Jump to content

AlexLeadingEdge

Honorary Members
  • Posts

    192
  • Joined

  • Last visited

Posts posted by AlexLeadingEdge

  1. Hi guys,

    Malwarebytes is quarantining Free File Sync, including the Donation Edition which removes all the ads, so we attempted to add the MD5 Hash to Malwarebytes Cloud / Nebula but it doesn't seem to replicate through and stop Malwarebytes from quarantining our install file.

    In the new Exclusions window the Exploit Protection option is ticked, but Malware Protection, Ransomware Protection and Website Protection is grayed out as options to select. I'm wondering if this file comes under Malware Protection and therefore doesn't automatically stop the blocking of the file?

  2. Hi guys,

    When I do a scan it I get emails saying "machine.command.failed".

    I've asked about this problem before and I was told that this meant the machine went offline, but I have computers that are on 24/7 and they're still doing it so I'm not convinced. Is there a better explaination for this? How do I fix it?

     

    Also, is there a way to silently uninstall and reinstall Malwarebytes Endpoint Protection that I can do via command line? I have remote management software so I can add or remove programs if I have the installer or uninstaller switches.

  3. Hi guys,

    Just saw this on one of our workstations, how do I know if this is not a false positive?

    Name    Type    Category    Status    Path
    Spyware.Agent    File    Malware    Quarantined    C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER\ADOBEUPDATER.EXE
    Spyware.Agent    Reg, Value    Malware    Quarantined    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER\ADOBEUPDATER.EXE

  4. 20 minutes ago, Porthos said:

    The client purchased or was just using the wrong version of Malwarebytes as it is not designed or licensed for server use.

    They have had the same licence since October 2016. It was sold directly to the client, they asked for a version that would run on Small Business Server 2008, as this was their server at the time (now Server 2012R2 for the Terminal Server and 2016 for the Domain Server). As far as I know Malwarebytes Premium was the only paid-for version available at that time.

  5. I have installed the Malwarebytes Cloud Console version and it works fine. I was hoping to avoid this as the client already owns a 3-pack licence of Malwarebytes Premium, so now they're effectively paying twice for the same thing (and I think they've only just renewed their yearly licence).

    Unfortunately New Zealand and Australia are undergoing a major cyber attack so we have had to get this back up and running ASAP, rather than wait until the end of the month for the fix.

  6. Hi tetonbob,

    Thanks for your quick reply. This server is a terminal server and has no wireless devices, hence why the server role hasn't been added.

    How long until this issue is repaired? A rough estimate is fine. I would rather not add overhead by adding services that are not necessary.

    Will Malwarebytes Premium update automatically if the service is running in the background, even if the tray is not able to start?

  7. Hi guys,

    Logging into a Windows Server 2012R2 I am greeted with an error message saying the Malwarebytes Tray has crashed:

    mbam.exe System Error

    The program can't start because wlanapi.dll is missing from your computer. Try reinstalling the program to fix this problem.

    The services are still running, but I can't access the Malwarebytes Tray.

    Reinstalling Malwarebytes doesn't fix the error.

    The only patches that have installed recenty were install three days ago, and are listed here:

    KB4556401
    KB4484384
    KB4556846
    KB890830

    Any ideas as to why Malwarebytes has stopped working?

  8. Hi guys,

    We have accountants here in New Zealand pulling their hair out because Malwarebytes has quarantined the latest update of MYOB Accountants Office (ao.exe) as Ransomeware, as well as links to that file.

    What is doubly annoying is that when I unquarantine it Malwarebytes says it has completed, but the ao.exe file doesn't return.

  9. Hi guys,

    It turned out there were three copies of Malwarebytes on that computer. Version 2 (Corporate), Version 3 (Free, installed via Ninite), and the Cloud Agent we are currently using. Talking to Malwarebytes Support Australia the Cloud Agent should have removed the previous versions automatically but for some reason failed to do so. It appears the Cloud Agent was the only one running but the old folders and files were there from the previous versions and was screwing things up.

    I uninstalled all Malwarebytes using Add or Remove Programs / Programs and Features / appwiz.cpl, only version 3 and Cloud Agent were available to uninstall, then manually deleted all folders with "Malwarebytes", "MBAM" or "MB3" in the Program Files, Program Files (x86), and Program Data folders. Reinstalled the Agent. Scans now work as expected.

  10. Hi guys,

    I'm just working on your cloud system and some files popped up last night that were flagged as malware and quarantined. That's fine, but I would like to take the MD5 or SHA256 hash of these files and put it into the likes of virustotal.com to see if it is a false positive, which I suspect they are. At the moment I can't see any details about the quarantined files other than a Detection ID and Scan ID, which seems meaningless to anyone outside of Malwarebytes. My only option seems to be to release the quarantined files and then upload them manually to virustotal from the end user's computer, which seems extremely risky.

  11. Going by the failure log and comparing it to the scan log of the individual machines, it seems to be intermittent and usually runs the next time it is scanned.

    I wonder if the computers are simply being turned off during the scan and the console is reporting that as "machine.command.failed"?

    Maybe the error message is just not very helpful / self-evident?

  12. No, different companies, different domains. We have PDQ Deploy in some of our bigger client's premises. I have remote access to all of the computers, it's just a pain as there are quite a few. Just doing an audit, it's not as bad as I thought as some have the same error multiple times; it's 10 computers in 6 different companies.

  13. Hi guys,

    At the moment when I do a scan on a computer using the cloud console I'm getting emails like the one below. It's not every scan, maybe 1 in 30, but it's still significant since we have several hundred end points. Re-running the scan gives the same error message (below).

    Any idea as to how I can get them to work properly?

    Quote

     

    Based on your preferences, you are being notified that a new event has occurred on your account:


    Endpoint Name: COMPUTERNAME.DOMAINNAME.DOMAINNAME
    Source: managed.machines
    Severity: warning
    Type: machine.command.failed
    Details: command.threat.scan

     

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.