Jump to content

djacobson

Staff
  • Content Count

    1,298
  • Joined

  • Last visited

Posts posted by djacobson


  1. A greyed out 'remove client' option means your machines and groups are AD OU imported entries. AD OU is a mirror in MBMC, you cannot perform a deletion from your AD via MBMC.

    • If the machine has already been decommissioned from AD, delete and re-add your whole AD OU group in MBMC to force a re-sync.
    • If the machine has not been decommissioned from AD properly, you can use the cleanup options in the Admin tab -> Database Settings -> Cleanup Settings -> 'Delete Obsolete clients ____', 'when client has not accessed server for ____ days'.

    Note that the last option will drop a client from the MBMC database table when it has not accessed the server for x amount of days; but if it still exists in AD, anytime your AD OU re-syncs, the machine will be back.


  2. MBMC is unable to install normally on Server 2019 because of the built-in embedded SQL Express 2008 R2, this is not supported by Server 2019. MBMC can still install if you choose to use an external SQL that you connect it to instead.

    Other items to note that will trip up Server 2019;

    • MBMC installer needs TLS 1.0 to be enabled during the install portion, TLS 1.0 can be disabled once again after the installation is complete.
    • Second is modern Microsoft Server OS comes with IIS 8 Express, or IIS 8.5 Express, installed and enabled by default. This is a conflict for our installer process. IIS8+ needs to be removed or an alternate server without this role needs to be chosen. The MBMC console requires the use of IIS 7.5 Express for its reporting function. If the server isn't actively using the IIS 8+ Express, the admin can disable the built-in 8+ Express role in Server Roles and Features prior to MBMC install.

    Items needed are SQL Management Studio, a newer Server 2019 supported SQL Express, and the exact same MBMC installer as your existing MBMC Console. Do not attempt to upgrade MBMC versions during a migration!

     

    Instructions for creating SQL Express external instance setup:
    Download a new SQL Express installer.

    Then follow these instructions for setup:

    1. Choose to create a New Installation.
    2. Choose "New Installation or Add Features" then click Next.
    3. Accept the license, then click Next, then Next again.
    4. Name the instance (I suggest naming it Malwarebytes) then click Next.
    5. Click "Use Same Account for all SQL Server services."
      • On the popup, enter your Windows credentials.
    6. Choose Mixed Mode authentication.  Create a password for the SA account, then click Next.
    7. Click Next two more times and finish the SQL installation.

     

    Instructions to attach existing embedded SQL database to new SQL Express external instance:

    1. On your old MBMC server, go to C:\Program Files (x86)\Malwarebytes Management Server\App_Data, the directory may also be named "C:\Program Files (x86)\Enterprise Edition\App_Data" if you've had MBMC early versions.
    2. Inside “App_Data”, locate the scdb.mdf and scdb.ldf files.
    3. Copy these files to the folder C:\Program Files\Microsoft SQL Server\MSSQL[your SQL version number].[your SQL instance name]\MSSQL\DATA.
    4. On the new SQL Server, open SQL Management Studio and log into your instance.
    5. In the menu on the right, right-click on the "Databases" folder under your SQL instance and select "Attach", navigate to the MSSQL folder where you previously copied the files and select the scdb.mdf database file.
    6. Once attached, rename the database from C:\PROGRAM FILES (X86)\MALWAREBYTES MANAGEMENT SERVER\APP_DATA\SCDB.MDF to just scdb, no extension.
    7. Use SQL Server Configuration Manager to enable Named Pipes and TCP/IP on your SQL Server setup - see this link if help is needed - https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-or-disable-a-server-network-protocol?view=sql-server-ver15#SSMSProcedure

     

     

    Instructions to connect MBMC install on new server to the new external SQL Express instance:

    1. Run the MBMC setup to install Malwarebytes Management Server.
    2. On the SQL step choose 'Use External Database."
      • Enter the Database Address, if named Malwarebytes from the first instruction set on step 4, it will be ".\Malwarebytes", without the quotes.
      • Enter the username as SA, and then the password you created for it.
    3. The installation will connect to the instance and find the existing database as attached.
    4. Installation will complete and you will be prompted to log on to MBMC, all previous existing accounts on the old server before the migration will be available to use. All previous settings / policies / agents will be right where you left them.

     

    Hope this helps!


  3. Clients can receive signature updates if they were previously set to get it from the internet before they went off-network, but the client will not receive any changes to the policy you make or be able to send back its status as long as it remains off-network. Roaming and remote clients are not supported on MBMC.


  4. MBMC's admin guide lists the compatibility for the Managed Client communicator portion. To understand the compatibility for each of the protection pieces, it is best to read the admin guides for those individual items.

    Anti-Ransomware 0.9 Admin Guide:
    Operating System: Windows 10 (32/64-bit), Windows 8.1 (32/64-bit), Windows 8 (32/64-bit), Windows 7 (32/64-bit) • CPU:  800 MHz or faster • RAM:  1024 MB • Free Disk Space:  100 MB • Recommended Screen Resolution: 1024x768 or higher • Active Internet connection 

    Anti-Ransomware 0.9 Administrator Guide.pdf Anti-Malware for Business 1.80 Administrator Guide.pdf Anti-Exploit Unmanaged Client 1.12 Administrator Guide.pdf Management Console Administrator Guide.pdf


  5. Ah man, I was hoping that could help explain. MBMC's push tool uses netbios protocol, it can send the query out to the machines on other subnets, but without a WINS server role in place, the client's response will never make it back to the MBMC server.

    From that MBMC server, are you able to open a net use share from cmd on the target server?

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.