Kalrand

@theyzer Our workstations are on 24/7 as well, minus a scheduled reboot in the morning. The workstation is on however the Agent service doesn't start properly thus the Cloud endpoint shows offline.

We've had a similar or possibly the same issue in the past, if you check the MBEndpointAgent service is it not started on the trouble endpoints? We found this mostly happens with Windows 10 clients. It appears to be related to when the Agent tries to start in the Startup process, it tries and gets chocked out, so what we've done is to change the service start mode to Automatic Delayed Start. Your mileage may vary but since doing this it's cut down our dropouts to maybe 1 or 2 a week, I think some endpoint updates reset the service start mode. Below is the procedure we use, script and deployment method. Let me know if this helps!

Not that I've seen, but that's not definitive by any means. What's odd is it works and then it doesn't which means that something is interfering with it. The other odd point is why are they running manually? If it missed a schedule it would put a crosshair like icon next to the endpoint and wait till it came back online. I'd probably get support involved because some things just don't add up or I'm missing a piece of the puzzle.

Unless @KDawg is already on it, I found this link: https://support.malwarebytes.com/community/business/pages/contact-us

Usually when we get multiple the extension installs multiple pieces on the computer. If you look at the location, are they all the same? If not, delete them like the others. If they are I'd raise this up to support.

If you log into the Malwarebytes Cloud and click on Quarantine is it listed there? If so, click the box on the left to select it then click Delete in the upper right.

Ah, I see. For us it was the Malicious Websites (10 Endpoints) and a one Endpoint with PUPs, which were deleted. Thank you @LeeWei for clearing that up. The notification for Detections Found, would it also include Malicious Websites? If so, anyway to exclude it?

I'm also seeing this and cannot track where these supposed infected endpoints are from the Cloud console and I've pulled down the data using the Excel Add-in but not seeing them there either. Any thoughts, @djacobson or @LeeWei?

I know when the endpoints are off it doesn't produce that type of alert in the Cloud when it misses a schedule, we have about 5 schedules a day (3 asset and 2 scan). Usually when that type of alert comes up for us is when I manually told the endpoint to do something, like check for protection updates or scan and quarantine, and it never reached the endpoint or it kept trying to run the command on the endpoint and it failed/timed out.

Oh, ouch. Yeah, I can see the headache. A solution for that isn't coming to mind.

@LeeWei Thank you!

Great add-in, really wish these types of reports were available through the cloud. One small issue, the times are a bit off. Currently it is 9:49AM on 11/27, but I'm seeing times in the Last Seen column as 2:44PM on 11/27. Time zone, as displayed, is set to Eastern Standard Time UTC-5:00. Add-in version is 1.7.6.

Even though they are not local, are they on the same network as you? If so then PDQ Deploy could access them as long as you have admin rights to the workstation. We use it push out Malwarebytes and many other products (Adobe, Chrome, etc).

When I've run into this type of issue, though when it started it for me it didn't correct itself, I would have to remove MEP and reinstall. In some cases this would include a purge of all Malwarebytes from the system using the MB-Support tool after traditional uninstall, the tool was designed for the commercial side but works are scrubbing out MEP as well (don't let MB-Support reinstall after the scrub as it will install the commercial version). Anything further you'd have to talk to Support.

What I know is Endpoint Protection is cloud managed and Endpoint Security is on-premise managed. As for GDPR compliance you'd need to either hear from staff on this forum or call into Malwarebytes to ask.