Jump to content

TonyCummins

Members
  • Posts

    110
  • Joined

  • Last visited

Everything posted by TonyCummins

  1. here are the files as requested LOGS.zip
  2. Thanks......while i have you...i continually get another file quarantined all the time EVEN though i have exclusions in place. I had a ticket for this last year when i first reported it. This is the exe in quarintine Location: C:\Program Files (x86)\Zuercher Suite\production\launcher\launch_leds.exe This is the exclusion Wildcards C:\Program Files (x86)\Zuercher Suite\* Any thoughts?
  3. I had some false positives picked up last night and wasn't notified, Only realized after logging into console this AM, can you point me in the right direction please...
  4. Thanks. So it is ok for me to remove the exclusions "File by Path" i created?
  5. I had it pick up and quarantine the following files as malware F:\Program Files\Tyler Technologies\Incode V.X-Production\Shell.exe C:\Program Files\Tyler Technologies\Incode V.X-Production\Shell.exe Shell.zip
  6. Thanks for the info, i was worried id have to manually reinstall every endpoint I can wait a bit longer for the update top reach my account.
  7. Thanks ...so i ran a "check for updates" from cloud console and it completed successfully but still shows 3.5.1.2600 on my endpoints.
  8. How can i tell if the hotfix has been applied to my endpoints?
  9. I too would be interested in hearing who you decided to go with, could you please private message me that info
  10. @JasonV, Suggest you open a support ticket if you haven't already.
  11. Just as an update, i just received this from tech support on my open case...19 days later
  12. Did as you suggested with the support agent and this is what i got back....
  13. If i come across any more not communicating with cloud and having corrupt config files i will, but the 6 i found this morning ive already done a clean re install
  14. Im starting to see this too....opening the MBCloudEA.exe.Config file shows it as empty !
  15. It is on ALL my endpoints..servers / workstations ....but that above is from a win 7 machine.
  16. So all i need to do know is figure out is whats going on with these events: 2018-05-01 12:58:59,720-06:00 [27] ERROR MB3Service Error clearing ARW exclusions System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at ArwControllerCOMLib.IArwController.ClearExclusions() at EAMBAMPlugin.MB3Service.<>c__DisplayClass30_0.<ApplyExclusions>b__1() 2018-05-01 12:58:59,637-06:00 [22] ERROR MBAMPlugin Unable to apply setting for "L1WPM": System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at AEControllerCOMLib.IAEController.SetAeOption(_AeOptionName optionName, Int32 option) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
  17. **Update** So, finally got a hold of support and he noticed that the exclusions i had in place from previous support tech was incorrect. These where the errors he picked up from his end: 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:C:\Program Files (x86)\Zuercher Suite\* was not added to Scan controller because it was not valid for the type 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:C:\Program Files (x86)\Zuercher Suite\* was not added to RTP controller because it was not valid for the type 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:C:\Program Files (x86)\Zuercher Suite\* was not added to ARW because it was not valid for the type 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:I:\* was not added to Scan controller because it was not valid for the type 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:I:\* was not added to RTP controller because it was not valid for the type 2018-04-30 02:11:40,703-06:00 [27] INFO MB3Service Exclusion ScanExclusionType_Folder:I:\* was not added to ARW because it was not valid for the type In order to have the correct exclusion in place I needed to remove the “Folder by Path” and change that to “Exclude files or folders by wildcards (Windows)” and use the following C:\Program Files (x86)\Zuercher Suite\* Hopefully this will bring to an end to my issues.
  18. This is absolute nonsense.....again last night one of my dispatch machines had the "leds" software flagged and quarantined........
  19. Im having some other issues related to leds...my end users are reporting the software program becoming unresponsive..slow...locking up...needed a full computer restart to get out from under it. Im seeing the following events in our around the software is having issues.... 2018-04-22 23:11:29,719-06:00 [33] ERROR MB3Service Error applying ScanExclusionType_Folder:I: to ARW controller System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at ArwControllerCOMLib.IArwController.AddExclusion(_ArwExclusionType type, String pData) at EAMBAMPlugin.MB3Service.<>c__DisplayClass30_0.<ApplyExclusions>b__1() 2018-04-22 23:11:29,719-06:00 [33] ERROR MB3Service Error applying ScanExclusionType_File:C:\Program Files (x86)\Zuercher Suite\production\launcher\launch_leds.exe to ARW controller System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at ArwControllerCOMLib.IArwController.AddExclusion(_ArwExclusionType type, String pData) at EAMBAMPlugin.MB3Service.<>c__DisplayClass30_0.<ApplyExclusions>b__1() 2018-04-22 23:11:29,703-06:00 [33] ERROR MB3Service Error clearing ARW exclusions System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at ArwControllerCOMLib.IArwController.ClearExclusions() at EAMBAMPlugin.MB3Service.<>c__DisplayClass30_0.<ApplyExclusions>b__1() 2018-04-22 23:11:29,236-06:00 [23] ERROR MBAMPlugin Unable to apply setting for "L1WPM": System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component. at AEControllerCOMLib.IAEController.SetAeOption(_AeOptionName optionName, Int32 option) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
  20. Hi djacobson, Actually i still had the exclusion in place and never removed it. That said, last week we had a software update which changed the launch_leds.exe file.......it renamed the old launcher folder as .old...created a new launcher folder and placed the new exe in there...1 of my main dispatch machines picked it up and flagged as ransomware and deleted. I had a hell of a time troubleshooting it and getting it back up reinstalled and running. Re added the exclusion and it seems to be holding and not getting flagged for now
  21. Click the Detection's tab on the left or the Quarantine tab
  22. Anyone else seeing this cert issue this morning.....
  23. Getting multiple detection's on the following file C:\WINDOWS\SYSTEM32\WERFAULT.EXE anyone else ??
  24. Anyone using endpoint protection for MACS yet? If so, any issues that you are aware of? I have 1 dept that has primarily MACS and have just been using the incident response so far. Just curious
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.