Jump to content

djacobson

Staff
  • Content count

    1,092
  • Joined

  • Last visited

4 Followers

About djacobson

  • Rank
    Staff

Recent Profile Visitors

6,060 profile views
  1. Malwarebytes cloud platform update - July 19, 2018 Malwarebytes is scheduled to update our cloud platform on July 19, 2018 at 8:00PM EST / 5:00PM PST. We anticipate less than 4 hours of downtime to complete this update. As a customer of this platform, we want to take a moment to familiarize you with the changes that are about to become available. New Features Added easy access to contextual threat information. When viewing detection details, an administrator can click on the detection name (which opens a new browser tab to a Malwarebytes Labs resource) to gain additional background and insights on the threat: Improvements Relocated the “Add Endpoints” link to a new dedicated page in the main navigation of cloud console Added new link to the Malwarebytes Business Support webpage - administrators can access it by clicking on their logged-in user name in the top right corner of the cloud console Renamed “My Account” page to “Profile” to reduce confusion with the Malwarebytes My Account customer account platform Added the license key for subscribed products to the License Information tab within the user’s Profile page Added capability for Endpoint Agent plugins to resume downloading if interrupted – beneficial for customers with very slow Internet connections Added the administrator’s IP address within User Invited events when new users are added to the console Added new event types for Endpoint Remediation Success and Endpoint Rollback Success for Malwarebytes Endpoint Protection and Response Addressed anti-ransomware technology issues for Windows Server and will be enabled based on Policy setting Updated Syslog Logging feature so that when an administrator adds, removes, disables, or enables the Syslog Communication Endpoint it will now create an Event Table headers now remain visible when scrolling down on paginated pages Improved header messaging that appears when selecting multiple items in a table (e.g., Manage Endpoints, Quarantine) Improved validation for Policy form fields Changed “Ransomware Protection” label in Policy Settings to “Behavior Protection” Improved Detections page so that Location ellipses will truncate the middle portion of the path Fixed: Endpoint Agent emitted excessive errors to the Windows log when an excluded file path did not exist on an endpoint Fixed:Endpoint Protection for Mac - If a scan was triggered imminently after endpoint agent installation but before the Endpoint Protection plugin was fully installed and loaded, the agent would be stuck in a “busy” state Fixed: Endpoint Protection for Mac - Scheduled scans are no longer triggered incorrectly Fixed: Endpoint Protection for Mac - Now sends up Agent Information Fixed: Endpoint Protection for Mac - Protection Updates version was reporting SDK version instead of DB version in Scan History, was not reporting in Endpoint Details Fixed: Endpoint Protection for Mac - Non-administrative users are now able to interact with the tray icon Fixed: Endpoint Protection for Mac - User interface now stays minimized during on-demand scans if initiated from endpoint Fixed: Endpoint Protection for Mac - Endpoint Protection plugin will no longer get stuck in "busy" state if a scan is triggered immediately after startup Fixed: Endpoint Protection for Mac - Free Physical memory is being reported as "0" in the Overview tab of Endpoint Properties Known Issues User Verified account notifications are not getting emailed to administrators Windows Server 2008 scans crash when scanning .lmk files Sysprep can fail to run with Self-Protection enables in the policy Within the Endpoint Properties pages under the Detections tab, the Action Taken and Category dropdowns are cut off Modal windows are showing an unnecessary scroll bar Endpoint Protection and Response: When a Remediation action succeeds but Rollback action fails, the Suspicious Activity status is stuck and displays "Pending Remediation" Endpoint Protection for Mac: Scan History tab does not get information populated if Threat Scan does not detect any threats Endpoint Protection for Mac: Timestamps in Scan History Tab for macOS endpoints are in GMT, and not the web browser's locale Endpoint Protection for Mac: Endpoint Agent does not report update_package_version on fresh Endpoint Protection install Our next cloud platform update is scheduled for August 2018.
  2. It should be an instant after checking in; as long as the endpoint can access https://data-cdn.mbamupdates.com and https://sirius.mwbsys.com, and is allowed to download an exe direct through firewalls. Some machines will need to restart for the new version to present in the client view. You can also avoid having to go through the MBAE downgrade / upgrade process on agent upgrade or reinstall; the agent can be deployed without including the MBAE portion of the install, then the existing newer MBAE will reintegrate with the MBMC client software after it is reinstalled. The MBAE standalone installer can also upgrade the version on your machine if you do not wish to wait for the machine to pick it up itself.
  3. Guys, they are using Connectwise, aka Labtech, this is a Malwarebytes partner who's integration deploys and manages MBAM 1.x, MBAE 1.x and ARW 0.9 standalone. Barinder, I'm not exactly sure what you are trying to do, MBAM already integrates with Control Center and this information should already be in the dashboard. Is this some sort of alternate reporting thing?
  4. Hi Strotech, the MBAE build that is within the MBMC package template will be out of date compared to what's out there latest over the air update. We do not recommend changing the package out, if you try to do this to upgrade the MBAE build on the endpoints, it can break the push. It can work for new installs though. The best way to do it without affecting your console is to install the MBAE standalone exe or msi (from the unmanaged folder of the MBMC package) over the top of the existing version using some other means; local install, scripted or through some other deployment tool like GPO or SCCM.
  5. djacobson

    New Version Download

    Step 2 in the KB has you covered... Upgrade to the latest version of the Malwarebytes Management Console https://support.malwarebytes.com/docs/DOC-1043
  6. This can happen as your database becomes full of records and/or the clients have lots of logs to submit or some may be stuck submitting a particularly large log. Use your database cleanup function in the Admin tab to clean the database up. The database has a high propensity to become too full of records because of two item types; PUPs and PUMs. Ensure you are removing PUP items in your policy. Very often we see that MBMC policy is not set to remove PUP's, which will generate new entries every time they are found, over and over. Another item is possible GPO reinforcements getting tagged as PUM's, over and over again. Here are some links around these items from our KB area: PUP and PUM FAQs for business customers - https://support.malwarebytes.com/docs/DOC-2398 What is a PUM detection and how do I deal with it? - https://support.malwarebytes.com/docs/DOC-1205 Configure Malwarebytes Management Console to remove PUPs or PUMs automatically - https://support.malwarebytes.com/docs/DOC-2245 Group Policy registry keys detected as Potentially Unwanted Modifications - https://support.malwarebytes.com/docs/DOC-1417 For client side cleaning, I have an MBMC client maintenance and tweaking script I came up with; this script will stop the client service, kill the process just in case the service doesn't stop, clears the client log sets, restarts the service and also modifies the service failure restart items - this last piece can help a ton for Win 8 and Win 10 clients that often go "offline" in MBMC client view. It also logs itself so if it has any trouble, we can check the C:\ProgramData\sccomm\clientScriptLog.txt file it writes. Deploy this script any way you see fit; onsie twosie, or en masse via whichever deployment method you use and prefer. @echo off net stop MEEClientService >> C:\ProgramData\sccomm\clientScriptLog.txt taskkill /t /f /im SCComm del /f /s /q "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"*.* >> C:\ProgramData\sccomm\clientScriptLog.txt del /f /s /q "C:\ProgramData\sccomm\txthrlog\temp\"*.* >> C:\ProgramData\sccomm\clientScriptLog.txt del /f /s /q "C:\ProgramData\sccomm\txthrlog\"*.* >> C:\ProgramData\sccomm\clientScriptLog.txt net start MEEClientService >> C:\ProgramData\sccomm\clientScriptLog.txt sc failure "SccommService" actions= restart/6000/restart/6000/""/6000 reset= 120 >> C:\ProgramData\sccomm\clientScriptLog.txt exit
  7. Use this in the Registry key area of the exclusion function: HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NOCHANGINGWALLPAPER See this KB for more info and a list of common GPO keys hit as PUMs - https://support.malwarebytes.com/docs/DOC-1417
  8. djacobson

    Exclusions

    It is a slow process, but something that can help is to approach it with scans that are not yet set to remove anything, this way you can see what the MBAM scans will begin tagging for removal without it happening, and you can set your ignores around the stuff your users have versus what actually generates hits accordingly. We don't often interact with items the same way other AV's do, this tactic can help you avoid spending time making ignores for something we're not going to have an issue with, or be able to make an ignore for something you would not of thought needed one. There is some quirkiness to be aware of, and I see it a bit in your post here with the mention of shares. There are limitations to consider. Folder and file paths cannot take a wildcard in the middle of the path, it can only be used at the end to represent everything under a certain directory. Examples: C:\Users\*\Desktop\item.ext - this wildcard usage is not supported. C:\ProgramData\Some Program\* - this wildcard usage is supported. The realtime engine and pieces in the 1.x version has some known complications with applications that run from and/or write too drive shares. Check out this post I made here that brings up the known items and limitations of the MBMC and MBAM 1.x product - See this post for an explanation of our workarounds for mitigating the drive share / realtime interference -
  9. djacobson

    Best Practices Guide for Endpoint Protection

    There's isn't anything like that really, help with approaching scans and removal is most often support staff advice from what we see and know about that program combined with the experiences of customers we help. There is a best practice guide for MBMC, but that is about setting up your server which host's the management side of the on-premises product version. Maybe a compilation of some support staff tips and tricks in a sticky thread might scratch that itch.
  10. djacobson

    Best Practices Guide for Endpoint Protection

    Hi @RandomPersonInForum, funny name! You generally want to have a rootkit scan be totally on its own as it can add a lot of time to the scan. Auto-quarantine is good to engage unless you want the scheduled scan to take no action and just be investigatory into the machine.
  11. Hi @grega09, you are spot on in your research, the MB for Teams product variant would be a great choice to meet your needs here.
  12. djacobson

    Exclusions

    Hi @Peb, for your product version it is in your MBMC console under Policy -> Ignore List.
  13. djacobson

    Business vs Consumer

    Hi @jdemoccc that version is for those that want to run their own server and control Malwarebytes, it is much more hands on. If you are looking for something more akin to your home MB3 experience, that would be the Endpoint Protection, cloud based portal, version of the product.
  14. The policy option to remove pups needs to be engaged in the policy or none will be removed, the program does not have an ability to pick and choose, it is all or nothing.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.