Jump to content

deanb1234

Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by deanb1234

  1. Thanks Kevin! That's a strange one, the domain names were our local AD domains, I wonder why every machine is resolving that IP for active directory. Time Warner is our internet provider, I believe there may be some DNS configuration problems on our side. Thanks again
  2. All of my endpoints started throwing errors blocking 198.105.244.228which appears to be a local broadcast address. Appears to be a false positive. Anyone else experiencing the issue?
  3. Response from a support engineer at MWB " it is an FP on our side. We are currently working on getting this fixed. You can put that in the exclusion list in the meantime while we get this fixed."
  4. Same problem here, spreading throughout the enterprise.
  5. Thanks Dylan! I've sent these instructions over to our International IT to reach the Korean office. What's really strange is that my test machine is able to access the site fine, but the entire Korean office is blocked from accessing it. It will either throw the website block if web protection is enabled or the exploit block if it's disabled. Very strange.
  6. Yep, I even put all of the machines in a group with Web Protection disabled and now their getting an error message about exploit protection blocking an exploit. Also while working with Ron on the server issue he saw in the logs that web protection was still trying to turn on even though the policy was disabled. This is happening to ALL the machines in Korea, but not on a test machine here in the states.
  7. Hi Dylion, When the problem was occuring yes. I've since turned that feature off and have not received any more complaints. We did have one user that was getting the same error but turns out the hard drive was bad in that particular machine. Thanks, Dean
  8. Just to clarify it is happening on x64 systems for us.
  9. Hi Samuel, I'm unable to gather any logs either, we've turned the machines back over to the end users and it's very hard to get them to bring machines back to us. :-) The way we fixed it was to go into safe mode and copy the .sys file giving the error from a known good machine with the same version of Windows. That resolved it. When we get another machine I will make sure the help desk gathers the logs. Thanks, Dean
  10. Had this happen on two more workstations this morning? Any updates?
  11. There was another thread on the same issue and the person was able to use IP addresses and that solved the issue, but unfortunately that doesn't work for my environment. The sites are still being blocked. Also that's not a valid solution if a site is load balanced and has multiple random IP's.
  12. Same here, Rootkit scanning is enabled and this is found on a TON of machines in the environment.
  13. Thanks Kevin. I put the exception in just as you said 2 hours ago and it's still blocking it. This is happening on a few sites on multiple computers. Korean users are unable to get to www.trusbill.or.kr. I've excluded it multiple different ways, including *.trusbill.or.kr and nothing. The exclusions were working and then a few days ago they stopped.
  14. Another recent issue. Website exclusions are no longer working that was previously working. Pics of an example
  15. Has anyone else experienced startup issues on endpoints recently. MBAMChameleon.sys and MBAMSwissarmy.sys have cause a few client machines to not boot the last few days. Picture below
  16. Thank you Kevin. Sorry I didn't reply earlier, apparently I forgot to select "Notify me of replies at the bottom" I returned your phone call and spoke with Josh as you were on another call at the time. We started working on the resource issue we were having that appears to part of the larger bug with anti-ransomware. All though after disabling all realtime protections last week a Hyper-V server went down again due to the resource utilization. I was also curious as to when more robust reporting was going to be added. When we were piloting the software we were told it was coming in Aug/Sept time frame. It was ok to manually copy and paste results with a couple hundred machines in the pilot and make my own reports but now we're over 2,600 with another 1,500 or so to go and it would be great if I could build reports or export to a csv at the bare minimum to provide management with some statistics and also keep up with machines that need our attention. And one more that just popped into my head. Is it on the road map to build installers based on group? Manually sorting almost 3,000 machines has sucked a whole lot! Thanks, Dean
  17. Hello, I've come across the above info in a couple of threads while researching an issue with the agent taking down several of our servers. I had a few questions in regards to that and a couple others. Is there a best practices guide for all of this, I've found guides for the old product but not Endpoint Protection? Our sales team indicated the new agent was fully compatible with server operating systems, never mentioned disabling real time protection or anything of that nature. We're deploying globally to almost 1500 servers. Are there plans on fully supporting a server environment? The comment about anti-ransomware and real-time protection not helping servers isn't exactly true, especially on RDS servers. If a user on an RDS farm, or developer with admin rights on a production server opens an infected file and/or is using the server to browse the internet (which happens pretty much every day) then the server is patient zero. Is there some communication channel that we can subscribe to and receive emails or something for alerts to new versions, issues such as Anti-Ransomware needing to be disabled, cloud console down, etc. Currently things just happen and we really don't have a clue. When are exclusions by group coming? It's very problematic to have all of the server exclusions and all desktop exclusions pushed globally. Server exclusions themselves conflict but then adding in the desktop portion it makes it even more problematic. Also is there a UI coming for the endpoints, the consumer version UI is great, not sure why there isn't one for Endpoint Protection. Being able to manage the client from the endpoint side would simplify things in troubleshooting, especially if you remove an infected host off the network and need to scan offline. As an organization we're starting to lose confidence in Malwarebytes as a solution for businesses. Which is a shame really, I like the product and think the scanning engine is second to none, but it appears as if Endpoint Protection is not ready for primetime and more of an extended beta. There are some basic features that are missing that would really make Endpoint Protection a home run. Thank you, Dean
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.