Jump to content

ShaunB

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by ShaunB

  1. With it turned off it is basically like a simple anti virus application. And it depends solely on signatures I believe. Which is fine for us. Since every thing it has ever caught for us in the past... has been signature based. They are aware of the issue. When we submitted our performance data. They let us know they are working on it.
  2. Under your policies... disable "Behavior Protection". That is what we did, all problems went away. You can also add exclusions for the apps you run... but this was easier. When we hear it is fixed... we will turn back on.
  3. We will do that next time it happens. Thanks Just to add to this however. We had a user this morning having the issue. They were getting slugish performance. (scrolling, copy/pasting/etc) We opened task manager and I didn't see high CPU. However MB service would jump to 25% or so for a few seconds when it would happen. As soon as they rebooted everything was fine. So hopefully this catches it. But might be more then just a CPU issue. Since for us... it is not even that high all the time. More like it is holding things up.
  4. We had it installed on servers. Until there was an issue where it pegged the CPU at 100% awhile back. Couldn't even remote to the machines. Decided then that we would keep it off anything that critical. Workstation performance has been on and off. Seems intermittent. However just today we had a user that said their machine was slow and unusable. We killed MB and performance was good again. (no scans running but MB was pegged at 25%) MB started back up right after and everything was fine.
  5. We have had the same issue last week. Described the same way from our users. Keyboard lag. Restarting the service seems to speed things up. It is pretty intermittent. For ourselves... these are POS machines. Very little installed. No other AV.
  6. We also had a couple users complain their computers locked up. In Add/Remove programs, on both computers... MB was shown as installed today. So I am guessing the update is causing it.
  7. Kinda the same issue here. We find the agent stops working and we can't restart it. Same error... side by side issue. (i am guessing corrupt config) We now run a script at login that checks that the agent service is running, if not. Email us. We then copy from C:\ProgramData\Malwarebytes Endpoint Agent\Cache\unloaded\Service to the C:\Program Files\Malwarebytes Endpoint Agent directory. This fixes it. We will probably have to make a script that automates this. Seems to happen frequently
  8. After the issue a few months back (cpu going to 100%), where some of our machines had their databases/folders deleted to regain control. It seems the console and the clients are out of sync. When deleting items from quarantine, the client can't delete what it thinks no longer exists. 2018-04-23 08:08:02,614-05:00 [103] ERROR MBAMPlugin Error in calling DeleteQuarantineItems for clientID: Endpoint Agent:acbc4c49-0274-476e-a95b-0ce25470d31b, error code: CCErrorNoMatchingItem, winErrorCode: 0. So the items stay in the console quarantine forever Also, we have deleted a few clients, and still see their quarantined items are still in the console UI. Do these purge after some time? It would be good if when a client is deleted... all console/quarantined items are deleted also. (or purged after some time) Thanks
  9. mavengroup - I found the problem... we are using a different path then default. Change %ALLUSERSPROFILE% to C:\ProgramData Should work then Cheers
  10. Strange. Basically all it is doing is disabling the service, then kills the process, then deletes the db files in that directory... and then starts everything back up. I would confirm the directory is perhaps the same on your machine, and that it is successfully killing the service and removing those files. After about 10 minutes or so... the new database files are downloaded and all is good. Can always do one line at a time and step though it.
  11. Same here. Nothing has worked. We have gave up using the cloud to fix it. A batch file seems to be the only way to fix it for us. But with 400 workstations? Well... it is not turning out to be a good weekend. Here is what works for us.... (we are having to use psexec to push the batch file out to the workstations one at a time) @ECHO Off sc config "MBAMService" start= disabled taskkill /f /im MBAMService.exe del /q /f %ALLUSERSPROFILE%\Malwarebytes\MBAMService\*.mbdb sc config "MBAMService" start= auto sc config "MBEndpointAgent" start= auto net start MBEndpointAgent net start MBAMService
  12. ShaunB

    API

    Is there an API or .NET reference available that we can hook into? We want to be able to communicate with the service (see status/start scans/etc) via our in-house apps. Does this exist for Endpoint Protection? Thanks.
  13. We started using Endpoint Protection. (migrated from Kaspersky) It is amazing how much malware we had that Kaspersky just flat out didn’t catch or care about. And we got hit with Emotet because of it. We got a trial set up last Thursday and it now seems like we are all good. However after using it for the last week. We have some feature requests (I am sure some of these are already in the works) Make the agent check in more and let us know what is happening. We have noticed with scheduled scans, they don't show up until finished. It would be nice to see what endpoints are doing at all times, rather than when something completes. We have had users say their computer is slow (And the endpoint overview shows nothing)... only to find out a scan from the night before is still running. Perhaps a current status field. Also, if a user starts a scan themselves... we also want to see that. We have also had an endpoint that installed the agent. But the MBAMservice was broken. Have the agent check in and report if it is working/not installed/etc. Again.... this could be in a status field. Endpoint Overview - Ability to see the IP an endpoint is connecting from - this would help us figure out if someone is at home, on the road, or in one of our branches. Endpoint Overview - The Endpoint boot up time Endpoints view - Ability to add/remove any of the data from the endpoint overview as a column - we can then hide or add depending on what we are looking for Endpoints view - Ability to see the amount of files in quarantine for the endpoint on the endpoint view (and sortable) Endpoints view - The currently logged on user in endpoint view (maybe even a list of last logged on users if you drill into overview?) Endpoint Overview - Ability to see the scheduled scans in the endpoint overview. (not history, just a list of all the schedules) We have had endpoints that didn't seems to run the scheduled scan. This would just give us confidence they are receiving the schedules. Perhaps even have a last run date next to it also. Quarantine view, Event View, etc. Ability to click on the Endpoint name and be taken to the endpoint overview page. Saves us having to copy paste the computer name into endpoints. (we have random computer names) Emails – Instead of the subject “Malwarebytes: A new event occurred” have it say the type of event… that way we don’t have to always look at the email body to see what is going on… for example… “Malwarebytes: New machine registered” or “Malwarebytes: Threat Detected”, etc. Thanks! Shaun
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.