Jump to content

djacobson

Staff
  • Content Count

    1,298
  • Joined

  • Last visited

Posts posted by djacobson


  1. Hi  Dominique, I see a LOT of roaming profiles and Terminal Server service and task...

    R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-20] (Microsoft Corporation)

    Task: {5E944F37-0F17-4BA4-A6F7-F1475B1E7A5A} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)

    Unfortunately Anti-Malware for Business (and also the consumer version) does not support Citrix or Terminal servers. It is the likely cause of the error you are seeing due to incompatibility with the server's role.


  2. You could potentially utilize the standalone malwarebytes install, but you'll need to first uninstall the management console deployed version and you will still need updates. Use this link - https://malwarebytes.box.com/s/4wt5rx90jvvy34nzzbtcpnimzwcrtd8s - to download an update package which will run against an offline standalone Anti-Malware install. I made it for up to today's 11th signature revision, 2016.07.20.11. After you remediate with the standalone install, it must be removed before you continue with a console managed deployment.


  3. The signature database included with the first push install is the database that was live when the Anti-Malware 1.80.x program you have at this moment was written. Which was sometime February 2016, 160+ days ago. Your client will receive a new signature database upon successful check-in to your server. The client will register with the server, create its entry in the SQL, receive its settings via your policy and then get signature updates according to what you've defined within your policy.


  4. Ensure that you have PUP and PUM settings set to list for removal and that your scan is set to auto remove. Repeated no action taken detections are what blows the DB up. To clean the DB to continue usability of the console, perform the following:

    1. Open sql Management Studio and connect to the mee/mbmc database
    2. Expand to the database
    3. Right click C:\Program Files (x86)\Malwarebytes Management Server\App_Data\scdb.mdf and select “New Query”.
    4. Paste a truncate command in the new box that opens to the right:
      truncate table dbo.TBL_ClientSystemLog
      truncate table dbo.TBL_ClientSecurityLog
    5. Doing them one at a time put them in and hit F5 to execute. It will open a lower message box stating if the command was successful.

    Note: This will permanently delete all client security logs. Please only do this if you are sure you do not need this data.

    
     
    1. After running the query, right click the C:\Program Files (x86)\Malwarebytes Management Server\App_Data\scdb.mdf again
    2. Click Tasks > Shrink > Database
    3. Perform a database shrink, following the wizard
    4. Attempt to log into your mee/mbmc console again
    5. Once logged in, please click the Other Settings tab under the Admin pane
    6. Change your Cleanup Setting to a higher frequency. This will automatically remove older logs and help keep the database in a more functional size This should help reduce the database size and allow you to log in and use mee/mbmc again.
    7. Create a script to delete the contents of “C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\Logs” on your clients as well. The clients will resubmit their old logs and fill the DB up again if they are left.

     


  5. Importing your OU as a group and seeing them in the Client view is different than how the push install enumerates the clients. Ensure that all clients meet the pre-reqs. 

    *Pre Reqs*
    Firewall off or ports for MBMC are open (defaults are 18457, 443 and 137)
    .NET Framework 3.5 installed and enabled in Windows Features
    Windows Installer 4.0 or higher
    Turn on Network discovery, File sharing and Printer sharing.
     


  6. Hello Mike. The console will always push out whatever Anti-Exploit is part of it when that download was originally released. for 1.6.1.2897, the Anti-Exploit is 1.07.2.1015, despite the latest build as of right now being 1.08.2.1045. You will need to have the Anti-Exploit auto update option on for the machines to update to 1.08.2.1045.

    Registration failed is caused by the client not checking in within a hardcoded amount of time back to the console after install. This is usually due to some other security software you have in place. The first step to solving that is to create mutual exclusion between your other security software and Malwarebytes.

    The shields off can be too many thing to really list here. Most likely thing to is to restart those endpoints. If it still doesn't work, open a ticket at corporate-support@malwarebyes.org.


  7. Hello, there are a few ways this can be done. First, you can choose which policy is your default instead of the built-in "default". highlight your custom policy and click "Deployment". Decide which clients to send it to then hit next. You'll see the option "Apply to new client computer", this is the option that lets new installs pick up an alternate policy on first check in.

     

    Second you can choose which policy you want to deploy when pushing by selecting it as part of the "Client Push Install" options.

     

    Third, you can create an offline installer with whichever policy you want attached, choose the policy in the options while creating the the installer.


  8. zer0day, I apologize, I mistook your build for a managed version which does this automatically. For a standalone build, you can do this in two ways through MbamAPI, mbam's cli interface.

     

    Set/Change log file name/location/file type:

    mbamapi /logtofile "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log.xml"

    Scan Schedule creation:

    mbamapi /schedule /scan -quick -log /xml

    See this PDF for all supported CLI: Malwarebytes Anti-Malware for Business 1.80 Administrators Guide.pdf

     

    post-170395-0-21059400-1457470570_thumb.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.