TonyCummins

Thanks

Kinda makes sense, so these features should be set to off unless you are fighting a persistent infection on an endpoint ?

@djacobson Is there any way to get a notification when a new update is scheduled to be pushed? Had i known the event viewer "noise" was benign and maybe generated due to a new push / update, it might've saved this request for support. Tony

You are describing the exact same scenario we are having ! I think the turnaround of support tickets is a lot to be desired....and sometimes it feels like its just a canned response to keep the ticket within a 2 day response time. **sigh Anywayyy....i'm really hoping they get the bugs worked out real soon

CHall, I too am a loyal "home' user who was so happy they had produced a cloud based product and convinced my IT manager to move from controlnow/solarwinds endpoint protection and am now really starting to regret my decision. I really wish i had stumbled upon these forums before i pulled the trigger on purchase as it really seems like i'm being used to beta test a product in a production environment.

Update: I managed to get tech support and they did a remote session to a couple of the effected endpoints. After some troubleshooting i was assured that all protection was enabled and running correctly and that the events were "background noise" He tested on his VM and changed the startup type to delayed and received no more of these events. Mentioned that many people had reported the issue and dev was working on a solution>

My endpoints have suddenly started to create lots and lots of events like the following since last night. Any ideas ?? 2017-11-15 19:58:15,647-07:00 [5 ] ERROR EAWebClient Error Getting /api/v1/machine/sync : System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 9F464C5517C0F32C</li> <li>HostId: RD+xNPrBcYrYxN9K4ZvcgnCKFDOo2CvkRjLUArxZ0KL41Ajt+NnoBwNKgLmwbXMc1oNdtR0notY=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.RefreshTokens(CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.ValidateAuthorizationHeader(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpMessageInvoker.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.ConvertToSendAsync(HttpMethod method, HttpContent content, String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.GetAsync(String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at EAEngine.Http.EAWebClient.<Get>d__16.MoveNext() ---> (Inner Exception #0) System.Web.HttpException (0x80004005): HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 9F464C5517C0F32C</li> <li>HostId: RD+xNPrBcYrYxN9K4ZvcgnCKFDOo2CvkRjLUArxZ0KL41Ajt+NnoBwNKgLmwbXMc1oNdtR0notY=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext()<--- 2017-11-15 20:13:16,412-07:00 [5 ] ERROR EAWebClient Error Getting /api/v1/machine/sync : System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 940B59B08370EBFF</li> <li>HostId: ku/FbE1d4PL0IWS4YRcLTvwxYHAMMS/NIlaFY1jQOrynQwkUQ4JV3F5mty8PITEmnTQ5V2YG+6c=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.RefreshTokens(CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.ValidateAuthorizationHeader(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.Auth.AuthTokenRefreshHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpMessageInvoker.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.ConvertToSendAsync(HttpMethod method, HttpContent content, String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at NebulaCommunication.MBWebClient.GetAsync(String requestUri, IEnumerable`1 headers, CancellationToken cancellationToken) at EAEngine.Http.EAWebClient.<Get>d__16.MoveNext() ---> (Inner Exception #0) System.Web.HttpException (0x80004005): HTTP Request failed. Http Code: 403 Reason:Forbidden Body Response: <html> <head><title>403 Forbidden</title></head> <body> <h1>403 Forbidden</h1> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> <li>RequestId: 940B59B08370EBFF</li> <li>HostId: ku/FbE1d4PL0IWS4YRcLTvwxYHAMMS/NIlaFY1jQOrynQwkUQ4JV3F5mty8PITEmnTQ5V2YG+6c=</li> </ul> <h3>An Error Occurred While Attempting to Retrieve a Custom Error Document</h3> <ul> <li>Code: AccessDenied</li> <li>Message: Access Denied</li> </ul> <hr/> </body> </html> at NebulaCommunication.HttpResponseMessageExtensions.<EnsureSuccessStatusCodeAndReadBody>d__2.MoveNext()<---

Finally received a reply just now, asking me to run the FRST and send the logs to support !! Which i did when requested to do last Friday. My confidence in support is weaning day by day, seems like i'm getting the same canned reply to all my tickets and like today a second time asking for the same info tells me the support thread / emails are not being read.

Received reply from support this morning....simply telling me the following: I replied with a screenshot of the .net 4.7 installed.and told him i used the full mbam installer on all my endpoints and asked if the pre-requisite installer wasn't supposed to check - install anything that mbam will need to run correctly. Also asked if the FRST logs i sent in show wats running and installed, Which to me answered the 2 questions i was asked in the 1st reply to my support case !! so now ill wait another 24 hours plus to hear their reply.

I created a support ticket also, ill report back what they tell me

what does the log file say about the failed install?

I have my multiple endpoints logging bunches of issues.......can anyone tell me whats going on please. 2017-11-09 07:27:44,011-07:00 [26] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam 2017-11-09 07:16:30,729-07:00 [22] WARN MBAMPlugin Unable to get anti-exploit advanced techniques from mbam 2017-11-09 07:16:20,121-07:00 [26] WARN MachineImpl Computer is registered on a domain, but that domain is currently unreachable System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: The requested authentication method is not supported by the server. ---> System.Runtime.InteropServices.COMException: The requested authentication method is not supported by the server. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) --- End of inner exception stack trace --- at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context) at EAEngine.MachineImpl.GetNameAndNics() 2017-11-09 07:16:19,341-07:00 [26] ERROR PolicyHandlerWeb Error getting verion information from sirius. Attempting to continue with existing plugins System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Policies.PolicyHandler.<InstallPlugins>d__14.MoveNext() 2017-11-09 07:16:19,341-07:00 [26] ERROR SiriusWrapper Error loading package information from sirius System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext() 2017-11-09 07:16:14,957-07:00 [26] ERROR EAWebClient Error PostWithRetryForever System.OperationCanceledException: The operation was canceled. at System.Threading.CancellationToken.ThrowOperationCanceledException() at Polly.Retry.RetryEngine.<ImplementationAsync>d__1`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Policy.<ExecuteAsync>d__100.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Http.EAWebClient.<PostAsync>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at EAEngine.Http.EAWebClient.<PostWithRetryForever>d__20.MoveNext()

Thanks Makes sense, guess i missed where endpoint protection wasn't available for MAC's. So on the MAC policy do i need to turn off 'Endpoint Protection" and just use 'Incident Response" or does it matter. Thanks again

Thanks KDawg It was turned off !!, enabling it immediately got me an email with a threat quarantined. Ran a scan and now it shows as completed in tasks. Can you explain what turning on incident response does for my mac policy as opposed to my windows. It is not on for any of my windows policy's, if i do try turn it on for windows i get a prompt that it will turn off endpoint protection. Could you please explain what the difference is...Thanks in advance

Anyone able to tell me why my end users are getting the following blocked? web Website Blocked OutboundConnection products.office.com(23.209.52.146:64440)

New Business user here...only had old UI for a week so didn't have a lot of time to get used to it before new UI was pushed out. That said, I agree totally with you with regards to a new feature being introduced...Tuesday end users had a silent blue icon...Wednesday they received popups galore about blocks etc! The amount of emails and calls i got about this sudden "popup" was way too distracting and time consuming. It really needs a way to edit / append the computer name (to add a user name or friendly name) or at least show current logged in user. As for it feels like beta...i agree !! <rant> I wish id have found this forum and read through end users issues before committing....i have multiple threat scans not completing on both MACS and PC's (tickets open)..some possible false positives that KDawg is currently working with me on. I've been a huge fan of the home product and advocate it to all my "peeps", so i guess for now ill bite the bullet and hope the issues get resolved. <\rant>

Yes...shows green and online but orange in Tasks

Files uploaded. Do you have any input on my windows ones that are doing the same thing?

My MAC users are reporting that there is no folder for NebulaAgent, only “Malwarebytes Endpoint Agent”.

KDawg, I will get this done and uploaded shortly and reply back once completed However it seems i spoke too soon though...i have a handful of windows clients doing the same thing. Is there a different spot to upload logs to for windows endpoints? What is the path for the windows logs? Tony

Hi Guys New business user with the cloud dashboard...deployed endpoints to my windows machines without issue. However, I have 4 MAC users where i installed the MAC endpoint installer without issue. When i create a task for a threat scan it never gets past the orange pending phase. Endpoint Engine Version:1.4.0.10 OS Release Name:OS X El Capitan 10.11.6 macOS Sierra 10.12.6 OS X Yosemite 10.10.5 macOS Sierra 10.12.6 Thanks in advance Tony

I agree totally with your suggestion, or at least have the Endpoint field editable so you can append a user name to it to make it easy to see at a glance who's machine it is.