Jump to content

rssbandittrick

Honorary Members
  • Posts

    50
  • Joined

  • Last visited

Posts posted by rssbandittrick

  1. I'm trying to migrate endpoints to OneView using Kaseya.

    I've tried using Executeshellcommand and also running from a batch file to no avail.

    The result is the same when trying to run the command:

    “C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe” -accounttoken <tokenID>

    Kaseya gives me:

    log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements
    Log4NetConfigurationSectionHandler,log4net" />

    This is not a Kaseya error.

    Can anyone help?

    Anyone here using Kaseya that's successfully used it?

    command works fine If I do it from the desktop manually.

     

     

     

  2. Hi,

    I have a PC running Norton Internet Security and Malwarebytes Endpoint Protection Cloud.

    When MB is install the PC will BSOD.

    When I remove it and leave it off there is no problem with the PC.

    I have an existing case open with support already but wouldnt mind input of others.

    I have reinstalled the PC (Windows 10 64 bit) and the PC still BSOD.

    I have put exclusions in for both MB and Norton to no avail.

    At first I thought it was my scheduled scans causing the BSOD but I've ran both a threat scan and hyper scan and they go fine.

    011019-28392-01.dmp    10/01/2019 16:00:26    KERNEL_DATA_INPAGE_ERROR    0x0000007a    fffff6fc`40006f50    ffffffff`c0000185    00002001`6b2ce860    fffff880`00dea93c    ataport.SYS    ataport.SYS+1e93c    ATAPI Driver Extension    Microsoft® Windows® Operating System    Microsoft Corporation    6.1.7600.16385 (win7_rtm.090713-1255)    x64    ntoskrnl.exe+93ba0                    C:\Windows\Minidump\011019-28392-01.dmp    4    15    7601    306,272    10/01/2019 16:02:01    

    There are 5 PCs in this company all running NIS and MB and only this one is having the issue.

     

    thanks

     

  3. Thanks.

    i've tested the site on my PC running MBEP and it blocks it. It was also MBEP that picked up the submitted file. However, I was curious to see what this file actually did when executed as this file has been on the customer PC for weeks before I installed MBEP.

  4. @BenCunn Dyllon told me yesterday that stopping the services via CMD whilst the problem is happening will not work. See his email:

     

    Quote

    I've come to find out from engineering that killing mbamservice.exe on the managed Malwarebytes will crash the machine, do not use this as a process for testing anymore. Bad advice on my part, I apologize. For the commands, don't use them when you are having the issue, set the computer to have web off, file on; another with web on file off before you start and see if the lockup happens accordingly.

    You can also set this via policy, this way you can test populations of machines instead of one or two, and statistically the environment is much more likely to exhibit the behavior and show which realtime setup is part of the issue. Right click your main policy and make two copies of it. These two copies, we're going to setup the different realtime setups to test for which portion is the cause. Configure one policy one way and the other copy another way, assign machines to these policies and let them run. Let me know what you find out.

     

  5. I have also partially replicated the problem on my own computer.

    If I go to task manager and kill MBAMService.exe, the symptoms are exactly what is happening. minus the immediate lock up.

    This does not happen if I I stop it via CMD or services.

    Do you think it could be an issue with this process starting up?

    @BenCunn I'm running ESET instead of Symantec now so it's not the same test.

    Could you enable protection on one of the PCs and change the startup delay from the console to say 90 seconds?

  6. @Bencunn I will keep you updated.

    The last thing Dyllon said to me was this:

    Quote

    There's three pieces to Anti-Malware's real time, the file blocker, the web blocker and the whole engine itself. Each can be disabled to test which portion is causing the problem, that itself can help narrow it down greatly.

    Our command line can help with the testing.

    Tool location:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi

    Enable / Disable web blocker:
    mbamapi /protection -enable ip
    mbamapi /protection -disable ip

    Enable  / Disable file blocker:
    mbamapi /protection -enable fs
    mbamapi /protection -disable fs

    Enable / Disable entire realtime engine:
    mbamapi /protection -start
    mbamapi /protection -stop

    If you have access to taskmgr still during the lock ups, you can kill the real time engine process, mbamservice.exe.

     

  7. I may have spoken too soon. The user is unable to browse "This PC" to show network drives or local drives. I've tried to log in as administrator but it just hangs "loading windows".

    Unable to do anything on this machine really so i've had to reboot it. And guess what happened when I told it to reboot? It hung. Had to force reboot the PC.

    Can we resolve this? Client getting frustrated, I'm too busy to keep dealing with this with no resolve. Disabling MBAM is not an option. Only other option is to remove malwarebytes and discontinue using it elsewhere.

     

  8. Hi Dyllon,

    the computers which have got mbam disabled have not had the issue with opening programs. the pc i reported had it enabled and i've had to hard reboot the computer to get it working again. today i have an issue with a different pc where internet explorer will not load correctly but firefox will. i have tried to run procmon but it wont load. i assume malwarebytes is stopping this too. I just disabled mbam on this PC and saw task manager activity increase a lot then stop. Now Windows Explorer has stopped responding so I've had to kill the process and bring it back up. I enabled MBAM again and I reset IE via IE Options. I also deleted temp files etc and IE opens properly now. Not sure if it was Malwarebytes or just IE.

    You mentioned that MBAE had "blown up" - Do i need to disable this for my customers?

    Can you tell me if the issues i'm having are solely malwarebytes or is it because it's clashing with Symantec?

    Reason i ask is, we're moving our customers to ESET and if it's a clash then I can move them to ESET right away.

  9. @djacobson

    The PCs which had MBAM Protection disabled have so far no had any problems.

    Ive had a call from someone who has it enabled and they're unable to open Microsoft Dynamics NACV 2016 (Process name is Microsoft .Dynamics.Nav.Client.exe)

    I've set this PC to disable protection and it still wont open. I've tried to do some troubleshooting but as always, explorer and task manager are not responding.

    my only option is going to be to reboot this PC.

  10. Hi,

    I have the MGMT console installed on our domain controller.

    When I do an IP scan or any other scan, it does not find the server.

    I have been able to install the agent on the server manually and it shows in the console. However, i'm getting email notifications all the time to say the defs are out of date on the server. When I look on the console and the endpoint I can see that they're up to date.

  11. I've had a call from another customer who cannot open Outlook.

    It started in safe mode with no problems and it also starts up when i disable the Symantec add on.

    They've only recently just had Malwarebytes installed too.

    I tried to log collect and explorer crashed. I tried restarting the process but the PC has hung.

    it's starting to get annoying now

  12. @djacobson

    I got on the PC and started the log collect but explore crashed. I then started a restart and it hung.

    I disabled all Malwarebytes protection via the console and it got a little further but ultimately the PC had to be hard reset.

    logs should be in your inbox.

    I'm reinstalling malwarebytes and Symantec now as I did with the previous PC.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.