We have repeatedly had the case that on several endpoints the protection was not working. We could not figure out why yet, but suspect a relation to updates of the engine from 3.1 to 3.3. But that is not the point of this post.
Today we found out that 5 endpoints had no protection since several days. No protection means for us that in the MWB cloud console the indicator next to the endpoint is gray instead of green for an otherwise up and running endpoint. Schedules scan obviously do not run. If we open iptest.malwarebytes.org on such an unprotected PC, there is no blocking.
One user today attempted to manually start a scan and there was no context menu. That is how we discover something is wrong. No context menu means no protection. We then looked at the list of users online in our internal chat system, looked up their corresponding AD computer names and compared that with the MWB cloud console. A boring and time consuming manual task…
To be safe we would have to do such a check let’s say twice a day. Or we would have to ask our users to right click the MWB icon in the tray twice a day and check there is a context menu.
It may be hard to display such issues in the MWB cloud console as the question is how to figure out if a PC is not switched on (“user on vacation” situation) or if there is an issue with MWB. Maybe there is another option...
We have the MWB icon visible in the tray all the time so that users can see whether MWB has been loaded. It would really help us if the icon could be gray in case the protection is not working. That’s what our users here are used to from their home PCs protected with MWB consumer: gray means no full protection, blue means MWB is OK. We could instruct users to report to us if the MWB icon is gray in the tray. And if the MWB client would report that to the cloud (as long as the required communication component is still working) it would help even more.
Currently we are in the situation of not knowing whether our company is well protected or not. We just do no know how many endpoints are unprotected.
Would you consider implementing the “gray icon” feature?