Kalrand
-
Posts
98 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Kalrand
-
Are you on the latest Add-in, 3.0.4?
-
My two cents are the add-in really is something. Wouldn't have thought so much could be done in Excel.
-
That or possibly something like this, https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2010/1zyc39fb(v=vs.100) or https://www.add-in-express.com/creating-addins-blog/2015/02/12/autoupdate-office-addin/. Not even sure if it's on the same page as how the Add-In was built, just something I ran across.
-
Anyway of adding a check for updates on the Malwarebytes Cloud toolbar to stay up-to-date?
-
This particular forum is for the Cloud managed endpoints, you might find better answers in the forum for Management Console, https://forums.malwarebytes.com/forum/230-malwarebytes-management-console/. Endpoint Protection is Cloud-based whereas Endpoint Security is On-Premise, took me a bit to realize the difference.
-
Another vote for the Cloud Excel plugin for data export, works well.
-
Green icon for Endpoints in console turns grey and stops scanning
Kalrand replied to theyzer's topic in Malwarebytes Nebula
@theyzer Our workstations are on 24/7 as well, minus a scheduled reboot in the morning. The workstation is on however the Agent service doesn't start properly thus the Cloud endpoint shows offline. -
Green icon for Endpoints in console turns grey and stops scanning
Kalrand replied to theyzer's topic in Malwarebytes Nebula
We've had a similar or possibly the same issue in the past, if you check the MBEndpointAgent service is it not started on the trouble endpoints? We found this mostly happens with Windows 10 clients. It appears to be related to when the Agent tries to start in the Startup process, it tries and gets chocked out, so what we've done is to change the service start mode to Automatic Delayed Start. Your mileage may vary but since doing this it's cut down our dropouts to maybe 1 or 2 a week, I think some endpoint updates reset the service start mode. Below is the procedure we use, script and deployment method. Let me know if this helps! -
Not that I've seen, but that's not definitive by any means. What's odd is it works and then it doesn't which means that something is interfering with it. The other odd point is why are they running manually? If it missed a schedule it would put a crosshair like icon next to the endpoint and wait till it came back online. I'd probably get support involved because some things just don't add up or I'm missing a piece of the puzzle.
-
Unless @KDawg is already on it, I found this link: https://support.malwarebytes.com/community/business/pages/contact-us
-
Usually when we get multiple the extension installs multiple pieces on the computer. If you look at the location, are they all the same? If not, delete them like the others. If they are I'd raise this up to support.
-
If you log into the Malwarebytes Cloud and click on Quarantine is it listed there? If so, click the box on the left to select it then click Delete in the upper right.
-
Ah, I see. For us it was the Malicious Websites (10 Endpoints) and a one Endpoint with PUPs, which were deleted. Thank you @LeeWei for clearing that up. The notification for Detections Found, would it also include Malicious Websites? If so, anyway to exclude it?
-
I'm also seeing this and cannot track where these supposed infected endpoints are from the Cloud console and I've pulled down the data using the Excel Add-in but not seeing them there either. Any thoughts, @djacobson or @LeeWei?
-
I know when the endpoints are off it doesn't produce that type of alert in the Cloud when it misses a schedule, we have about 5 schedules a day (3 asset and 2 scan). Usually when that type of alert comes up for us is when I manually told the endpoint to do something, like check for protection updates or scan and quarantine, and it never reached the endpoint or it kept trying to run the command on the endpoint and it failed/timed out.
-
Oh, ouch. Yeah, I can see the headache. A solution for that isn't coming to mind.
-
@LeeWei Thank you!
-
Great add-in, really wish these types of reports were available through the cloud. One small issue, the times are a bit off. Currently it is 9:49AM on 11/27, but I'm seeing times in the Last Seen column as 2:44PM on 11/27. Time zone, as displayed, is set to Eastern Standard Time UTC-5:00. Add-in version is 1.7.6.
-
Even though they are not local, are they on the same network as you? If so then PDQ Deploy could access them as long as you have admin rights to the workstation. We use it push out Malwarebytes and many other products (Adobe, Chrome, etc).
-
When I've run into this type of issue, though when it started it for me it didn't correct itself, I would have to remove MEP and reinstall. In some cases this would include a purge of all Malwarebytes from the system using the MB-Support tool after traditional uninstall, the tool was designed for the commercial side but works are scrubbing out MEP as well (don't let MB-Support reinstall after the scrub as it will install the commercial version). Anything further you'd have to talk to Support.
-
What I know is Endpoint Protection is cloud managed and Endpoint Security is on-premise managed. As for GDPR compliance you'd need to either hear from staff on this forum or call into Malwarebytes to ask.
-
With Windows Defender we've never had to add exclusions.This may be because we keep it registered with the Action Center so Windows, and by extension Windows Defender, already knows it exists.
-
Windows Defender. I know what you're thinking but in Windows 10 they honestly make a good pair.
-
Problem with RDP? We wanted Endpoint Protection
Kalrand replied to mrmulti's topic in Malwarebytes Nebula
@djacobson posted a new compatibility matrix for Malwarebytes Endpoint Protection, not Malwarebytes Premium, that cover most server roles, see below. As far as I know Malwarebytes Premium is not supported on any server OS but don't quote me on that. I can say from experience we have MEP, which is different than Malwarebytes Premium that you can download a trial from the website, on a 2008R2 Terminal Server and have had it running for almost a year now without issue. We do have a special policy in place, following the guidelines above. Up until the later releases Web Protection wasn't supported on a TS or RDS server. -
Malwarebytes Endpoint Protection on VM's
Kalrand replied to WORKS2016's topic in Malwarebytes Nebula
Then I'm confused. We've been running MEP on our AD server with DNS for quite sometime, end of December of last year, and we haven't encountered this issue with the DNS being it's private address. Granted, we've never turned on active protection which may be the key.
