KDawg

This is a non Executable file type which we do not detect. I have discussed this issue with our research team has added the run file to now be detected. Additionally if Anti-Exploit was enabled on the machine it would have prevented this at execution.

I have brought this to the attention of our research team and we can expect more information shortly

I generally recommend uninstalling from Add/Remove programs Only if that fails do I recommend the clean tool https://downloads.malwarebytes.com/file/mb_clean Endpoints should now all be correctly showing online Please submit a ticket if you still have online endpoints incorrectly showing off for more direct assistance

As well just wanted to clarify, please ensure that these policy changes include the Incident Response module being enabled for Mac endpoints. This will be required for scan command to be successful.

Hello, Thank you for the report. This was a false positive that we had on address 255.255.255.255. We have currently fixed this in the latest database. To make sure your clients are on the latest database, please follow these steps: 1. Log into the cloud console and navigate to the endpoints tab. 2. From there, select all the endpoints affected and click on the 'actions' button in the upper right. 3. Select the 'check for protection updates' button and your clients will reach out to our servers to get the latest update. We do apologize for the inconvenience with this block. If you continue to run into issues, please reply back to this e-mail. Many Thanks,

In the endpoint tab of your Cloud Console Check the boxes next to machines you wish to update Click the Actions button at the top and select "Check for Protection Updates" Many Thanks,

This block has been removed! Please ensure you are on the latest DB version and the block should now be resolved As well an exclusions should work immediately

Can you please ensure that your have the self protection module disabled no the policy for these affected machines? Let me know if the issue persists with this option switched to Off Many Thanks

Average Cisco guy, can you take a look at the policy for the affected endpoints please let me know if the Self Protection module is enabled on these problem endpoints? As well with this option disabled are we able to get the client machines running smoothing

Can you please ensure you are right click and running this as administrator?

Our apologies, this should be available to everyone once again, not sure what happened but the forum team got this back up right away

There is no EP for Mac at this time. EP and IR are a one or the other, for windows enabling one with turn off the other. In this case you had IR off and nothing on the affected policy.

Its being deleted each time. However it appears to be possibly self replicating. With Potentially Unwanted Programs in particular, we see this often if someone has an Ask toolbar or something of the like, legitimately in there extensions, if chrome/IE sees this got removed it will automatically reinstall again. Please check the browser add on's and extensions on the for affected endpoint. PM the notification of alert log and I can give a little more specific info. Many Thanks

Incident Response is the traditional functionality of Malwarebytes where you can run scans to find and remediate threats on an endpoint with manual and scheduled scans. Endpoint Protection is currently only available for windows, and includes the Real-Time scanners which actively search the loaded windows profiles to find threats as they happen in real time. Glad to hear we got this functioning properly

Can you please enable Mac Incident Response is enabled on the policy for the affected endpoints.

Are they showing up as green in your console? And scans you manually run by checking the machines and selecting scan + quarantine ? I will get those to our mac team now, thanks for collecting

My apologies the endpoint agent folder is the correct one should have the same logs file in it if you can zip and upload

Tony can you please collect the following? /Library/Application Support/Malwarebytes/NebulaAgent/Logs Into a zip files for analysis with our mac devs Please upload referencing the email you use on the forums: https://www.malwarebytes.com/support/business/businessfileupload/ Many Thanks,

This should now be resolved after I refreshed those installers, please let me know if you still see any messages in your installers under Endpoints > Add Many Thanks

Can you please send me the email you log into your cloud account with so I can get these reset for you

UPDATE: Please restart once you have the latest Database to ensure this is being pulled into memory!

Thanks for the update Miekie If with the latest definitions update on the endpoint (check that here https://data-cdn.mbamupdates.com/v1/database/rules/version.chk ) your block is still persisting Please upload us a sample of the exe file in question being blocked to: Please upload referencing the case#000000 to our file site below: https://www.malwarebytes.com/support/business/businessfileupload/ PLEASE PM ME with your email once this is done Again the Trojan.FakePDF has been fixed so please ensure if you are getting that one in particular that you are on the latest database Many Thanks

Luis, If you can please remove and re-add the domain query sync account this should update the current AD changes. You can do this on the Admin > Other setting tab of your console Please let me know if these do not update with a re-add of the ad query account

Appears legitimate to me. If you have a concern over any specific files please upload in a password protected zip folder for review https://www.malwarebytes.com/support/business/businessfileupload/

The installer may have a slightly older version which should then try and update itself once checked back in. Can you please double check this has not yet upgraded. As well let me know the hostname (PM me) I can pull some logs and see if there is any issue getting that update.