Policy Module ftp as endpoint update in Malwarebytes Management Console Posted November 22, 2016 Hello, if you mean for the alternate update location, this feature is kind of unruly and not easy to manage. These signature changes happen 6-18+ times a day. You must do this manually each time you wish to create this offline update location. You'll first need to visit this link - http://data-cdn.mbamupdates.com/v1/database/rules/version.chk - copy the signature version number and paste it into a notepad and name it version.chk. That will give you the version for that moment and have you create the version.chk file the program will need. Copy and paste these URLs into a different notepad... http://data-cdn.mbamupdates.com/v1/database/rules/data/rules.vYYYY.MM.DD.ver.ref http://data-cdn.mbamupdates.com/v1/database/rules/data/rules.vYYYY.MM.DD.ver.ref.yaml Edit out the vYYYY.MM.DD.ver and replace it with the signature version number you copied earlier. For today 11/22/2016, 9:56am Pacific, the signature is v2016.11.22.09, so the links would be edited to... http://data-cdn.mbamupdates.com/v1/database/rules/data/rules.v2016.11.22.09.ref http://data-cdn.mbamupdates.com/v1/database/rules/data/rules.v2016.11.22.09.ref.yaml Navigate to these links, they will invoke a download. Save the rules.v2016.11.22.09.ref and rules.v2016.11.22.09.ref.yaml files to a folder named "data" (must be named data!), place the data folder and the version.chk together in your alternate location. Note this example has the required data folder under a directory also named data, this is not necessary, the root can be named anything you want as long as the .ref and .ref.yaml are in a folder named data placed next to version.chk. This shared alternate location requires that "everyone" has permission to this location. If the shared folder has been set up correctly and specified in the policy to download from it, then you should see in the client log (%ProgramData%\sccomm\sccomm.log) that the client pulled the signature update from the location that was specified in the policy. If the share was not set up correctly, you will see errors in the log. In this case, the .erf and .ref.yaml files were placed inside the shared folder without being in the data folder, therefore the MEE Client could not find the database files. I hope that helps!