LeeWei
-
Posts
35 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by LeeWei
-
-
1 hour ago, BrianA said:
It is a bit of a process since the request has to go through a SecOps process to allow exceptions and get the policy implemented and them pushed to a machine. I white-listed 2 ip addresses yesterday and it appears that they are using different ones today so I dont think that is going to be an acceptable solution to open a support request each day nor would it be to allow excel to make internet calls to all IP addresses. Seems like I am in a bit of a bind.
Given their large number of IP addresses, I wonder how useful this page is.
I am not familiar with your whitelisting process and wonder if SecOps will just laugh us out of the room.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
Note this URL with the large number of IPs:
https://ip-ranges.amazonaws.com/ip-ranges.json
I wonder if further possible to narrow by service and region.
-
48 minutes ago, BrianA said:
Is there a list of IP addresses for https://cloud.malwarebytes.com/ that is published that I can use for a whitelist? I am unable to connect with the excel add on since AV policies are set to block W97/Downloader from connecting to external IP addresses?
We use Amazon CloudFront as the CDN (Content Delivery Network) and the IP might change.
So we don't have static IPs for whitelisting.
Is whitelisting an arduous process? You want to try the first IP is resolves to and see how long it might stay the same? -
13 hours ago, RickyF said:
Now it is ok. I have updated the adin to version 3.1.1 and is working fine
Sorry about my mistake!
Best
Ricky
No Ricky it is not your mistake. I have been tracking this error for a while now, but not successful.
The error has to do with my code not being able to create a Worksheet. First of all, it has nothing to do with Malwarebytes Cloud or API.
I don't know what state does Excel get into where it does not allow me to create the worksheet. Restarting Excel, or possibly restarting the computer fixes this.
-
4 minutes ago, MnM33 said:
This works though, for sure! I'm working on moving over endpoints over to our new EPR policies, and instead of doing them all at once I'm slowly moving them over into their new groups based off their locations. I'm moving to the larger groups now, so this tool will come in handy so I don't have to "manually" move them over one by one to their new homes.
And with this tool that you have created I have bit more insight to see which groups, or rather which locations, are the most at risk.
I'm glad this tool is here because now we can start getting a little more data to start a targeted training plan for our end users.
Please feel free to send me any enhancements and requests!
-
@MnM33, We are meant to paste Machine IDs into the panel to move them to a different group, and not computer names.
- First use menu Configuration and Options, and check the option "Import and Show ID Properties".
- Next use menu Endpoint Computers to import a computers of interest.
- You are meant to copy the ID column of the endpoints of interest to the Move Endpoints screen.Sorry that this is a little convoluted. Use either the Console or the Excel Addin for the job depending on which one is easier.
The reason for the steps is that when I developed this for a customer, they have a complicated filtering criteria to select hundreds of computers before grabbing the IDs and pasting into the Move Endpoints screen.
Please contact me if I can be of help at lwei @ malwarebytes.com.
-
@wep I have confirmed that Excel 2007 does not work correctly because there are APIs I use that is not available in 2007.
-
@wep Thanks for the extra context and information.
-
On 9/3/2019 at 8:29 AM, wep said:
I am getting "Error extracting Endpoint data.: Exception from HRESULT: 0x800A03EC. Any ideas what is going on? Thanks for any help.
I have seen this error when there are more rows than Excel can handle.
This current Excel versions can handle 1M rows.- What version of Excel are you using
- What operation are you doing when you get the error
- Would you mind contacting me at lwei @ malwarebytes.com and I would like to find the bug. -
@Kalrand Thanks for the information, very useful.
-
@Kalrand you are referring to the Excel Addin itself is up to date?
That makes so much sense, and maybe I should just pop a message (but not too often as to be annoying) once in a while?
-
Very nice and works well for me, thanks @Taylor9 - once I follow your requirements to install ActiveDirectory module and use PowerShell v5.
-
@RickyF I have seen this problem but having a hard time trying to duplicate the error. The error is local, and nothing to do with the Malwarebytes server. Basically, the code cannot create a new worksheet. Others have reported it, but then it goes away.
I wonder if it has to do with another Excel process running away. Can you please use the Task Manager to double-check. Does the problem go away if you were to reboot the computer?
-
@AndrewPP, I used and benefited from this today, thank you for the great work!
-
-
@amartilianom, the log files are located here:
C:\Users\[user_name]\AppData\Local\Temp\Malwarebytes Excel Addin
adregistrator.log is the log file generated during installation.
adxloader.log is the log file generated when the Addin is being loaded in Excel
You can send to me via private message, and we will look for errors.
If think you have already done this, in Excel Menu --> File --> Options screen below, make sure that the Excel Addin is not in the Inactive or Disable lists.
Lastly, I have message you with my contact info to help.
-
@wpclau looks like a bug in the code. I determine the available properties (columns) from the first record.
So if the first row does not have a "status.last_scanned_at" property, it will miss it.
Normally the API returns a NULL value for the property, but in this case, the first row is not returning anything for "last_scanned_at".
You can see the data returned by click on "Show API details" button.
For a workaround, the list is returned sorted by ascending computer name. So if it is possible to ensure the first row has a value, that will make it work.
-
13 minutes ago, wpclau said:
This is a really super plugin. Thank you so much for making it!
I was wondering if there was a way to modify it so that I can see the last scan - it is in the api call - but it isn't available alone but as criteria in a separate query. I'm trying to make sure the policies are applying and the machines are scanning as scheduled so having "last_scanned_at": , returned would be phenomenal.
@wpclau, this should have already been available under importing of Endpoint Data per the screen shot below. Let me know if you are referring to something different.
-
@RickyF, search for the machine name in the "Endpoint Computers" button, NOT "Detection and Threats".
-
A few people have asked for the Excel Addin to support Excel 2010.
I have just added that in the new version v2.3.
-
9 hours ago, RickyF said:
Hi @LeeWei,
Thanks for your reply.
A simple "detection and threats" report for one single endpoint would be sufficient. What do you recommend in order to do that? I mean what would you do if you where on my shoes knowing that is vital for your business? Maybe you know somebody that can do this job for me....
Thanks again.
Ricky
@RickyF if you want just the detection data for one endpoint, you can do the following.
- In the "Endpoint Computers" export button, use the search field to find your endpoint.
- Following that, any data extracted from the "Detections and Threats" button will be filter for this endpoint only. This way, any charts and summary will also be for this endpoint.
-
7 hours ago, RickyF said:
Hi LeeWei,
I love the Addin. Congratulations for the great job you made.
I have a question. My customers are all different people (mostly private, I mean non corporations) who bought just one licence. I take care that theirs computers are nice and clean. I need to send them by email every week an status report about all the detection or events that they might have had on the past week.
Do you know how can I achieve this with your addin? Just one report from just one endpoint to send to just one email. Of course once I had the solution for one device I will have to do the same for all the devices so some kind of macro I guess will also be needed to send the emails on batch process in the long run but I can start to send them manually. Complicated?
Regards
Ricky
@RickyF, hah, I have not targeted (designed...) the reports to highlight one single endpoint, they are most meant for a group of computers. This is why we see Top 10 categories etc.
I think the report will be very different, and you can provide all the details of the endpoint including OS details, network, software installed, Windows updates. Basically everything that is available when drilling into a single endpoint.
Past that, many have asked for the ability to schedule the reports for delivery.
Yes both these will require some work, but I appreciate the feedback.
-
On 12/11/2018 at 2:44 PM, syarbrough said:
Hi Lee Wei,
Great addin, I have been looking for this type of reporting and it works very well. I am trying to filter down to a group and run a summary report for my end users, however it is pulling data from all devices in all groups from Detections and Threats and including this in the Summary report. It will show endpoints from other groups. Is there a way to import only Detections and Threats for one group?
Thanks
@syarbrough, I forgot to follow-up with you. The new version 2.2 will now report threats and detections only for the endpoints (e.g. group) that you have selected. Thank you for the suggestion and input.
-
If you use the Excel Addin, please consider upgrading to v2.0 that I have just published.
https://support.malwarebytes.com/docs/DOC-2672
Other than bug fixes, I have incorporated a lot of features and requests from you guys.
-
One main enhancement is the management of Endpoint Statuses now available in the Cloud console.
- You can see summary charts of endpoints with the different statuses like Scan Needed, Remediation Required, Reboot Required, etc.
- A summary report with these data points are included as the primary KPI.
- And lastly, there is a "Take Status Action" dialog to take the actions in bulk.
- Also added is a better way of handling and managing groups. You can filter endpoints by a group hierarchy.
Per usual, I appreciate bug reports and enhancement requests.
-
One main enhancement is the management of Endpoint Statuses now available in the Cloud console.
-
1 hour ago, syarbrough said:
Hi Lee Wei,
Great addin, I have been looking for this type of reporting and it works very well. I am trying to filter down to a group and run a summary report for my end users, however it is pulling data from all devices in all groups from Detections and Threats and including this in the Summary report. It will show endpoints from other groups. Is there a way to import only Detections and Threats for one group?
Thanks
@syarbrough I understand and love the idea. I do lament that the detection data does not reconcile with endpoint selection.
On my list of enhancements now, thank you!
Cloud Excel Addin - data export and report
in Malwarebytes Nebula
Posted
Sorry, there must be a bug somewhere.
The schedule information is stored in the Windows Registry here: HKEY_CURRENT_USER\Software\Malwarebytes\ExcelAddin\Schedules.
- If you want to keep the schedule(s), you can export the hive and send me to debug (lwei @ malwarebytes.com).
- If you don't care to keep the schedules, you can delete the entries and you will be able to "View Schedules" again.
Former Malwarebytes employee
Follow us: Twitter, Become a fan: Facebook