Jump to content

TonyCummins

Members
  • Posts

    110
  • Joined

  • Last visited

Everything posted by TonyCummins

  1. HELP ! I'm getting my end users CAD / Dispatch / Records application being flagged as ransomware C:\Program Files (x86)\Zuercher Suite\production\launcher\launch_leds.exe
  2. That's certainly very concerning to me as it was touted to me by my sales rep AND plastered all over the web and Facebook that it IS an antivirus replacement!!
  3. So Incident response needs ON for MACs but OFF for PC's by default......is that correct?
  4. @IT_Guy Is the above information you posted something that you've discovered yourself through troubleshooting to get the offline clients back up or is that something support suggested you do? I'm going to have to start tackling the offline endpoints on Monday and was wondering what the "correct" troubleshooting process was. @djacobson do you know what the current situation is with the offline clients with regards to the dev team and is there a correct preferred procedure to troubleshoot this or do i just need to start a new ticket and let support figure it it?
  5. wow !! that's quite the procedure to get them back online ! I was sent a couple of commands by djacobson that i have not had a chance to try yet but here they are sc config MBEndpointAgent start= delayed-autosc failure MBEndpointAgent actions= restart/900000 reset= 120 Im not familiar with the mb_clean /cloud Is there any documentation on the commands that can be run for troubleshooting etc? what do you mean by "mb_clean from gui," Is there a tool available im not aware of ?
  6. No use to me when half my endpoints show grey and offline...even though they are not
  7. That makes perfect sense ! What a cluster F%*k !! I had to get in early today and drive out to 3 of my remote areas where the 3 offending pc's were offline.Did NOT make me look good to have this happen only 2 weeks after going live !! On top of all that it turns out my "endpoint overview" does not display signature version / date so i had no clue what endpoint was getting wat version and had to jump through hoops running around with the mb-check tool.
  8. ive currently got 3 pcs with this issue.......lost IP / blocked from dhcp or unable to renew..not sure. And yes, remote locations. End users telling me its grabbing internal 169. IP This is making me really nervous..really ! nervous. The 3 pcs in question had another hour and a half in their work day so i was able to talk my way into waiting till morning....that said...if this had have been any of my 24hr dispatch center pcs id have been dead in the water. !
  9. Yes..manual exclusion in place. How can i do a net stop / start if the endpoint is offline and is not getting an IP ??
  10. My endpoints will not update and now im starting to see pcs unable to renew dhcp HELP !
  11. Great idea...I'm gonna go make myself a separate policy just as you described. Thanks
  12. Kinda makes sense, so these features should be set to off unless you are fighting a persistent infection on an endpoint ?
  13. @djacobson Is there any way to get a notification when a new update is scheduled to be pushed? Had i known the event viewer "noise" was benign and maybe generated due to a new push / update, it might've saved this request for support. Tony
  14. You are describing the exact same scenario we are having ! I think the turnaround of support tickets is a lot to be desired....and sometimes it feels like its just a canned response to keep the ticket within a 2 day response time. **sigh Anywayyy....i'm really hoping they get the bugs worked out real soon
  15. CHall, I too am a loyal "home' user who was so happy they had produced a cloud based product and convinced my IT manager to move from controlnow/solarwinds endpoint protection and am now really starting to regret my decision. I really wish i had stumbled upon these forums before i pulled the trigger on purchase as it really seems like i'm being used to beta test a product in a production environment.
  16. Update: I managed to get tech support and they did a remote session to a couple of the effected endpoints. After some troubleshooting i was assured that all protection was enabled and running correctly and that the events were "background noise" He tested on his VM and changed the startup type to delayed and received no more of these events. Mentioned that many people had reported the issue and dev was working on a solution>
  17. My endpoints have suddenly started to create lots and lots of events like the following since last night. Any ideas ?? 2017-11-15 19:58:15,647-07:00 [5 ] ERROR EAWebClient Error Getting /api/v1/machine/sync : System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 9F464C5517C0F32C</li> <li>HostId: RD+xNPrBcYrYxN9K4ZvcgnCKFDOo2CvkRjLUArxZ0KL41Ajt+NnoBwNKgLmwbXMc1oNdtR0notY=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.RefreshTokens(CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.ValidateAuthorizationHeader(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpMessageInvoker.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.ConvertToSendAsync(HttpMethod method, HttpContent content, String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.GetAsync(String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at EAEngine.Http.EAWebClient.<Get>d__16.MoveNext() ---> (Inner Exception #0) System.Web.HttpException (0x80004005): HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 9F464C5517C0F32C</li> <li>HostId: RD+xNPrBcYrYxN9K4ZvcgnCKFDOo2CvkRjLUArxZ0KL41Ajt+NnoBwNKgLmwbXMc1oNdtR0notY=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext()<--- 2017-11-15 20:13:16,412-07:00 [5 ] ERROR EAWebClient Error Getting /api/v1/machine/sync : System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 940B59B08370EBFF</li> <li>HostId: ku/FbE1d4PL0IWS4YRcLTvwxYHAMMS/NIlaFY1jQOrynQwkUQ4JV3F5mty8PITEmnTQ5V2YG+6c=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.RefreshTokens(CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.ValidateAuthorizationHeader(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpMessageInvoker.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.ConvertToSendAsync(HttpMethod method, HttpContent content, String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.GetAsync(String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at EAEngine.Http.EAWebClient.<Get>d__16.MoveNext() ---> (Inner Exception #0) System.Web.HttpException (0x80004005): HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 940B59B08370EBFF</li> <li>HostId: ku/FbE1d4PL0IWS4YRcLTvwxYHAMMS/NIlaFY1jQOrynQwkUQ4JV3F5mty8PITEmnTQ5V2YG+6c=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext()<---
  18. Finally received a reply just now, asking me to run the FRST and send the logs to support !! Which i did when requested to do last Friday. My confidence in support is weaning day by day, seems like i'm getting the same canned reply to all my tickets and like today a second time asking for the same info tells me the support thread / emails are not being read.
  19. Received reply from support this morning....simply telling me the following: I replied with a screenshot of the .net 4.7 installed.and told him i used the full mbam installer on all my endpoints and asked if the pre-requisite installer wasn't supposed to check - install anything that mbam will need to run correctly. Also asked if the FRST logs i sent in show wats running and installed, Which to me answered the 2 questions i was asked in the 1st reply to my support case !! so now ill wait another 24 hours plus to hear their reply.
  20. I created a support ticket also, ill report back what they tell me
  21. I have my multiple endpoints logging bunches of issues.......can anyone tell me whats going on please. 2017-11-09 07:27:44,011-07:00 [26] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam 2017-11-09 07:16:30,729-07:00 [22] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam 2017-11-09 07:16:20,121-07:00 [26] WARN MachineImpl Computer is registered on a domain, but that domain is currently unreachable System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: The requested authentication method is not supported by the server. ---> System.Runtime.InteropServices.COMException: The requested authentication method is not supported by the server. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) --- End of inner exception stack trace --- at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context) at EAEngine.MachineImpl.GetNameAndNics() 2017-11-09 07:16:19,341-07:00 [26] ERROR PolicyHandlerWeb Error getting verion information from sirius. Attempting to continue with existing plugins System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Policies.PolicyHandler.<InstallPlugins>d__14.MoveNext() 2017-11-09 07:16:19,341-07:00 [26] ERROR SiriusWrapper Error loading package information from sirius System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext() 2017-11-09 07:16:14,957-07:00 [26] ERROR EAWebClient Error PostWithRetryForever System.OperationCanceledException: The operation was canceled. at System.Threading.CancellationToken.ThrowOperationCanceledException() at Polly.Retry.RetryEngine.<ImplementationAsync>d__1`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Policy.<ExecuteAsync>d__100.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Http.EAWebClient.<PostAsync>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Http.EAWebClient.<PostWithRetryForever>d__20.MoveNext()
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.