Jump to content

kmerolla

Members
  • Posts

    17
  • Joined

  • Last visited

Posts posted by kmerolla

  1. Dyllon, Security and Maintenance just shows "Malwarebytes is turned on."  Could this be caused by having the real-time protection delayed 15 seconds?  It's only happening on boot, and not again until subsequent boots; but not all boots and not all systems (I've never seen it).

    I am thinking Windows is tripping on the DB version (or last update date) before MBCloudEA has a chance to run the update on startup.  I'd like to be able to prove this as telling my users "just ignore it" is not an enviable proposition.

  2. Seemingly corresponding with the April product update, several of my Windows 10 endpoints are now displaying a pop-up every reboot stating that Windows Defender has been turned off and is not monitoring the system.  I have confirmed that the Malwarebytes Agent is up to date and the endpoints are running the latest database version.  Anyone else seeing this?  What can be done to rid my endpoints of this nuisance?

    defender.png

    defender1.png

    defender2.png

    defender3.png

  3. Dyllon, we deploy using full exe with prerequisites via SCCM.  Also only happening to Windows 10 endpoints.

    Working with Josh on my support case and and the dev team identified 3 reg keys that, when removed, allowed the upgrade to occur silently and without issue on 2 of my affected endpoints.

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes' Managed Client]
    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72BE25D7-574A-4F4D-B9B3-907D239CE1C7}]
    [HKEY_USERS\<user SID>\Software\Malwarebytes' Anti-Malware]

    (we are migrating off 1.8 MBMC but some legacy agents survived.  These keys may have been left behind when the installer initially placed MBEP on the system). I think our SCCM uninstall routine isn't cleanly removing all the things.

    Support also indicated that the deployment of 3.3.2 has been suspended so no new cases should pop up.

    -Kevin

  4. OK, I am up to 6 affected systems.  Looks like the MBAMService is failing to upgrade to version 3.3.2.  I know there's an issue regarding this version, however,  the issue occurs AFTER it''s installed.  On my endpoints it's not getting installed in the first place, just repeatedly failing and rebooting the endpoint.

    Policy is set to not reboot.

     

    2018-01-15 02:38:02.540   Setup version: Inno Setup version 5.5.8 (u)
    2018-01-15 02:38:02.540   Original Setup EXE: C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\instlrupdate\mb3-setup-common-3.3.2.2243.exe
    2018-01-15 02:38:02.540   Setup command line: /SL5="$109000B8,66933770,119296,C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\instlrupdate\mb3-setup-common-3.3.2.2243.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /LOG="C:\ProgramData\Malwarebytes Endpoint Agent\Logs\mbaminstall20180115023802.log"
    2018-01-15 02:38:02.540   Windows version: 10.0.15063  (NT platform: Yes)
    2018-01-15 02:38:02.541   64-bit Windows: Yes
    2018-01-15 02:38:02.541   Processor architecture: x64
    2018-01-15 02:38:02.541   User privileges: Administrative
    2018-01-15 02:38:02.543   64-bit install mode: Yes
    2018-01-15 02:38:02.547   Created temporary directory: C:\WINDOWS\TEMP\is-4634A.tmp
    2018-01-15 02:38:02.564   Extracting temporary file: C:\WINDOWS\TEMP\is-4634A.tmp\suhlpr.dll
    2018-01-15 02:38:02.872   uninstall of MBAM 1.x failed
    2018-01-15 02:38:02.923   Copied installer to temp directory C:\WINDOWS\TEMP\mb3-setup-common-3.3.2.2243.exe
    2018-01-15 02:38:02.923   Extracting temporary file: C:\WINDOWS\TEMP\is-4634A.tmp\mb-clean.exe
    2018-01-15 02:38:03.137   CurStepChanged raised an exception (fatal).
    2018-01-15 02:38:03.137   Deinitializing Setup.
    2018-01-15 02:38:03.142   Log closed.

     

  5. Woke up this am to 2 reports that my clients (Windows 7 and WIndows 10) running Endpoint Protection have been continuously rebooting since 2:30 am Eastern.  I can only assume a this point that this is somehow related to the Friday release.

    Anyone else out there seeing this? Any way I can stop this from rebooting my 1400 servers and endpoints on a Monday morning?

    mbep_reboot.png

  6. I like the new layout.  Still really need logged in user info in the asset information area.

    One suggestion, when you enable a feature that previously wasn't there, don't default it to "On" for the enterprise.  My end users were really confused this morning when all of a sudden the endpoint started popping up messages about blocks, etc.  At my company we communicate all user-impacting changes before they get enabled.

    And since we don't get prior knowledge about these releases it is difficult to keep my users in the loop.  Still feels like a beta ...

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.