Jump to content

likwyd

Members
  • Posts

    14
  • Joined

  • Last visited

Posts posted by likwyd

  1. Just wanted to update anyone following this thread.
    I have been able to get computers back online and scanning for threats via manual and schedule.  Nothing has been the same, consistent workflow for every computer but for the majority, the following worked for me.  Keep in mind, I have tried everything suggested (and then some) in this and other threads before, just not in this order:

    1. Run the clean tool with the /cloud switch, per @KDawg  (it can take a while waiting but you do eventually get a pop-up to reboot the computer).
    2. Check Installed Programs in Control Panel for any left over products that didn't get uninstalled (uninstall if there are; it actually works).
    3. Check processes to make sure the Endpoint Tray.exe isn't running (kill it if it is).
    4. Check Program Files and Program Data for anything named Malwarebytes%.  Delete folder to trash/shift+delete.  No permission errors.
    5. Install full package, per @KDawg (this only seems to install the agent and package msi).
    6. Download and Run mb3-setup-common-3.1.8.1830.exe (linked by @KDawg)

    Previously, I had tried Revo Uninstaller to get rid of previous installation but 24hrs after reinstalling Malwarebytes, endpoints showed as offline again.

  2. 2 hours ago, IT_Guy said:

    If you have slow machines caused my MBAMSERVICE, check your C:\ProgramData\Malwarebytes\MBAMService\logs to see if you have MBAMSERVICE.LOG and a bunch of backup files, mine are all filled with the exact same entries:

    10/19/17    " 09:30:32.523"    61740422    08ac    0940    ERROR    CHAMCTRL    CControlWatchdogDriver::GetRefCount    "ControlWatchdogDriver.cpp"    305    "GetRefCount (err = 2) = 4294967295"
    10/19/17    " 09:30:32.524"    61740422    08ac    0940    ERROR    CHAMCTRL    CControlWatchdogDriver::DecrementRefCount    "ControlWatchdogDriver.cpp"    272    "Error getting driver RefCount - 2"
    10/19/17    " 09:30:32.524"    61740422    08ac    0940    ERROR    CHAMCTRL    CControlWatchdogDriver::Remove    "ControlWatchdogDriver.cpp"    370    "Failed to remove reference"
    10/19/17    " 09:30:32.524"    61740422    08ac    0940    ERROR    SPSDK    Uninstall    "SelfProtectionUser.cpp"    182    "SelfProtection driver failed to uninstall. LE=0."

     

    It repeats this about 2-3x per second and is using 47% of the CPU and almost 100% of the HD.

    I looked at the log on one of my computers having this issue.  It looks like it is constantly trying to uninstall the SelfProtectionUser.cpp and remove the ControlWatchdogDriver.cpp which is failing every time.

  3. 3 hours ago, wiggy said:

    We have deployed to 80 PC's

    We're into a daily routine of...

     

    1. selecting all the 'offline' clients in the cloud console

    2. pinging those PC's showing as offline - to see if they really are offline

    3. for the PC's that are actually on, I connect remotely to their service console and 9 times out of 10 find that the Cloud Agent Service has failed to start when the user booted

    4. I remotely restart the cloud agent service, and that typically gets the PC showing back online in the cloud console

    5. where this happens more that twice on the same PC - I  do a full uninstall/cleanup and a fresh re-install locally under the local admin account.

    At the rate we're going it won't be long until I'll have ended up doing a uninstall/cleanup/re-install on the entire user base

     

    I, along with the other IT admins here, frankly have better things to do with my time.

     

    I did this and had 4/15 able to restart services and connect.  So far 1 out of those 4 have successfully scanned for threats (if that's true).

    The other 11 that gave side by side errors while trying to restart services, I am currently working on re-installing the whole malwarebytes package.  So far, the first two have succeeded. **This is only possible because of Revo Uninstaller**  Without this, I would not be able to uninstall anything.

    Anything that has shown up as online in the dashboard I have started a manual threat scan and I will update tomorrow if/when scheduled scans do their thing or not.

  4. No not all of them.  And at the time those tasks were made, they could have been "online" or "offline" because they have all been in and out.  Yesterday, at one point, I was down to only 1 "online".  Now I'm at a 50/50.

    I did run the clean tools as Admin yesterday but, at this point, I'm not touching anything because I can't be sure results are real or not.  I will wait until Malwarebytes figures it out and pushes the absolute resolution.

  5. 7 minutes ago, IT_Guy said:

    From your log file it looks like the uninstall program is failing to do what we tried to do manually. Can't take permission of the folder to delete the contents, and because the folder isn't empty it can't delete it.

     

    Thanks for testing that out before I ruined another system!

    Thing is, it did delete a lot of the files (comparing to backup), just not all of them.  Question is, why not?

  6. KDawg, thanks for your response.
    I followed your instructions and the log reflects errors uninstalling everything completely. Malwarebytes EndPoint Agent and .NET system prerequisites installer is still listed in Programs.  Log file attached.  I have not tried to reinstall anything.  Waiting on your reply first.

    mb-clean-results.txt

    Program Files still has both Malwarebytes and Malwarebytes Endpoint Agent folders with contents.

  7. I currently have 15/38 endpoints showing as offline.  This seems to randomly happen on occasion and a reinstall has previously worked, but not this time.  I flushed the DNS on a few, as suggested in the FAQ but, it did not help.  I tried using the deployment tool to uninstall and reinstall.  The tool showed that everything was a success but, still, they listed as offline.  So I remote in to one of the endpoints to try a manual re-install.  Attached are the results of an error upon uninstalling the Endpoint Agent.  The endpoints in question are all running Windows 7 64 bit.  The endpoints online are also the same except for one (1) 32 bit machine and one (1) mac.  No proxy and no outgoing limitations on firewall.
    Is anyone else having this problem?

    MWB error.png

    Malwarebytes_Endpoint_Agent_and_.NET_system_prerequisites_installer_20171003101108.log

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.