Jump to content

Testing Malwarebytes MC


Recommended Posts

So we install MBMC on a test box, and I am able to scan AD OUs

1) It only seems to find a couple machines per OU, 89/336 for example in our Labs.

2) I scanned an OU with a known computer and had to shut off windows firewall for it to appear in the MC, i assume ill have to add the client port via gpo to all machines?

3) When i tried to install the client on my laptop with the firewall turned off, i reciever the following error with

        3a) wmi un checked: 

Computer Name Domain/Workgroup IP Address Execution Result Anti-Malware Version Anti-Exploit Version Last Detection Time
DESKTOP xxxx   Installation failed. Failed to open Service Control Manager DB. IP Address x.x.x.x. Win32 error code [5]    

3/2/2017 11:17:04 AM

 

      3b) wmi checked:

Computer Name Domain/Workgroup IP Address Execution Result Anti-Malware Version Anti-Exploit Version Last Detection Time
DESKTOP xxxx x.x.x.x Installation failed. The RPC server is unavailable. Please allow WMI through Windows Firewall.     3/2/2017 11:17:04 AM

 

I am using a Domain Admin account for the push

Link to post
Share on other sites

  • Staff

Hello agarabaghi, here's some answers to your questions.

1) It only seems to find a couple machines per OU, 89/336 for example in our Labs.

For your OU scanning, if you have machines on other subnets and vlans than what the server is on, those machine will not show up. Microsoft has deprecated the use of netbios name services over subnets/vlans. The updates in question which block netbios across subnets are KB3161949, KB3163017 and KB3163018. There's four options available:

  1. Modify (if existing) or create the registry key HKLM\SYSTEM\CurrentControlSet\Services\NetBT|AllowNBToInternet a 32 bit dword with a value of 1.
  2. You can also bypass this with a GPO to allow an exception for netbios if you are using Windows Firewall:58b8a9471dff5_KBGPOWorkaround.jpg.a21bfdded939004886bad14d18fef1cb.jpg
  3. Use an offline installer package created by the console in Policy -> Create Installation Package to install locally or through GPO/SCCM.
  4. Remove the updates from the server and the endpoint temporarily.

2) I scanned an OU with a known computer and had to shut off windows firewall for it to appear in the MC, i assume ill have to add the client port via gpo to all machines?

Yes, firewall off or ports for deployment needs to be done.

Pre Reqs
Firewall off or ports for mbmc are open (defaults are 18457, 443 and 137)
.NET Framework 3.5 installed and enabled.
Windows Installer 4.0 or higher.
Network discovery, File sharing and Printer sharing turned on . 

3) When i tried to install the client on my laptop with the firewall turned off, i reciever the following error.

The Win32 error code 5 means you need to use the WMI option. RPC failure on the machine means that the WMI needs to be opened on the machine. You may experience this problem, even with the firewall off, depending on the permissions settings of a target endpoint.

RPC server is unavailable. Please allow WMI through Windows Firewall.

If this occurs, open a command line window on the endpoint (as an administrator) and enter the following:

Old commands, Win 7 and below:

netsh firewall set service RemoteAdmin enable

New commands, Win 8 and above:

netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.