Jump to content

AndrewPP

Staff
  • Content Count

    44
  • Joined

  • Last visited

1 Follower

About AndrewPP

  • Rank
    New Member

Profile Information

  • Location
    Australia

Recent Profile Visitors

1,038 profile views
  1. Ask toolbar is an 'Unwanted Program' which will be quarantined upon launch, or if scanned. It is fairly benign. https://ask-com-toolbar.en.softonic.com/
  2. I am on a different team in different timezone, but suggest: If the server happens to have ActiveDirectory/DNS co-located with Terminal Server, then review this article - https://support.malwarebytes.com/docs/DOC-2591 If there is any other anti-malware product also running, then configure exclusions to avoid clashes. If the other product has Web Filtering, then disable Malwarebytes' web filtering as two web filters can be redundant/clash. Otherwise, submit a case via https://support.malwarebytes.com/community/business/pages/contact-us To expedite a response, ensure to identify Server Operating system versions. Provide logs up front: https://support.malwarebytes.com/docs/DOC-1818 Submit FRST logs - https://support.malwarebytes.com/docs/DOC-1318 Submit report from Microsoft MSINFO32 utility. Remember to forward the 'FileMail' receipt to the case.
  3. Try this Malwarebytes Excel plugin for advanced reporting - https://support.malwarebytes.com/docs/DOC-2672
  4. Look at latest version of manual - Malwarebtyes Cloud Adminstrator Guide, page 3 Mac Endpoints directories /var/log/com.malwarebytes.EndpointAgent.log /Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent /Library/Application Support/Malwarebytes/Malwarebytes Endpoint /Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist Your symptom means the Malwarebytes Endpoint Agent is not in communication with Cloud Management. A 'good' entry for agent reporting looks like this: 2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO NebulaWebService: postAgentInfo: 2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO URL: https://cloud.malwarebytes.com/api/v1/machine/results 2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO parameters: { data = "{\"schedules\":[],\"engine_version\":\"1.5.0.121\",\"object_guid\":\"\",\"os_info\":{\"os_platform\":\"MacOS\",\"os_architecture\":\"amd64\",\"os_version\":\"10.13.6\",\"os_release_name\":\"macOS High Sierra 10.13.6\",\"os_type\":\"workstation\"},\"policy_etag\":\"3a403b2ecafe4a3e7b398b16858b8f7b\",\"nics\":[{\"description\":\"en0\",\"ips\":[\"10.0.0.1\"],\"mac_address\":\"C4:B3:01:BA:26:5B\"}],\"tray_version\":\"1.5.0.108\",\"object_sid\":\"\",\"plugins\":[{\"plugin_version\":\"1.5.58\",\"product_name\":\"Incident Response\",\"sdk_version\":\"macosx10.13\"},{\"plugin_version\":\"1.5.59\",\"product_name\":\"Asset Manager\",\"sdk_version\":\"macosx10.13\"}],\"culture\":\"en_US\",\"host_name\":\"RMT-3019\",\"time_zone\":\"Australia\\/Melbourne\",\"fully_qualified_host_name\":\"RMT-3019.local\"}"; "duration_seconds" = 0; "job_id" = ""; "schedule_etag" = ""; "started_at_local" = "2018-11-19T08:13:01+11:00"; type = "AGENT_INFORMATION"; } 2018-11-19 19:13:01.031 EndpointAgentDaemon[101:613] INFO EndpointAgent: Boomerang connected. 2018-11-19 19:13:01.543 EndpointAgentDaemon[101:613] INFO EndpointAgent: Update agent info successful! 2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO AgentSettings: Reading custom settings.txt file... 2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO AgentSettings: Using external setting: NebulaUrl=https://cloud.malwarebytes.com 2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO AgentSettings: Using external setting: AccountToken=b1db5245-b788-4950-8c8b-xxxxxxxxxxx 2018-11-19 19:13:01.568 EndpointAgentDaemon[101:613] INFO PluginManager: setPluginLogLevel: INFO 2018-11-19 19:13:01.568 EndpointAgentDaemon[101:613] INFO PluginModule: Setting plugin log level to: INFO
  5. See this article regarding Malwarebytes Endpoint Agent not starting - https://support.malwarebytes.com/docs/DOC-2613 and configuration to ensure startup.
  6. Malwarebytes official Privacy Statement is here - https://www.malwarebytes.com/privacy/
  7. AndrewPP

    Clarifications

    Would you recommend running alongside another AV product? Malwarebytes is a primary AV/Anti-malware product so running alongside other products is no longer necessary. We have many customers running with Malwarebytes-only or Malwarebytes + Defender. However, Malwarebytes has a long history of running alongside other products and also led the market with anti-exploitation and anti-ransomware detectors. Other vendors product should be configured to ignore/exclude Malwarebytes, refer the documentation, and visa versa. Web Protection may be mutually exclusive with some vendors and need disabling in one vendor or the other. Can we fully control the MalwareBytes installations from a single MalwareBytes Endpoint Protection console (we have 2 geographically separate offices)? Yes, you can log in to the cloud console with a Chrome browser and manage from anywhere in the world. We have no formal network at either office (Domain or Workgroup) in place. Would we have access to the full functionality of the cloud console given all our PCs are effectively "standalone" (Asset Management, installs & re-installs, definition updates, scan scheduling, Virus removal etc.)? Yes, this is a very common deployment scenario in our smaller business customers. MSI and EXE are pre-configured for your account. In your scenario, you will need to have local-machine Administrator credentials for each machine to do an initial install. Endpoints self-update, pull updates directly from the cloud servers. Each connects to the cloud server to retrieve commands for updates, scheduling, scans and other policy items. A free Discovery and Deployment Tool (8 Mgb) can be downloaded into workstations in a subnet and scan from there to do a push-deploy, local machine\Administrator credentials are required. If all have same password, then tool can push to all endpoints in a single scan. We have assumed we would need Malwarebytes Endpoint Protection but what is MalwareBytes Endpoint Security? Endpoint security needs an on-premises server. You will have added complexity in networking if you went down that path. We were really asking for reassurance that the Console doesn’t require a formal network and that our collection of (what are effectively) standalone PCs can be managed by the Console. Confirmed. I am a pre-sales engineer with Malwarebytes and have worked with customers on many of these scenarios. Malwarebytes freely offers trials, so if you kickoff a trial from the website, you can easily validate the above. Most of the information you require is in the administration guide - https://www.malwarebytes.com/pdf/guides/MBQSG.pdf?d=2018-11-01-14-34-03--0700 The questions you are asking are pre-sales questions and will get low priority in the queue, behind subscribed customers, whereas if you are on trial, they will be answered through the sales channel.
  8. 1. Viewing Endpoint Versions - Use Malwarebytes Excel Add-In From this you can see versions of components and protection update status. There is an asset information and health data view. https://support.malwarebytes.com/docs/DOC-2672 available for Endpoint Security too 2. Knowing Endpoint are Working Currently, this can be best seen through the Excel Add-in. Freshness of versions and online/offline status can be checked. There is colour-coding for unprotected endpoints. Web blocks are voluminous and better viewed through reporting. 3. Information from Endpoints Comprehensive information as an endpoint status can be viewed by this script - https://support.malwarebytes.com/docs/DOC-2617 Apart from ctrl-right-click, the protection logs are all directly available in c:\ProgramData\Malwarebytes\MBAMService\ xxDetections\ and scanResults\ subdirectories have much more detailed JSON logs than Endpoint Security. The management agent log is similarly available These logs can be silently viewed via network share e.g. c$, if required 4. Viewing Detections Elaborating, the dashboard panel shows last 72 hours/3 days. Viewing Detections list for last 3 days gives you the data you required. The Malwarebytes Add-in for Excel can filter for last 3. Agree a quick-link to filter Detections table to 3-days, only, would be neater
  9. AndrewPP

    EICAR virus

    In addition to the above and elaboration for Endpoint Protection capabilities. 1. Run 'Windows script to display Malwarebytes Endpoint Protection Agent Health and Service Status' to show all services and inner detector services are running. https://support.malwarebytes.com/docs/DOC-2617 2. Download a relatively harmless potentially unwanted program (PUM) such as Ask Toolbar which is annoying but not damaging and double-click to start installation. https://en.softonic.com/download/ask-com-toolbar/windows The Real Time Protection (RTP) Payload Analysis detector will quarantine it. This will assure to you that protection is operational and detects an EXE program executable (PE) launch. Note, a PUP is detected by our same anti-malware 'rules' engine which detects viruses/malware. One of our many vectors.of protection. 3. Consider also, the Malwarebytes Excel Addin, for detailed checking of endpoint versioning and freshness. https://support.malwarebytes.com/docs/DOC-2672 4. Succinctly, technically, EICAR is an archaic/obsolete16-bit COM program which will not even execute in modern Windows workstation to display its message 'EICAR-STANDARD-ANTIVIRUS-TEST-FILE'. EICAR need to update this to a modern and relevant test. Using a PUP is a much more relevant test that Malwarebytes is operational. Otherwise more details on testing have been provided by DCollins.
  10. You previously stated "Granted, we've never turned on active protection which may be the key " Correct - If you configure this, you are running the MBIR plugin which has zero IP blocking capability and would see no symptom If you turn on any realtime protection, MBIR plugin will be replaced by MBAMPlugin and you will see MBAMService started. The workaround on our support site was written in response to customers experiencing a problem with ActiveDirectory and DNS on the same host. DNS was inadvertently blocked, the defect was reproducible, hence the article published. If you are not experiencing the issue/never had the issue and have realtime protection enabled, can you please provide some more specifics about your Windows operating system and configuration for each, so we can add to testing. The defect is in our queue for resolution.
  11. These recently released Malwarebytes Excel Add-ins provide a health check Endpoint Protection - https://support.malwarebytes.com/docs/DOC-2672 Endpoint Protection - https://support.malwarebytes.com/docs/DOC-2617 - script to run on an endpoint Endpoint Security - https://support.malwarebytes.com/docs/DOC-2679
  12. I have made a script available to display the Malwarebytes Endpoint Protection configuration and service status. It requires no privileges and uses standard windows commands and scripting to display information from configuration files and logs, in an efficient manner. https://support.malwarebytes.com/docs/DOC-2617 (corrected link) Tags: Health, Status, Services, Updates
  13. See this, just released - it does > 30 days
  14. If the four real-time detectors are turned off, MBAMService is not run, a different MBIR incident response plugin/service runs.
  15. Article is filed in support under business, Endpoint Protection content and correct as per Dyllon's clarification. Direct filtered link to all EP content is this - https://support.malwarebytes.com/community/business/content?filterID=contentstatus[published]~category[endpoint-protection]
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.