Jump to content

Recommended Posts

Hi there,

I have rolled out MBES from the admin console to all workstations with no problems.

However, I've found that when I roll out MBAM and MBAE via the console to servers, the MBAE isn't starting.

The program is installed but the service wont start.

When I try and start the service I get "The MBAE service on local comp started and then stopped...".

Please advise.

Share this post


Link to post
Share on other sites

Hello Kieferschild,

 

I want to have you collect me some logs from one of the machines experiencing this issue. To do this, follow the instructions from this post:

 

 

Share this post


Link to post
Share on other sites

This is becoming more urgent because it's doing it at my customer's site too.

If I go to the MBAE program directory and do mbae-svc.exe -install i get:

.... Service deleted followed by .CmdInstallService<772>: Malwarebytes... service failed to start.

 

Share this post


Link to post
Share on other sites

its happening to me from long time. it's happening to few machine not all of them. try to do below.

 

can you try: "Set the failure options for the sccomm service(MeeClientService) under Properties-> Recovery to 'Restart the Service' for all 3 fail options".

after that restart computer and check if services start automatically.

Edited by preyash
need to add more stuf

Share this post


Link to post
Share on other sites

doesnt work, i cant start the service.

26 minutes ago, preyash said:

its happening to me from long time. it's happening to few machine not all of them. try to do below.

 

can you try: "Set the failure options for the sccomm service(MeeClientService) under Properties-> Recovery to 'Restart the Service' for all 3 fail options".

after that restart computer and check if services start automatically.

 

Share this post


Link to post
Share on other sites

can you create installation package from policy tab on MBMC console. try to uninstall from one machine and install it from installation package and restart your machine.

 

let me know the pout come.

Share this post


Link to post
Share on other sites

Hello Kieferschild,

Do you mind taking a screenshot of the anti-exploit program files (or programfiles(x86) directory. I want to see if the files are being swapped correctly for the upgrade. Also, there was an additional log I needed from that forum post. I want to see what is installed on the machine that may be preventing our service from starting. To get these logs:

1: Please download FRST from the link below and save it to your desktop:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.

3: Click the Scan button

4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
 

 

 

Share this post


Link to post
Share on other sites

Rsullinger,

I'm not comfortable with downloading random software from a website full of ads for the sake of gathering info, which is why I didn't include it before. Annoyed that Malwarebytes doesn't have it's own data collecting tool since it's required. There is information in these logs which I do not want to be published on the internet for obvious reasons.

1.PNG

Share this post


Link to post
Share on other sites

Hello Kieferschild,

 

Thank you for the screenshot and the log. If you notice in the screenshot, there is ._'s on some of the files. Those are actually the update files for the new 1334 version. Something prevented them from being swapped out when the upgrade was done so those files are created and will be swapped out on the next reboot. At that time, our program will remove the old ones, rename the new ones and the service should start. Have you rebooted this particular computer since the initial incident? 

Share this post


Link to post
Share on other sites

Hey Kieferschild,

 

Its no problem! It is only in certain cases that a reboot is needed when a upgrade of the anti-exploit client is done. So there may have just been something loaded in which anti-exploit couldn't unhook during that time. Please let me know if you have any other questions! 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.