Jump to content

scoutt

Honorary Members
  • Posts

    127
  • Joined

  • Last visited

Everything posted by scoutt

  1. So, changing that setting did nothing, it still shows No Action Taken.
  2. On the client I am not seeing any MBAE-CLI.exe activity. I let it run for an hour. over 6mil events
  3. Once the client turns off javaw.exe it turns all three. But with it turned off it does work as expected
  4. Hi Pedro, I ran Process Monitor and stopped and started the client and MBAE-CLI.EXE never shows in the list. filtered or not.
  5. Hi Ron, That seems backwards to me, don't we want it to be checked for removal? In my other policy It shows "Show in results list and check for removal" and it shows quarantined each and every time in the results. How do I check to see if it is set to quarantine? Eitehr way, if the setting is "check for removal" and the results shows "no action taken" then something is not right, lol I will make the change and see what it does, it may take awhile. Thanks
  6. I let the user know what to do and I will let you know what the outcome is.
  7. Here are the logs RLW-Malwarebytes Anti-Exploit.zip
  8. Thanks Pedro, I have the same problems, stop protection and an hour later it is still stopped. Management server shows the correct version, 1.08.2.1189 but still shows protection is on.
  9. I have some laptops (mostly) that don't seem to quarantine items when they are found. 2/3/2016 8:27:39 AM 2CE33713KS <ip> PUP.Optional.WeDownLoadManager < No action taken > HKU\S-1-5-21-3451057674-2693170720-1305275285-2191\SOFTWARE\WeDlMngr Per policy it should quarantine everything found. I have attached MBAE files Malwarebytes Anti-Exploit.zip
  10. Sorry, been real busy, I missed that download or did you pull it back?
  11. Yes the user, on Win10. and it never reactivates. All our users are admins on the desktop.
  12. Ok, I got back to managed and I still get the same thing. Client shows stopped, management server sees the stop event but still shows on and it never turns back on. Why would the user even get the option of turning it off? Shouldn't it be password protection for admin users?
  13. Thanks for the update. I have done what the article said to do and installed your file you sent me. The only problem I have is I did not have a MBAE to uninstall, just Malwarebyte's Managed Client. So I did uninstall that and the Management server hasn't see me since I uninstalled it. I did stop protection and so far, 45min later, it hasn't turned on, but I assume because the policy is not getting to me now.
  14. Here are all the logs, thanks for the link FRST.zip sccomm.zip Malwarebytes Anti-Exploit.zip
  15. Can you please tell me where they are at, I looked and not seeing such logs.
  16. I just notice that if I turn off my protection it doesn't automatically come on after a certain period of time. Even after the policy check in. It seemed like before this version that it turned it self back on. I also noticed that in the management console i see under the system logs tab it says it was stopped, but under the client info tab it shows it still on.
  17. Sorry, i thought i was under Anti-Exploit for business. Can somebody please move this.
  18. I have a user that takes a word document and runs a add-in that creates a PDF. While this runs it creates a cmd.exe file on the users network drive and Anti-Exploit comes up and says Exploit payload process blocked. I don't want to exclude cmd.exe especially from a users network drive. How would one exclude a process like this?
  19. We have started to deploy Malwarebytes at our facility. We have setup a schedule scan every Tuesday. Now although we only have it deployed to 30 PC's, we noticed something in the scans. HKU\S-1-5-21-3451057674-2693170720-1305275285-3285\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools We use that in our environment with policies. I can exclude that key but I noticed that the number 3285/Software is always different per machine. How do i exclude that key and not be dependent on that number?
  20. I got the new install and when I run it as administrastor it gets to the select database screen, which is all greyed out, and clicking next it tells me: This database is currently being used by another managements server, installation was unable to access the database This is a local database on the exact same server that I am trying to upgrade the console. I have 1.4 installed currently. It will not allow me to progress any further. The FAQ here doesn't say anything about disconnecting the database or? https://support.malwarebytes.org/customer/portal/articles/1835539-how-do-i-upgrade-to-the-latest-version-of-the-malwarebytes-management-console-?b_id=6520
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.