Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by knguyen1

  1. This update is currently being metered out, however, you can bypass the metering to make sure your clients get the build earlier. To do this, select the computers you would like to update in Nebula and click the actions option in the upper right. From here, select Check for Software Updates. This will allow you to bypass the metering. After the machines get the update, select the machines again and select Install Software updates from the action menu to force the endpoints to install the update. If you have the Automatically download and install Malwarebytes application updates option enabled in the policy, then you can skip this step. This should update the version of the product to: Protection Service (MBAMService) - Component Package (ctlr) - 1.0.1464 After you do this, you can move your machines back to a policy with WMI enabled. You can also enable WMI in the policy again by going to the Policy > Protection settings. From there, click on Advanced settings > Anti-Exploit Settings > Application Behavior protection > and enable Office WMI abuse protection. Please let us know if you run into any issues with this!
  2. No problem! I was looking and you currently have "Install software updates automatically" disabled. You could enable this just to make the update process and resolving this issue more seamless. Otherwise, once the update does release, it will have to first check for updates (we meter this slowly out to endpoints, but it can be expedited by selecting endpoints and clicking on Actions -> Check for Software Updates), and then you will have to manually click install software updates. Either way works, the manual way just gives you more control over when it updates, as a reboot may be required to complete the update. If you do want to turn automatic updates on, go to Settings -> Policies -> Default Policy -> Endpoint Agent -> Software Updates & check the checkbox under Windows for "Automatically download and install Malwarebytes application updates" I can provide more information once the update releases.
  3. Hi @FOIT_Team, looking at your portal, I mostly see ComSpec=C:\Windows\system32\cmd.exe detections, which are a bug from a recent update at the beginning of last month. We are actually releasing another update shortly which should resolve this issue. That's good to hear it is not affecting any users from actually using their office applications and just an annoyance. There is technically a setting you could turn off to prevent these, but with the update coming out so soon, we may just want to hold off and then it should resolve on it's own. Until then, these can safely be ignored.
  4. @bw2868 I found a Nebula/Endpoint Protection subscription under your e-mail. I'll open up a support ticket and reach out to you from there. @Roadrunner562 Are you using our enterprise/business products? I only found a consumer product subscription under your e-mail address, so you may have a similar issue but the procedures for resolution would be different. As I only support our enterprise products, please reach out to our consumer support team, or post in the appropriate forum section. Here is the link to open a ticket or reach consumer support - https://support.malwarebytes.com/hc/en-us/requests/new (Select Home User) If I'm incorrect and you do have a business subscription, could you please direct message me the e-mail address I would find it under?
  5. Hi @Intucom Can you please check your messages? I sent you something regarding this issue. Thank you,
  6. No problem, thank you for confirming @joocetil
  7. Thanks for letting me know. Have a good weekend!
  8. Hi @joocetil This should be resolved now. The number on your dashboard for suspicious activity should be properly reflected. Please let us know if you need anything else. Thank you,
  9. Hi @joocetil I've reached out to my engineering team to fix this for you. Appreciate the patience! Thank you,
  10. Hi @zgerber08 Thank you for contacting Malwarebytes Business Support. The Office 365 issue is actually unrelated to the Protection Service Version update that released on 3/25. The issue was occurring before that update and appears to be related to Engine Versions instead. We have pushed out a couple hotfixes as of yesterday, so as long as your machines are on Engine Version, then the hotfix should be applied while we continue to investigate the issue further. If you need to bypass the metered download and installs of these updates, you can select the machines and go to Actions -> Check for Software Updates. Otherwise, it should be happening automatically shortly. Did you have any instances of this particular issue? Or were you just taking precautions to updating? I checked your account and pretty much all but ~20 machines have updated to the latest engine version. About ~10 of those haven't been seen in the last day and the hotfix did just release yesterday, so it should be automatically installing on those machines shortly as they continue to communicate with our servers. Thank you!
  11. Hi @mlonabaugh Thank you for confirming, you have a great weekend as well!
  12. Hi @mlonabaugh, Thank you for reporting this issue to me. I have reached out to my team to get this fixed on the back end. I'll follow up with you when it is resolved. Apologies for the inconvenience! Thank you,
  13. Hi @leobando Thank you for the logs. I've confirmed that all 3 detections were false positives. Since no action was taken or no file was quarantined, you don't need to do anything else. You shouldn't be seeing these detections anymore. Thank you,
  14. Hi @nestrada and @leobando, My research team confirmed that C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support\AppleMobileDeviceSupport64.msi was a false positive that is already resolved. You should be able to restore the file from quarantine and you shouldn't get anymore detections on it Now I'm just waiting on logs from @leobando to confirm if C:\Program Files\Microsoft Visual Studio\Shared\Packages\Microsoft.Net.Compilers.2.6.1.nupkg was also a false positive.
  15. Hi @nestrada I also sent you an e-mail with instructions to get us logs and where to upload them. Please check your e-mail and reply there when it's been done. It looks like you have a machine with the same detection C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support\AppleMobileDeviceSupport64.msi Thank you,
  16. Hello @leobando Please follow these instructions on the endpoint that had the detection to gather logs - https://support.malwarebytes.com/hc/en-us/articles/360039023853 I'm also opening a ticket for you and sending you an e-mail with these instructions and a link where you can provide us with the logs. It appears that based off of this, csc.exe is a false positive - https://forums.malwarebytes.com/topic/267280-false-positive-cscexe-visual-studio/ I can get verification on the other items with the logs. Please check your e-mail for log upload instructions.
  17. Hello @RamuduV Above the process graph you'll see it says "This activity triggered x rules accross x items. Show Details". Click on that, and then you can click on the colored text below. It gives a little more insight as to why these were detected. Severity is low and in your instance, it looks like the cmd.exe detection is because you run a script to kill tasks. With powershell, a command to clear cache is being run. They appear suspicious to us but you can disregard these detections. Please let us know if you have more questions. Thank you,
  18. Hello @REGITDept Thank you for opening up a forum post. If threat scans are failing immediately, that is usually indicative of the scanning module not being ready, possibly because of a pending update that requires reboots to finish. I can see in your portal that the machine does still say Reboot Required in order to finish Malwarebytes Installation. These issues are typically on a machine by machine basis though so it is difficult to pinpoint these right off the bat. I do see that you ran a restart command on the machine which succeeded before trying the scan, but the restart required icon is still there. You may need to try another reboot. I was already able to grab logs from this machine and do see a potential issue. Please first try another reboot and if that doesn't work, then please uninstall the Malwarebytes Endpoint Agent through control panel. Then follow the instructions on this page to use our support tool and clean our the Malwarebytes directories - https://support.malwarebytes.com/hc/en-us/articles/360038524734 Afterwards, please go back to cloud.malwarebytes.com -> Downloads -> MSI Endpoint Agent Installer. Download and install that. I just updated the version in your portal so this installer will be slightly different than the one you installed with previously, which should hopefully help the product get installed properly. As Porthos mentioned, you do have a business support line you can use. You can open your cloud portal -> Click on your username at the top right -> Contact us and use the most convenient phone number from there. Thank you,
  19. Glad to hear you were ale to get that sorted! Thank you,
  20. Unfortunately since I support our business/enterprise products, I can't say I've worked on troubleshooting removing our consumer product from servers. The Business Support Tool is what I wanted you to use the first time but it now may be too late since you have the consumer version installed. You can close and re-attempt the business support tool, but it's possible cmd prompt isn't doing anything because of the current status it is in. Were you able to open the icon in the system tray so that you could disable real-time protection? What is your experience when trying to use the consumer support tool again to clean it up? It just hangs and does nothing? Do you find anything in C:\Program Files, C:\Program Files (x86)\ or C:\ProgramData with Malwarebytes that can be deleted?
  21. Hi @IMRAN It sounds like you may have stumbled across the support tool for our consumer build, which does offer you to reinstall Malwarebytes, but our consumer product. The consumer product is not supported on Servers, so you may need to get your server into Safe Mode if that will help you uninstall Malwarebytes. If you are able to double click on the Malwarebytes icon in the system tray, you may also be able to disable any of the real-time protection layers from there to let you have control back of your machine. The support tool I provided above is to be used with cmd prompt and does not offer to reinstall Malwarebytes.
  22. Hi @IMRAN As Porthos said, pretty much the only two things we can try now are either reboot, or uninstall and reinstall after making sure that the Installation Package does have the checkbox checked for installing Anti-Malware. If it does have the checkbox checked, then the installation of Anti-Malware might not be happening properly because the previous installation may be stuck. You may have to use this support tool to clean it up, which we also suggest you do a reboot for - https://support.malwarebytes.com/hc/en-us/articles/360038524734 Thank you,
  23. Hi @Wilcox Can you open a new forum post or open a ticket here? https://support.malwarebytes.com/hc/en-us/requests/new The installer being refreshed is a different issue and an issue like yours may require additional time to research as well as some logs. You can also log into cloud.malwarebytes.com -> Click your username at the top right -> Contact Us and use the appropriate phone number to give us a call. Thank you,
  24. Hi @AlexLeadingEdge Without reinstalling, this is the way to move machines from Nebula to OneView. https://support.malwarebytes.com/hc/en-us/articles/360039018233-Move-an-endpoint-between-Nebula-accounts-or-OneView-sites Hope that helps! Thank you,
  25. Hello @LGM Thank you for contacting Malwarebytes Business Support. The only supported web browser for cloud.malwarebytes.com is Chrome. Thank you,
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.