AndrewPP

These recently released Malwarebytes Excel Add-ins provide a health check Endpoint Protection - https://support.malwarebytes.com/docs/DOC-2672 Endpoint Protection - https://support.malwarebytes.com/docs/DOC-2617 - script to run on an endpoint Endpoint Security - https://support.malwarebytes.com/docs/DOC-2679

I have made a script available to display the Malwarebytes Endpoint Protection configuration and service status. It requires no privileges and uses standard windows commands and scripting to display information from configuration files and logs, in an efficient manner. https://support.malwarebytes.com/docs/DOC-2617 (corrected link) Tags: Health, Status, Services, Updates

See this, just released - it does > 30 days

If the four real-time detectors are turned off, MBAMService is not run, a different MBIR incident response plugin/service runs.

Article is filed in support under business, Endpoint Protection content and correct as per Dyllon's clarification. Direct filtered link to all EP content is this - https://support.malwarebytes.com/community/business/content?filterID=contentstatus[published]~category[endpoint-protection]

Do not put on a DC/DNS without reading/doing this - https://support.malwarebytes.com/docs/DOC-2591

Consider moving over to our cloud managed product. Once installed on an endpoint, the service runs as SYSTEM and will handle auto-update. Discuss with your local sales/technical team.

Rules files are uniquely encrypted for each endpoint upon receipt, they cannot be copied to other endpoints.

Rules definitions are under C:\ProgramData\Malwarebytes\MBAMService\*.mbdb They are encrypted and protected, you cannot hand edit/change them. They self-update on a timer. If you are using the Endpoint Protection product, the update schedule is defaulted to 1 hour. You just need to configure by Cloud Management, then deploy as MSI using ConnectWise Perhaps you need to state your concern, as here, you are creating a solution to something which may not be a problem?

Please explain your question, it is not clear what you are looking for? Some configuration is in Program Files. Some data is in Program data folders. Fully working software is downloadable as trial from our website.

The URLs for the site www.no-ip.com are blocked. This is a well-known 'dynamic dns' service. Can the blocking rule please be reviewed for: nf1.no-ip.com nf2.no-ip.com nf3.no-ip.com nf3.no-ip.com

TIP: Server's own IP address is set through "Server Configuration" function. It is written to SCCOMM.XML from there. Consider rebuilding ClientSetup.Exe or MSI packages, as one may contain spurious IP. Consider using an FQDN fully qualified domain name rather than an IP Address, which will assist in future, if ever you need to move the server to another address. See screenshots.

Sorry sales haven't replied. If you are a partner, then reach to your sales/channel contact again. On the client: Malwarebytes 3 is an unmanaged single integrated protection & scanning module. It has a GUI for configuration. Email support is included. Endpoint Security has a management agent and three discrete modules. Two modules are managed, the third module anti-ransomware is unmanaged, but coming under management soon. Email support is included. Cloud Management/Endpoint Protection manages the Malwarebytes 3 version, with addition of a management agent. GUI is mostly suppressed and settings are centrally managed. It includes premium telephone support. Licensing the is same for workstation and server. Management is free/included On premises console will meet your requirements for management. Management server is a .Net application with IIS Express and SQL Express (or SQL Server). Multiple consoles can be used, one on the server itself but secondary copies can be installed onto other workstations and communicate over TLS to the server. Alternatively, you can RDP to server and launch its console there. If you are doing 5-10 workstations with Endpoint Security consider that incurs costs of a server (Cloud does not). Cloud management is much less onerous for small businesses. Security can actually be better because it is better managed by us. If laptops/road-warriors/home users are a requirement, cloud management also works outside of the perimeter. Management can be done from any workstation over Chrome browser. Commercial/partner costs need to be discussed with Sales. I am in international tech team, so just jumped in here. Please do reach out again to sales for proper guidance.

This should be a valid site - hxxp:\\liveupdate.efi.com EFI is a legitimate manufacturer of printer manager software. The URL above is their link for downloads of updates e.g. hxxp://liveupdate.efi.com/WebUpdater/default.aspx?uv=004&sid=b42515b81b01f9cd124cc00917fdf6b9EF5P1012.PPD Report from cloud console Detection Name: Malicious Websites Action Taken: Blocked Category: Website Reported At: 05/02/2018 - 03:57:37 PM Scanned At: 05/02/2018 - 03:57:34 PM Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Type: Outboundconnection Endpoint: DESKTOP-TWO Domain: liveupdate.efi.com Group Name: ACME workstations 03C4 ipAddress: 216.151.85.173 Port: 55994

This should be a valid site - hxxp:\\www.superchoice.com.au Block report from Cloud Console Endpoint Protection Detection Name: Malicious Websites Action Taken: Blocked Category: Website Reported At: 05/02/2018 - 03:59:17 PM Scanned At: 05/02/2018 - 03:59:16 PM Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Type: Outboundconnection Endpoint: DESKTOP-TWO Domain: www.superchoice.com.au Group Name: ACME workstations 03C4 ipAddress: 203.18.160.72 Port: 56110

Immediately add an IP Exclusion for this address, to work around an intermittent fault. This is safe and not a security issue.

ClickEnergy is a valid Australian Electricity & Gas Supply website being blocked. Please review and advise if it actually infected so we can reach out to them. Otherwise, unblock. hxxp:\\clickenergy.com.au

Clients must be able to connect to this url: https://my.console.com:18457/SCClientService/ If you have changed the default port, then use it instead. You can test your client connectivity using a browser, upon a succesful connect, you will see some XML. Look in local log c:\ProgramData\SCCOMM\ for symptoms of non-connection. Consider alternatively, the Malwarebytes' cloud solution.

retracted

Hi, which territory/country are you in. I will get someone to reach out.

Look at/trial Cloud managed version 'Endpoint Protection' instead as it manages version 3 integrated client, same 'engine' as Malwarebytes Home. You also don't need your own server to manage. On premises 'Endpoint Security' console manages non-integrated clients i.e. multiple separate detectors.

Escalated direct with team, you will be contacted.

You do not need to run database queries. In Client/Client View, if you click on the column Last Scan Time, it will sort the column. You can easily see clients not-scanned at top of list. I would suggest rebooting the server to ensure the running service picks up the correct system time. If you have 'inherited' a system, please check you are running current version of Management Console/Packages, which is 1.8. Whilst I am on staff, I am not in the support team, so I hope the above gets you moving a bit. As per other post, as a subscribed customer please use SUPPORT.MALWAREBYTES.COM for better support turnaround. You will get a tracking number/email you can respond into for each ticket etc.

If you are a currently subscribed business customer, then use https://support.malwarebytes.com/community/business to view knowledgebase. Use this link to submit your support ticket requests https://www.malwarebytes.com/support/business/#techhelp This Malwarebytes Forum is mainly for consumer and crowd-sourced responses.

Latest versions stop WannaCry.