Jump to content

trevoralf

Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

800 profile views
  1. Spyware.Agent detected during scheduled scan in: C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.TESTTOOLS.TESTPLATFORM.V2.CLI,VERSION=16.5.0.2020020501\PAYLOAD.VSIX Looks clear on VirusTotal. I've renamed the file to doc to allow upload. PAYLOAD.doc
  2. Hi, This application has been developed by an external developer and is specific to our company only. It's being detected via the Anomalous File Detection and I believe is a false positive. I've checked it via virustotal.com and it comes back as clean. I've also logged a call with MB Support (case 00067475) and they have suggested the issue is due to the files not being digitally signed. I've been in touch with the developer to ask them to look into this, but support have also suggested I upload the file here as the only way I can currently find to prevent the file being deleted is to either disable MB completely or turn off the Anomalous File Detection in the policy (as none of the exclusion rules I've tried to set up for this are working). ArchivePrint.zip
  3. Hi Dyllon, Sorry for the delay in getting back to you. The old version of AM appears on both the client view and the same version appears if i scan the machine in the Client Push Tool. However, if i walk to the machines in question and look it shows the new version of AM. The database version on the client view is updating and showing today's updates so it isn't that the client view isn't updating.
  4. I've resolved the AM install issue. The debug version of AE that you've provided doesn't display the same problem so we're going to put the original version back on to see what happens and i'll post back.
  5. I've sorted the MBAM install issue, so i'm just left with multiple versions of AE blocking every protected application now. (P.S. Is it possible to edit my own posts, rather than keep replying to myself?)
  6. Further details - we've uninstalled the client, MB and AE via the console and tried reinstalling. This has reinstalled AE 1.08.2.1189 which stills gives the same problem. It also is refusing to install MB. We've tried via the console and via a package but, although the install appears to go correctly, MB doesn't get installed (although a MB folder appears in Program Data with the rules etc within it). We've then tried uninstalling everything, manually deleting MB related folders in Program Files and Program Data and the sccomm folder, running the mbam clean managed exe and MB still won't install (and AE still blocks eveything).
  7. Hi, We've got a couple of machines here where AE is suddenly blocking every protected application including Word, Excel, Powerpoint and Adobe Reader (Exploit shellcode copied to memory blocked ). Both are Windows 10 with Adobe 10, different versions of Office (2007\2010) and have McAfee VSE and HIPS running, but there's nothing particularly unusual to them compared to the couple hundred other machines running similar software. The machines were running AE 1.09.1.1266, so we've manually upgraded them to 1.09.2.1291 but are still getting the same problem. As anyone got any ideas what may be going on?
  8. Hmm, I'm gradually being driven mad by this. I've picked 20 PC's that are on AM 1.80.1.1011. My understanding from your previous posts are that they need to have the AM client re-pushed to them to get them up to 1.80.2.1012. However, I pushed this about 6 hours ago to the 20 test machines and they are all still showing as 1.80.1.1011 - some have been restarted multiple times but are still showing the old version in the console, although if i physically walk to them and look the icon on screen says 1.80.2.1012. Given that some of the machines have been restarted multiple times over the space of 6 hours and are still showing as the old version what else might be required to get them to show in the console? I'm now in a position where i've no idea which machines are up to date or not. I did completely uninstall MB from one of them, reboot and then reinstall and that shows as 1.80.2.1012 straight away but that's going to make upgrading all the machines take twice as long as i was expecting...or have i missed something and you do have to uninstall the old version before you out the new one on? Then again, the machines themselves are showing the new version so maybe not....
  9. I though this was sorted but it appears the issue has just moved to another cause. I've noticed AE on machines still aren't updating, but now it's because our firewall blocks EXE downloads to users and it looks like that's what the AE update is trying to do. I'm obviously not keen on allowing EXE downloads just to get AE updating so I've checked where they are coming from to see if i can just allow that source. However, they seem to be coming from 104.82.105.62 which resolves to an Akamai server and presumably the IP could change. If i can't add this as a reliable exception to the EXE download rule, is another option for me to tell the clients to get the updates from the server and just allow EXE downloads for the server? Or am I missing some other solution?
  10. Thanks for the reply Dyllon, All the clients I've seen this issue on at the moment are on different subnets to the server. However, plenty of other machines on the same subnet as the ones that's failing are scanning correctly. I've checked network configs, pinging across the subnets works fine etc. but can't seen anything obvious. Yesterday I manually installed the client package on one of these machines and it's communicating with the server with no problems, so i have a manual install as a fallback but it would be good to understand what's going on.
  11. I don't know why i bother sometimes - I've just tried again on the same machines and now it has put the latest version on them.
  12. Hi Dyllon, Thanks for the update - I think the AE issue is now explained by an over-cautios AV setting on our firewall. However, I'm not seeing what you have suggested with the AM. I've got around 90 machines on 1.80.2.1012 and around 120 machines on 1.80.1.1011 (plus a few others on older versions). Pushing the client back onto the 1.80.1.1011 machines isn't upgrading them to 1.80.2.1012 as your post suggests should happen.
  13. I should also point out that the machines in question don;t have any MB software installed at the moment (hence me trying to scan them via Push-Install)
  14. Hi, I'm having an odd issue where some clients appear 'invisible' to the scan on the Client Push Install page. I have a number of clients within an IP range, all with the same firewall, policies etc. If I scan (simple scan, no software detection) the range then most clients appear, except for a few that just don't appear in the 'Computers found' list for no obvious reason. I can see from the live firewall logging (while connected to an affected client) that the request from the server is arriving at the machine and is not being blocked. There is nothing i can find that's different between the majority of clients that are scannable and the odd few that are 'invisible'. Please could you let me know if you have any ideas what may be stopping this working? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.