Kalrand

With Windows Defender we've never had to add exclusions.This may be because we keep it registered with the Action Center so Windows, and by extension Windows Defender, already knows it exists.

Windows Defender. I know what you're thinking but in Windows 10 they honestly make a good pair.

@djacobson posted a new compatibility matrix for Malwarebytes Endpoint Protection, not Malwarebytes Premium, that cover most server roles, see below. As far as I know Malwarebytes Premium is not supported on any server OS but don't quote me on that. I can say from experience we have MEP, which is different than Malwarebytes Premium that you can download a trial from the website, on a 2008R2 Terminal Server and have had it running for almost a year now without issue. We do have a special policy in place, following the guidelines above. Up until the later releases Web Protection wasn't supported on a TS or RDS server.

Then I'm confused. We've been running MEP on our AD server with DNS for quite sometime, end of December of last year, and we haven't encountered this issue with the DNS being it's private address. Granted, we've never turned on active protection which may be the key.

@AndrewPP The above link is in the resources for Malwarebytes Endpoint Security, the on-premise solution. Is this a concern for Malwarebytes Endpoint Protection, the cloud solution, which this forum is geared toward?

@djacobson mentioned there was some updates to the above matrix.

I'm thinking this is the on-premise solution. @vbarytskyy, @djacobson, @dcollins, or @KDawg should be able to assist you. You could also look in that forum (https://forums.malwarebytes.com/forum/230-malwarebytes-management-console/)

We don't use SCCM but we do install it silently via batch script using the below command. START /WAIT !MEP_Location!\Setup.MBEndpointAgent.Full.exe /quiet GROUP="!MEP_Group!" You would change !MEP_Location! to where the setup file is stored and !MEP_Group! to the group string where you want the endpoint to be in the Cloud Console. You can find that by clicking on "Add Endpoints" > "How to Automatically Specify Group Assignment" button within the Cloud Console.

@vbarytskyy Yes, I'm aware and I expected that on 1 of the 4 test workstations. What I didn't expect was on the other 3 that had pre-existing installs, and exhibited the issue where the MBAMService and the "Malwarebytes version 3.5.x.xxxx" were not present, that they issue would correct itself.

Oddly enough, they all just appeared before I did anything. Service and install.

I reinstalled on the one where MEP was suspiciously no longer present and it installed. However the MBAMService is not present. The differences I'm seeing on the affected systems is the lack of the install of "Malwarebytes version 3.5.x.xxxx". The ones that work have that, the ones that don't, well, don't. I'm downloading the most recent MEP install to test, mine was dated from April of this year. Could be an installer compatibility issue.

Can't seem to edit comments. "The biggest difference is that the ones don't work were upgraded from 1709 to 1803, the two others that do work upgraded from 1607/1703 to 1803."

Interesting. We've been testing 1803 before roll out and I'm noticing the MBAMService service is simply missing on the test workstations, 4 in total. One of them MEP just doesn't exist anymore. We do have two others on 1803 and have both services. The biggest difference is The ones that don't upgraded from 1709 to 1803, the two others that do work upgraded from 1607 and 1703. What build were you at before 1803 or was it a clean install of 1803?

I'd recommend using the Default Policy, this has all real-time protection disabled. If, however, you've modified that policy you can change the following to set it back. For a temporary measure you could stop the following services to make sure it does not interfere: MBEndpointAgent, MBAMService Afterwards you'll need to start the services in reverse order or simply restart the system.

So far no further alerts after reinstall and reboot.