issues during installation. If not, is there a .msi log that is created in temp folder on those computers? That should usually give you a better idea of the point of failure. Also, if you haven't already, make sure /qn is used for the silent switch. If you have any more information from any of the items I just mentioned, I can create a ticket on our side and we can see where the issue may be. Just shoot me your e-mail. Thank you, Ron S

Hello Send2brian, Unfortunately the IIS 7.5 express is still a requirement for the product and will be used on any new installation. I am not sure of any changes that may be coming to that portion of the install and use of the product, but I can submit that you are looking for this as a feature request/suggestion to our PM. If you have questions about this, let me know. Thank you, Ron S