[Website being blocked]

Welcome jjarodss to our Business forums!

Sorry to hear this was affecting you today, I appreciate those logs they were helpful to our troubleshooting.

I submitted this to our Web Protection team for review. We were able to check on this website and found the block no longer warranted.

The block has been removed at this time, we should see this propagate over the next few hours and should no longer see these detections once propagated.

We can always add exclusions in the meantime if any blocked site needs to be accessed immediately. Let us know if you have any questions or see this being blocked after receiving the update.

Many Thanks,

Kevin Latimore

 

[Taxcube.exe?]

Hey Tyler welcome to our forums!

For the cloud product, we can take the following steps to get resolved for you.

First, let's go ahead and add this as an exclusion so we no longer get this detection for your endpoints:

https://support.malwarebytes.com/docs/DOC-1964

I recommend we copy the full file path from the Detection and paste it as an exclusion by file path described above.

Once we have the file excluded reboot the endpoint, then we can go to the "Quarantine" page from the menu on the left, find the detection in question

Check the box next to the detection and in the top right click "Restore" From there the application should work without issue.

Once complete if you are able to access the machine remotely or can have the user zip the Taxcube.exe file, we can get this to stop further detections on our side. Just attach or drag to a post here and we can get this detection corrected.

Many Thanks!

[MWB Endpoint Protection Dashboard “Last Seen At” date 2 months old]

Hi Rammer,

We would want to ensure that the exclusions below are in not only the Firewall portion of Symantec but also the Anti-Virus scanner exclusions.

https://support.malwarebytes.com/docs/DOC-1652

As well there is a new setting in the console under Settings > Policy to allow additional time for the program to startup I recommend setting that to 5 minutes.

Let us know if your issues still persist or you have any questions?

Many Thanks

[Question about Cloud Console Exclusion wildcards]

Hi Djentle 

Exile is absolutely correct that wild card would include everything you list

[Hit with [decryptprof@qq.com].ETH]

Welcome to our business forums TCCS!

Sorry to hear about this situation always tough once the files have already been encrypted. Malwarebytes does not currently offer any decryption tools or services.

Backups and disaster recovery are one of the strongest defences against ransomware we offer 72-hour rollback with our Endpoint Protection and Response. As well as our Behavioral Monitoring real-time protection that can stop encryption behaviour of course.

But I can point you to these third-party tools that may help identify a decryptor if available:

https://id-ransomware.malwarehunterteam.com/

https://www.nomoreransom.org/crypto-sheriff.php

https://www.nomoreransom.org/en/decryption-tools.html

Usually, the files are not able to be recovered but I wanted to provide what we can.

Best of luck with this and let us know if you have any questions.

[mac settings - malware protection off by default]

Hello and welcome to our Business Forums!

That setting in the policy is the Real-Time Protection functionality for your mac

It will be searching for threats in real time, and not just waiting for scans.

There may be some slight overhead to run these active protection features but should not impact performance greatly.

With this enabled threats would be remediated in real time as soon as they occur instead of waiting for the next scan.

Let us know if you have any trouble or questions?

[Malwarbytes IPTest site says our IP protection is disabled.]

Hello!

Exile gave some great advice above and is all accurate. Please let us know if you are able to temporarily uninstall the Trend Micro and let us know if issues persist with that removed?

As well if you can please confirm that the specific policy the endpoint in question is on has the "Start malicious website blocking when protection module starts"

This is policy specific so please ensure the specific policy has that option and let us know if these issues persist.

Many Thanks

 

[Clients stuck in 'Ungrouped Clients' folder in Management Console]

Hello Jaws and Welcome to our Business forums.

I wanted to clarify the expected behaviour and just let us know if this is not how yours is working.

The Active Directory Sync when setup should automatically move the machines to the AD OU they are currently in your active directory.

No machines are able to be moved into AD groups manually as they should mirror exactly your AD structure. Once moved in AD we should see them appear in the appropriate group in the management console.

Let us know if you have moved machines in active directory (make sure both the IP and names match) and do not see the change reflected in your console there could be an issue, please just let us know.

Many Thanks

 

[Exclusions not working]

We can provide some additional help if you let us know what kind of block this is, Malware, or Exploit?

Here is the guide mentioned above:
https://support.malwarebytes.com/docs/DOC-1802

A screen capture of the particular detection would be helpful if you can post that.

 

 

[Mgmt Console: Login failed for user Admin]

Mark welcome to our Business Forums, sorry to hear you have not yet heard back.
The case has now been assigned to a technician who has reached out to troubleshoot and help get this resolved 

[Export all endpoints]

CSV reporting is having some known issue at this time.

It should work if you create a new User account the newly or recreated account should get the reports.

We are working on getting this resolved on our back end moving forward.

[Business Subscription Renewal]

It appears the ticket got put in our consumer side.

I got this transferred over to our sales team to follow up and reach back out shortly!

 

[Unregistered devices]

Hi Chueypwe and welcome to the Malwarebytes business forums!

The "Unregistered" devices will appear in the console when they sync with Active Directory.

In this case, it appears the 01 machine is still in AD even if it no longer exists or has been recreated still has a record in your Active Directory.

The way to remove these would be to update the AD to remove the machine or stop AD sync.

Let us know if you have any questions or are not able to resolve with those steps?

Many Thanks,

[Engineering]

Hello, Mel welcome to our cloud business products.

First please ensure that the start time was after the endpoints were installed, currently, the scans will not re-occur until the next scheduled scan date if missed.

Additionally Scheduled scans do not create Events but we can see them in the "Scan History" tab of an individual endpoint selected from your Manage Endpoints area.

Let us know if we do not see those in the "scan history"?

[We have 48 seats, but are only able to have 45 active at a time]

Just the 46th machine no need to touch any other endpoints

[We have 48 seats, but are only able to have 45 active at a time]

Good Morning,

Sorry to hear that this, I have checked on your account and it appears that this looks good on our back end licensing I see 45 installed with three more available.

It should not be removing older machines from the console, I have refreshed your key if you can please attempt to create a new .exe install package from the Policy tab

Let us know if a reinstall at this time is still causing the same issue?

Many Thanks

[News Letter Polluted with un-secure http links]

Thank you for this feedback on the newsletter

Not sure how much I can speak to this as a security concern, but can certainly help get this to our Marketing team for further review

Many Thanks!

 

[MEEClientService not starting up automatically]

Sorry about this issue, if the service is able to start manually without any errors or issues we can run the following:

@echo off
REM Sets service to start automatically, with a delayed start
sc config MEEClientService start= delayed-auto
REM Sets service restart option to 15 minutes, failure count reset to 2 minutes
sc failure MEEClientService actions= restart/900000 reset= 120

This script will change the service settings to help them stay on more reliably, just run this on the machine or can be deployed through GPO or 3rd party deployment tool.

Let us know if we still have any issues with those settings in place?

Many Thanks,

["Unable to retrieve endpoint information" after going past 1500 endpoints]

Thank you for reaching out to us regarding the data loading issues on the Cloud Console.

We sincerely apologize for the situation. We identified the issue yesterday where load times were elevated / failing on Cloud Console.

The issues were solved yesterday during an update which made the Console inaccessible for 10 minutes, during this time we adjusted the information processing.

We have reviewed the database load, page load times, and error rates since the database maintenance that was performed last night. Currently, the system is back in stable state and load times are back to normal. We will continue to closely monitor the database for any other issues that may arise.

If you are still seeing any issues or have questions, please reply to this thread.

[Cloud Issues]

Our apologies on this one Kernel, this is a known issue on our side.

Malwarebytes Support is aware of a production issue where some customers may have difficulty logging into the Malwarebytes Cloud Console. Your endpoints will continue to run scans on schedule and protect as configured by policy. The Malwarebytes engineering team is working to resolve it as quickly as possible

[How to prevent users from uninstall malwarebytes from control panel]

We currently have this planned for a future release, no ETA at this time.

The only options, for now, would be considering user manage to prevent students from having access to control panel to uninstall this or any other program.

[BSOD when MB is running]

Kiefers,

Sorry for the delay in response on this.

With the Norton uninstalled do we see the same issues persisting?

As well if we can go to the Settings > Policies > Edit the policy for the affected endpoints > Settings > Scroll down to Malicious Web Protection and turn off and save the policy.

We can sometimes see these issues when two programs hook into the windows IP filtering platform. Let us know if issues persist with these settings in place?

Many Thanks,

[Compatibility with RoamSafe Agent]

Hello and welcome to our business forums!

With our real-time protection features, it's not uncommon for conflicts to occur when using multiple security software.

It sounds like this is affecting the Web Filtering portion of our real-time protection.

I would recommend going to Settings > Policies > Edit Policy > Settings > "Malicious Website Protection" and turn that slider to OFF and save the policy.

Since you are using another website filter lets see if running with this configuration is able to help these work side by side?

 

As well you can give us a call at our premium business support number, we won't be able to hop on a remote right away but would be happy to schedule one if needed. Let me know if you need the number I can PM you.

Many Thanks

[Malwarebytes Anti Ransomware Stop Protection Feature]

Hello!

I have submitted this as a feature request to our Product Manager for the management console.

That makes to sense as an option to me and I think would be a great addition.

We appreciate this feedback have submitted it to our dev team.

Many Thanks

[UltraTax 18 (Thomson Reuters)]

If we have any test machine we can do a cleanup and reinstall or reimage or any machine to test without ever having Malwarebytes installed.

However with Malwarebytes completely uninstalled and no longer appearing in add/remove programs it is extremely unlikely that that Malwarebytes it causing that issue.