[MBAR Beta free still up to date?]

Latest MBARW for business is 0.9.17.689, CU Package - 1.1.46. The install is located in the download package linked from your purchase documents.

[Offline Clients Still Showing as Being Online]

Also, follow-up question, are you on 1.8.0.3431 or 1.8.0.3443?

[Offline Clients Still Showing as Being Online]

Is auto-refresh on in your client view? What is your check-in interval in Policy \ Communication?

[Graphics won't appear when printing reports from the managment console]

I got you @Brandon_Lutz!

Here's a Microsoft article about connecting the SQL and making pivot charts, if you need it - https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connect-excel

Here's the database schema for console 1.8 - https://malwarebytes.box.com/s/yzov412l8bydq85v5j5kx82ifhnrqz00

[Malwarebytes anti-malware Corporate 1.80.2.102]

Hi @SteveIT, I'm sorry about the delay, we've been swamped with questions about this thing, thank you for being patient with us.

With the business product, you are protected on three levels; Anti-Malware's web blocker will stop the dial out for the key(it also now has the signature to catch the hardcoded process name used - C:\WINDOWS\mssecsvc.exe), Anti-Exploit stops the vector that is used - compromised PDF's and Anti-Ransomware will stop the encryption process. If your business environment does not keep Windows full updated due to change process, or long term update vetting, it is vital that your security programs are up to date and that you at least patch the vulnerability that was exploited, MS17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Also check out our MalwarebytesLabs blog which dissects this ransomware, once you see how badly it is coded, it won't seem so scary at all.

https://blog.malwarebytes.com/cybercrime/2017/05/wanna-cry-some-more-ransomware-roundup-special-edition/

https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

[Graphics won't appear when printing reports from the managment console]

As an alternative, you could connect your SQL DB to Excel and create/print out all the charts and tables you can think up out of the data. Let me know if you want the DB schema so that you can accomplish that.

[Graphics won't appear when printing reports from the managment console]

It's not the product specifically but the IIS web server that is the root cause, sometimes reinstalling your IIS can fix it, but this issue is really quite random unfortunately.

[Graphics won't appear when printing reports from the managment console]

Thanks @Brandon_Lutz, what is your console version number?

[Cannot open programs]

Here's the screenshots of how those policies should be set...

["Protection Disabled" in MWB (Corporate) v. 1.80.2.1012]

Hi @Rammer47, I've got your logs saved and I'm going through them. I'll give you feedback on it soon.

[Graphics won't appear when printing reports from the managment console]

Hi @Brandon_Lutz, the IIS you are using, is it a full IIS 7.5, 8 Express or 7.5 Express? Do you have IE Enhanced Security turned off?

[Cannot open programs]

Use the commands for now guys, I'll investigate the mbamservice piece.

[Cannot open programs]

This is a console managed build yes? And .Net 3.5 is enabled in Windows Features?

[Cannot open programs]

mbamservice.exe is the whole realtime engine, if killing it causes the machine to lock up, the issue may not be caused by Anti-Malware's realtime engine at all, this points heavily to some other program that is interfering with mbamservice.exe. whatever that other process is, is what we need to find. @BenCunn do you also use Kaseya?

[Cannot open programs]

@kieferschild I'm going to convert this into a case.

[Remote hosts cannot see management console]

They should be good, just checked, refresh and try them again.

[Remote hosts cannot see management console]

@zacko11288, that version will not be able to do it. You'll need console 1.8.0.3443.

Download that version here - https://downloads.malwarebytes.org/file/mbes_for_business

Upgrade steps are here - https://support.malwarebytes.com/customer/portal/articles/1835539-?b_id=6520

Follow this guide to convert the console use to TLS - https://malwarebytes.box.com/s/cj78akud2pndy568qdfc5hmw5h24zs2m

[Remote hosts cannot see management console]

Hi @zacko11288, what console version are you on?

[Upgrading]

No, the Managed Client communicator and the Anti-Malware portion have to be upgraded manually, there are no plans to change that in current generation of the Management Console. Anti-Exploit, however, was built much later on and is able to upgrade on its own without console interaction, if it is enabled in your policy.

[malware bytes for business and RDS 2016]

For those that may come across this post in the future, this is what the agent software's compatibility is in regards to deployment on servers. Certain Server OS's are supported by the agent software:

• Windows Server 2012/2012 R2
• Windows Small Business Server 2011
• Windows Server 2008/2008 R2
• Windows Server 2003 (32-bit only)

However, there are environment roles which are unsupported. Do not install the Anti-Malware portion of the product to a server which runs:

• Terminal Services (TS) / Remote Desktop Services (RDS)
• Virtual Desktop Infrastructure (VDI)
• Windows Storage Server
• Server Core
• Citrix XenDesktop
• Citrix XenApp
• VMware View
• VMware VShield

[MBMC]

@preyash email corporate-support@malwarebytes.com to start a ticket and I'll resume with you there. We'll need ticket history if we need to escalate this to engineering.

[MBAR - Windows Server]

MBARW will still kick off on the workstation as the encryption process is running on the workstation. What that process is encrypting does not matter, the important part is from where that process is running.

[Upgrading]

Hi @NicevilleIS, upgrades need to be pushed out on console managed deployments. The current builds are: MBMC and Managed Client communicator - 1.8.0.3443. Anti-Malware 1.80.2.1012, Anti-Exploit - 1.09.2.1384.

[GPO for Endpoint Preparation]

Hi guys, we have steps for deploying MBAM through GPO but not a GPO that will do the prereqs. @Casey thanks for sharing what you used to accomplish it!

[Client database version out of date]

Hi @smallen50 your logs show a failure to open an SSL channel. Have you disabled any SSL or TLS protocols on your network? Added an NGFW with SSL Packet Inspection?

2017-04-13 08:20:34.373: ****ERROR*****: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

This machine was updating fine on April 12th, April 13th is when it started to fail:

2017-04-12 14:25:38.262: Download version file: https://x.x.x.x:18457/SignatureDownload/mbam.check.database
2017-04-12 14:25:38.294: Check version.check file content: v2017.04.12.07
2017-04-12 14:25:38.294: Execute CoreClient Update.
2017-04-12 14:25:38.294: Launch client, filename: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe, parm: /update
2017-04-12 14:25:38.310: Update Command started.
2017-04-12 14:25:39.172: Update Command completed.

 

I'm also seeing that you are on outdated software. Your mbam is shown as 1.80.1.1011, which is tied to console 1.6.1.2897. SSL Man in the middle protection was brought to mbam 1.80.2.1012, which is tied to console 1.7.0.3208. However, the latest console available is 1.8.0.3443.

If you want to upgrade, the link is here - https://downloads.malwarebytes.org/file/mbes_for_business

Upgrade steps are here - https://support.malwarebytes.com/customer/portal/articles/1835539-?b_id=6520