djacobson

Staff
  • Content count

    596
  • Joined

  • Last visited

1 Follower

About djacobson

  • Rank
    Staff

Recent Profile Visitors

4,035 profile views
  1. VB6 error, got it. I'm wondering if you're hitting a desktop heap memory issue, I take it these servers are up for a long amount of time? If that's the case, Anti-Malware may be unable to being its scanning if the heap memory is low. The more user profiles tied to the machine, the worse it can be. Big symptoms start around 80 roaming profiles. Are these in a terminal services role at all?
  2. @DBPaul, I understand your wait has been frustrating. To be upfront with you, our reply time has suffered in the wake of hurricane Irma hitting one of our offices where a decent portion of our B2B support staff works. Whiile those folks were unable to work, the case load had increased to the point where we were, and still are, playing catch up. The response time is usually much better, but right now direct case emails and forum replies are behind. And yes, you are correct, the reporting in the console is not customizable at all or exportable. I've mentioned this here: And here: The report panes are live SQL queries ran each time you click that category or login and land on the Home pane. To go custom in your reporting would require you accessing the SQL directly as you have been doing. We are also free to share the DB's schema if you need it for your query writing. Here's the database schema for console 1.8 - https://malwarebytes.box.com/s/yzov412l8bydq85v5j5kx82ifhnrqz00 Our SQL connections are like this: External SQL use allows for remote connections but you must use an SQL logon, no Window's credentials are supported in this mode. Embedded SQL does not allow for remote connections at all, you must perform the commands locally to the server with the SQL Express DB install. Window's credentials are supported in this mode. If your current account does not have permissions over the embedded DB, run this script (make sure to right clicked as admin), as written by Microsoft, to grant SQL DB permissions to the user who is running it. Add Self to SQL - https://malwarebytes.box.com/s/f3eu99g8f6p00xvyftt4uttu7nwd1d1
  3. I need to step in and clarify, RDS has been fixed for the Anti-Malware portion. However, ARW's current support is for client OS, Win 7 and up. Here's a quick product matrix for some content I am creating around best practice and initial MBEP group/policy setup. Server OS with ARW is being tested, when it is cleared, the documentation will change to reflect that.
  4. Hey @IT_Guy, do you mean you are experiencing the same issue as jkanna here or are you up against supported versus unsupported OS for the feature?
  5. Missed Schedule Scan

    That'll mean creating a variety of possible schedules as mentioned before to ensure at least one is picked up and ran when the machine is on, or go full manual and send those machines an on-demand scan when they do show as online from the portal. These two paths are your only recourse until the cloud has reached its final form through iterative release updates.
  6. Missed Schedule Scan

    The machines only need to be online once to receive the scheduled scan you create in your cloud settings. You can create as many schedules, and assign whichever groups to them as you need, to ensure your scans will happen at a time when the roaming machines are on.
  7. Either one, it is up to you. Read the datasheets to find which one is the better fit for you.
  8. Hi @bhabel, the endpoint saves the detection in local time on the system, MBMC parses the logs and saves different pieces as both UTC 12hr and UTC 24hr. This can cause time discrepancies when notifications are created.
  9. Hi @wiggy, your clients make an outbound connection to the URL's in your documentation. Once the handshake takes place, if the client needs an update, one will be provided to it. If you've already been able to install all the pieces of the protection, besides the initial deployment of the platform and communicator, then there is nothing you need to worry about. If the protection pieces made it, any future updates will as well.
  10. There is an ongoing issue with the Anti-Ransomware portion and unfortunately for now, while you are experiencing this problem, you'll need to disable it. This defect is known and in the eng team's hands right now. MBARW is leaving open threads and it will start to consume the systems resources. If we can get some data from your machines it could really help. FRST log set ARWLogs Process dump as the resource usage starts to climb. FRST Log Please follow the steps below to run frst. 1.) Download frst or frst64 from the link below and save it to your desktop: FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64 2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears. 3.) Click the Scan button 4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt.ARWLogs 1.) Download the trusted, Malwarebytes authored https://malwarebytes.box.com/s/fpbjgxi0cp1feswku3a5d3c92iggv9rp utility/tool and save only to a system Administrator's desktop of the system in question.2.) Single right-click the arwlogs.exe icon and select Run as administrator from the Windows context menu.3.) If a Windows User Account Control (UAC) alert/prompt for arwlogs.exe appears, select the "Yes" button to continue.4.) If a Windows SmartScreen warning alert/prompt for arwlogs.exe appears, select "More info" then select the "Run anyway" button to continue.5.) A Command window will appear and its contents may be mostly ignored.6.) When "Press any key to continue . . . " appears at the bottom of the Command window, type any Enter key to close the window.7.) A zipped archive (yyyy-mm-dd-{COMPUTERNAME}.zip) should have been generated to the system Administrator's desktop.Process DumpWhile the MB3service process is consuming excessive memory, open task manager, right click on the process and select create dump file.Upload the FRST.txt, Addition.txt, yyyy-mm-dd-{COMPUTERNAME}.zip and MB3Service.DMP to this link - https://www.malwarebytes.com/support/business/businessfileupload/
  11. Missed Schedule Scan

    You can instead split the remote machines off to their own group and policy then create alternate scan schedules that include these other remote machines on other groups/policies.
  12. @BigTC2, utilize the Anti-Exploit product. Anti-Ransomware does not support server OS and the server role precludes you from using Anti-Malware.
  13. Thank you @kevinf80, relocking thread.
  14. @kevinf80, Diligence is unable to reply. The reply buttons are not shown for them. Over PM, I had suggested clearing their cache, however this was ineffective. Diligence is going to PM you and open a new thread.
  15. Hi @Diligence, I've unlocked your thread to allow you to continue to work on the MBAR issue. @kevinf80 are you still available to help them?