N33dful

Hi @JeffIT, If inbound detections are all you're seeing, it's likely that the server isn't infected. It looks like that parent process (httpd.exe) belongs to an Apache web server, are you hosting an internal or external website from that system? As far as preventing these types of attacks, you may want to look into a network level solution such as a firewall or IDS/IPS, or look at configuring it to be more aggressive if you already have one. Let me know if you have any questions!

Thanks @WreckedByEmotet, It is typical to see the loading wheel when attempting to log in to cloud.malwarebytes.com with your OneView credentials. You'd want to make sure you're navigating to oneview.malwarebytes.com, unless you're logging in with a user account that was created in a client's Cloud Console. Let me know if that gets things working better, or if you continue to have trouble!

I see. When you mention it didn't work during those times, did you receive the spinning wheel when trying to access a site? Was this after selecting "Manage Security" in a site pane, or something else?

I see. Can you have the SuperAdmin follow the steps I provided previously to add you to all groups you'll be responsible for managing? I suspect that will resolve the issue for you.

I was just curious if you had incognito browsing set as default in chrome, and this issue would not be caused by an absence of Endpoint Protection on your machine. Can you tell me if the account you're logging in to the Cloud Console with is assigned any groups to manage? (you may have to do this from a different account) You can find out by navigating to 'Settings' > Users > select your username > select 'Edit' in the upper right > you should have one or more groups assigned. Let me know what you find!

Hi @WreckedByEmotet, Sorry to hear you're having trouble. Has the experience improved today? Is the delay encountered after selecting Manage Security for a site, logging in to the OneView console, or something else?

Hi @Ob1, I'm assuming you already have endpoints deployed? If so, are you defaulting to incognito browsing?

I see, it sounds like some configuration files may have been left behind from the previous client install on the image. Let's try running the Malwarebytes Business Support Tool to clean up any remaining traces of the previous install. Malwarebytes Support Tool for business environments https://support.malwarebytes.com/docs/DOC-2333 Once you've completed the cleanup process, please check for the following directories and if present, delete them. C:\Program Files\Malwarebytes Endpoint Agent\ C:\Program Files\Malwarebytes C:\ProgramData\Malwarebytes C:\ProgramData\Malwarebytes Endpoint Agent After that, reinstall from a fresh client package. Let me know if you run into any trouble or that gets it working for you!

Hi Chevelles240, It sounds like you've deployed these clients from a master image that was captured improperly, wherein the managed client was allowed to pull a unique ID. Consequently, those clients now share a UID and any future clients deployed from that image will exhibit the same behavior until it is corrected. The below knowledge base article outlines the steps for capturing a master image, let me know if you have an questions or run into any issues! Prepare an image in Sysprep for Malwarebytes managed client https://support.malwarebytes.com/docs/DOC-1132

Hi La_Poutine, We don't currently have historical administrator guides publicly available. That said, I've confirmed that the SQL requirements were unchanged from 1.8 to 1.9. I would definitely suggest upgrading to 1.9, though, to make sure you're getting the most current features and improvements.