Jump to content

Calebxx1

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @LeeWei Hi, I was wondering if there is a way to turn Asset Information, Software Installed, and Updates Installed into a generated report that could be emailed to the user similar how the Summary Report can generate a PDF/HTML report of Endpoint Data and Detections and Threats.
  2. Hey, I saw that thank you. I sent back a screenshot of the test you had me do. It passed! I'll continue to communicate through the email and ticketing system, that is preferable.
  3. Here is one more view of port 443 after running netstat -an | grep 443, some of them appear closed_wait. I'm assuming ALL 443 need to be open?
  4. I tried running that mbstcmd and it said this app can't run on your PC and to find a version for my PC. I'm running Windows 10 Pro (a second image is attached). Sorry, here I ran Telenet MYPCNAME 443 on my local machine/client and it came back with this:
  5. I do not believe I have made a modification to "verify_network variable" because I do not know where to locate this. I have been able to install Malwarebytes through the EndPoint Agent Deployment tool on my PC, but then I uninstalled it because the method I would like to see everything installed through is GPO because I have remote users. After removing and restarting my computer I have some logs: 2020-02-11 09:57:38,895 [1 ] ERROR MBAMPlugin Could not remove uninstall log file. C:\ProgramData\Malwarebytes Endpoint Agent\Logs\mbamuninstall.log System.IO.IOException: The process cannot access the file 'C:\WINDOWS\TEMP\mbamuninstall.log' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalDelete(String path, Boolean checkHost) at EAMBAMPlugin.MBAMPlugin.UninstallCleanup() 2020-02-11 09:57:27,710 [1 ] ERROR TrayModule RemoveRegistryLocalMachineSettings System.ArgumentException: Cannot delete a subkey tree because the subkey does not exist. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey, Boolean throwOnMissingSubKey) at EAEngine.UserModules.TrayModule.RemoveRegistryLocalMachineSettings() I verified the clients are having issues. I opened cmd prompt and used "telnet COMPUTERNAME 443" and the console responded with: Connecting To MEDNET-1KHFVZ1...Could not open connection to the host, on port 443: Connect failed Also, I ran rsop.msc to view which GPO were applied to my PC and it shows that the GPO I created is apart of my PC. I have attached a file to demonstrate this. Let me know if any of this is helpful.
  6. I do not believe I have made a modification to "verify_network variable" because I do not know where to locate this. I have been able to install Malwarebytes through the EndPoint Agent Deployment tool on my PC, but then I uninstalled it because the method I would like to see everything installed through is GPO because I have remote users. After removing and restarting my computer I have some logs: 2020-02-11 09:57:38,895 [1 ] ERROR MBAMPlugin Could not remove uninstall log file. C:\ProgramData\Malwarebytes Endpoint Agent\Logs\mbamuninstall.log System.IO.IOException: The process cannot access the file 'C:\WINDOWS\TEMP\mbamuninstall.log' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalDelete(String path, Boolean checkHost) at EAMBAMPlugin.MBAMPlugin.UninstallCleanup() 2020-02-11 09:57:27,710 [1 ] ERROR TrayModule RemoveRegistryLocalMachineSettings System.ArgumentException: Cannot delete a subkey tree because the subkey does not exist. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey, Boolean throwOnMissingSubKey) at EAEngine.UserModules.TrayModule.RemoveRegistryLocalMachineSettings() I verified the clients are having issues. I opened cmd prompt and used "telnet COMPUTERNAME 443" and the console responded with: Connecting To MEDNET-1KHFVZ1...Could not open connection to the host, on port 443: Connect failed Let me know if any of this is helpful.
  7. Also, in regards to the ports, Do involved ports need to facilitate bi-directional traffic on both server and client?
  8. Hi @knguyen1, I have tried to add what is listed in the article https://support.malwarebytes.com/hc/en-us/articles/360039025153-Network-access-requirements-and-firewall-settings-for-Malwarebytes-Cloud-Platform previously, but cannot figure out where in the Firewall you add these links. I navigated to Control Panel > Windows Firewall > Advanced Settings > Outbound and created a New Rule with port 443, but I don't see any option to add the addresses in there. I've done a lot of googling and youtubing to, but have not been able to find a tutorial or documentation that details more specifically how to do this. Can you give me further direction than what the article there is providing please.
  9. Hi @knguyen1, Thanks for reaching out. I've verified the MSI/EXE file can be installed locally on machines and nothing is preventing a standard install. PC is then seen in the console. I have also verified on other machines that it is not installed. I took a look at the Event Viewer like you recommended; Event Viewer > Windows Logs > Application, and I've noticed a warning and an error that the source column says is related to Malwarebytes Endpoint Agent. Take a look and let me know what you think please. The warning says: The error says:
  10. Hello, I have created a GPO by following this guide: https://www.empsn.org.uk/knowledge-base/malwarebytes-deploy-to-your-network-with-gpo/ and it "kind of" works. So far 10 devices have received the .msi install of Malwarebytes. One user is remote and the other nine are internal/on the network. Does anyone have any ideas why after restarting their devices my other users do not receive the install of Malwarebytes?
  11. Hi, I am trying to deploy Malwarebytes to internal and remote users by using the Discover & Deployment tool. Less than 5 of the 80 users have successfully had Malwarebytes installed (some are internal some are remote), the rest fail. Deploy Method > Find EndPoints > Active Directory is the only one that I have been able to have any success with. I've looked at the logs and they give me a variety of different answers. Can anyone give me some tips please.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.