Jump to content

AndrewPP

Staff
  • Content Count

    56
  • Joined

  • Last visited

1 Follower

About AndrewPP

  • Rank
    Regular Member

Profile Information

  • Location
    Australia

Recent Profile Visitors

1,264 profile views
  1. Look in this script, it demonstrates extracting versions from Endpoint Protection configuration files. You can copy/replicate the technique.withvother tools/languages. https://support.malwarebytes.com/docs/DOC-2617
  2. The tool was written for supporting the Endpoint Protection cloud/business product,because it has a locked-down minimalist GUI. Home Premium does not have a Management Agent nor Flight Recorder, so status is correctly reported from my tool. Home Premium EXE has a different name to the Endpoint Protection EXEs. It is a minor script change to test/check for that. I will update it by end.of.week. Thanks for your interest.
  3. The Home Premium and Busines - Endpoint Protection cloud-managed products both use the same 'version 3' engine with its 7-layer protection model. Endpoint Protection provides a central cloud-management console for central enforcement of policy and central monitoring. Business Products are only available to customers with 10+ seats. An additional module is available to business users 'response' for isolation, suspicious monitoring and ransomware rollback, but only for much larger seat counts. You are as well protected with Home Premium as you would be with cloud-managed Endpoint Protection i.e. no need to change.
  4. Use [Action] Scan + Quarantine. A task will be queued awaiting endpoint's next login, to be picked up and run. The task will remain on the queue for 3 days and be cancelled - Failied, if not picked up, but you can always queue another.
  5. Both on-demand and scheduled reports Endpoint Exports have a cutoff at 30 days, calculated from last seen. Console can show more endpoints, which haven't checked in, past 30 days. Excel plugin has a date filter, which allows all records to be retrieved.
  6. Try windows command sfc /scannow It can repair obscurely, damaged Windows components.
  7. You can retrieve c:\ProgramData\Malwarebytes Endpoint Agent\logs\MBEndpointAgent.txt and c:\ProgramData\Malwarebytes\MBAMService\MBAMService.log to understand Endpoint behaviour e.g. whether agents and plugins are turned on, running, active at the time, internal errors. They are verbose and for technical support, but you can try reading. All Endpoint Protection customers have an included Premium support subscription, so raise a case via: https://support.malwarebytes.com/community/business/pages/contact-us Log collection instructions are here - https://support.malwarebytes.com/docs/DOC-1818
  8. As responded by another staff member, feature is added to list. My response was a work-around, in case you hadn't seen it.
  9. Alternatively, the logged-in user name at time of a scan is already viewable in Scan Results/History.
  10. A script has been published on the support site, which can be run locally on an endpoint, to show its service status e.g. during testing and demonstrations. It is read only, needs no special permission except ability to run a Windows command script and is for technical staff. It shows interesting information, on a 20 second timer, including CPU usage, Memory and resource usage. https://support.malwarebytes.com/docs/DOC-2617
  11. Page 18 of November 2019 Guide has MSIEXEC example. GUID is obtained from Endpoint add function.
  12. For an installed threat, Malwarebytes remediation function has a 'linking engine' which finds all related object of a threat and quarantines them, including EXE, DLL, registry settings and files etc. The Detection result will list all components of a threat which have been quarantined. If a scan of type Threat or Custom scan-all-local-drives, that the above process would be applied as running processes are checked. Files on disk should also be found.
  13. Ask toolbar is an 'Unwanted Program' which will be quarantined upon launch, or if scanned. It is fairly benign. https://ask-com-toolbar.en.softonic.com/
  14. I am on a different team in different timezone, but suggest: If the server happens to have ActiveDirectory/DNS co-located with Terminal Server, then review this article - https://support.malwarebytes.com/docs/DOC-2591 If there is any other anti-malware product also running, then configure exclusions to avoid clashes. If the other product has Web Filtering, then disable Malwarebytes' web filtering as two web filters can be redundant/clash. Otherwise, submit a case via https://support.malwarebytes.com/community/business/pages/contact-us To expedite a response, ensure to identify Server Operating system versions. Provide logs up front: https://support.malwarebytes.com/docs/DOC-1818 Submit FRST logs - https://support.malwarebytes.com/docs/DOC-1318 Submit report from Microsoft MSINFO32 utility. Remember to forward the 'FileMail' receipt to the case.
  15. Try this Malwarebytes Excel plugin for advanced reporting - https://support.malwarebytes.com/docs/DOC-2672
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.