Jump to content

djacobson

Staff
  • Content Count

    1,295
  • Joined

  • Last visited

Everything posted by djacobson

  1. @Eleanor67 The push tool status is inconsequential, it is not live data. It shows what was the last result of you using the push tool. A machine being pushed to in that moment has a set hardcoded timer that it must reply back within or it will get tagged as unregistered, it is not a "smart" enough app to know more than that about a client during install; even if the client successfully registers anytime after the timer. The client view online/offline status has nothing to do with the 'client has not been registered' execution result of the push tool. If you do not wish to see the push tool results say 'client has not been registered', I can write an SQL query to delete them for you. @JPerez1969 Use all three to restart the service, it is why they are there. It is also likely you are experiencing an entirely different client issue than eleanor, the thing you have in common so far is the push tool results. Clients flipping offline/online in client view when the actual machine is the opposite of what it says can be a myriad of items. The MEEClientService being off when you go check on it has two or three causes. Other items that can help: Disable Windows fastboot. Try setting MEEClientService from Automatic to Automatic (delayed start) - this is the "Start Up Type" option in policy or can be done directly in Windows Services.msc. Exclude "C:\Program Files (x86)\Malwarebytes' Managed Client\sccomm.exe" from Windows Firewall, Windows Defender, and any other security or access restricting programs you may have in place. Ensure C:\Program Files (x86)\Malwarebytes' Managed Client\sccomm.exe.config is not blank. Also ensure that C:\ProgramData\sccomm\SCComm.xml is not blank and contains the correct server address.
  2. Logging in as an admin or user in an admin group with modern Windows does not give you administrative permissions directly. If you have not yet tried this, right click the exe and run as admin. The MSI needs to be ran with an msiexec command from an admin elevated CMD. Also make sure the installers are copied locally to the machine being installed, they do not work reliably, if at all, over network drives and shares.
  3. Please fill them all out to restart the service.
  4. Usually with servers, it's best to use the Windows Admin account as the logon for the push tool rather than your domain admin creds. Temporarily enable it if you have it off, and give it a password. Even when you are the AD admin, often times that is not enough to give the push tool the ability to access the another server.
  5. Hi @Eleanor67, please use your service failure options in Policy -> your policy -> Edit -> General -> Enable Service Recovery Options. Set the options, changing the "None" to "Restart Service", use an initial time of 2 minutes.
  6. Hi @wep, if the endpoint has the installation already, you can right click the system tray icon and start a scan. This will follow whatever is set in the policy, so if you do not have an installation on that machine or are disconnected from the network and need to use a more customizable scan, grab your MBBR (Malwarebytes Breach Remediation) tool. This is a cmd tool for Windows, terminal and gui for Macs. You can find it in your Endpoints -> Add Endpoints -> Dissolvable Unmanaged Remediation Tool. Instructions on how to use and the scan switches available are contained within a PDF guide that is inside the download. Let me know if you need any help.
  7. Problem was identified and fix is rolling out. The page should be available now if not shortly.
  8. There is one in the works though paused as development resources are being utilized on a migration tool for MBES 1.9 to MBEP Cloud.
  9. Hi Steve, I created a case for you so that our L1 team can take care of finding this information. You should see an email confirmation of the ticket shortly.
  10. Hi @Steve_Grande, yup, no problem! We can pull this from your database or look it up by the email used to make the purchase.
  11. Are these a list you made or file you suspect are infected?
  12. *.belairinternet.com is blocked for a string of trojan downloaders in March on that domain. This link shows some of the hashes for the offending files - https://www.virustotal.com/en/domain/belairinternet.com/information/ - if the site gets cleaned up, a request for review and release can be done.
  13. Your attachment is corrupted and unreadable.
  14. Hi @Cartaphilus, the business version of the product does not have an interface or a report tab, are you using the consumer version?
  15. The idea was to lock the settings, this was dreamed up before it was a managed product.
  16. it's out! https://www.malwarebytes.com/partners/managed-service-providers/
  17. Apologies for coming across this so late in the week @theyzer! We've had a series of agent updates recently, it's possible some could need a restart to finish it. There's also a recent virtual adapter issue that's popped up, this is related to engine version 1.2.0.680, in some cases it is having trouble downloading the plugins, so you may not have the items needed to run scans or the Malwarebytes Service (mbamservice.exe). Malwarebytes Endpoint Agent service (MBCloudEA.exe) and the tray icon (Endpoint Agent Tray.exe) are likely still running. We can confirm the version and some of the behavior in logs from the machine, though let's move the conversation about that back to your thread - https://forums.malwarebytes.com/topic/245780-green-icon-for-endpoints-in-console-turns-grey-and-stops-scanning/
  18. That article looks to have been retired. Use this MBMC upgrade KB for the download - https://support.malwarebytes.com/docs/DOC-1043
  19. Hi @MarkMems, the push install columns are not customizable but when you scan with it, the execution result column will tell you if the target machine is using an older version and can be upgraded.
  20. There are many moving pieces to MBMC, the server, the client comm, and the three separate protection software products, MBAM, MBAE and MBARW: MBMC 1.9.0.3671 Managed Client communicator (must match console) 1.9.0.3671 Anti-Malware 1.80.2.1012 Anti Exploit 1.12.2.147 Anti-Ransomware 0.9.18.806 You can right click the top row of your MBMC Client View and add the version number to the columns to see them. On the endpoints, Anti-Malware will not be seen, it is installed under the Malwarebytes Managed Client version entry. So is Anti-Exploit, until it next upgrades over the air to a version newer than the console deploys, then it will show a new separate entry
  21. Hi @straffin, my bad on the TestPUP, I mistakenly made a no-no and posted it to the thread reply instead of a separate hosting link. Use this link - https://malwarebytes.box.com/s/za0zyzwrdbumesqx8e3eo489edad0no0 - and I will PM you the passcode. It's also a bummer to learn the Spycar files are gone but TestPUP will do the job!
  22. @straffin, yes we do have such tools. You can use the one attached* for interacting with, and triggering the real time, or leave it somewhere for a scanner to find. *Linked on Box in new thread. Another good resource to test that the scanner is looking in certain areas during scheduled scans, is using Spycar. They make a test detection suite for scanner engines - http://www.testmypcsecurity.com/securitytests/all_tests.html#AllTests* *Spycar is dead, RIP. ☠️
  23. I haven't yet been able to get data on how the trigger to start it has been changed, but I can confirm it is still needed for correct operation.
  24. @EthicalPrivate another idea was brought up by the D&D tool uses your DNS to resolve that address, this could also be an issue with the DNS cache. Try an IPCONFIG /flushdns to reset that and see if it can help.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.