Jump to content

Malwarebytes Management Console Showing Protection off on All clients


Recommended Posts

I am a brand new user and we purchased the Malwarebytes Endpoint Security 1.7.7.00.00.  We only wanted the Anti-Malware.  I installed the software on a server and proceeded to go through the motions of scanning clients.  We have 16 facilities across our state, so I wanted to be able to push the client out to the many computers.  Initially at my home site, I installed the free version.  When I tried to push the client out to the local site, it did not work.  I was told that I had to uninstall the free consumer version and then push out the client.  I did that and I can see the client on the console, but it shows offline.  When I created a installment package and installed it on each computer at my local site, it shows online and then goes to offline.  Protection mode is showing turned off.  Now when I try to push any client, I get an error, that the RPC has failed.  

I tried to create another policy and change the clients to use another profile, some switched and some did not.  

Malwarebytes error.docx

Link to post
Share on other sites
  • Staff

Are you trying to deploy to roaming clients and remote sites? As a heads up if so, roaming and remote clients/sites are not supported by the console at this time, it needs to be on-prem, local. You will need VPN or DMZ setup to force it to do something like that. Easiest setup would be a console for each location. You can install as many consoles as you need, seats count against the endpoints only.

For the other pieces, client offline means that the MEEClientService in services is off or unable to start. If it is unable to start, add the controlling process, C:\Program Files (x86)\Malwarebytes' Managed Client\sccomm.exe, to be explicitly whitelisted on any other security software you have in place.

Protection offline means that either a consumer or biz standalone was present before the push and now the client has a driver conflict or your other security software is interfering with C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe and will need to be explicitly whitelisted as well.

RPC failure on the machine means that the WMI needs to be opened on the machine. You may experience this problem, even with the firewall off, depending on the permissions settings of a target endpoint.

RPC server is unavailable. Please allow WMI through Windows Firewall.

If this occurs, open a command line window on the endpoint (as an administrator) and enter the following:

Old command for Win 7 and below:
netsh firewall set service RemoteAdmin enable

New commands for Win 8 and above:
netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

 

Link to post
Share on other sites

Thank you for your response, but this is not necessarily the case.  I was able to push to an offsite location and yes, then had to manually configure it with the mbam.exe in order for the protection to turn on and show up in the console.  I know it is not my AV, because I push the client out to a local computer, that had nothing on it at all except Windows and still had the same issue.  The issue was not the AV, but that mbam.exe did not install with the managed version of the software.  Once I installed the unmanaged version, turned on the MMEEclient, everything worked fine.  This is just a cumbersome process until this is fixed.  I have 400 computers to do across 16 sites.  I was avoiding having to be local on each site and I was told the console would work.

Link to post
Share on other sites
  • Staff

Your clients may not be able to update or respond to the console correctly in the future if you used the unmanaged install over the top of a managed build, they use the same driver name but the managed one is heavily modified to work with the console. My apologies if I am misunderstanding this and you only dropped mbam.exe on there.

Install files not being placed where they need to be on a fresh machine suggests interference by Windows Defender or a permissions problem with running installers from temp folder locations or network shares.

You can always create a managed offline installer from within the console under Policy \ Installation Package, that way it will have the correct pieces and the info needed to reach back to your server without hodgepodging two separate build types together.

Edited by djacobson
Link to post
Share on other sites

djacobson - thank you for your response.

The clean machine had nothing on it other than Windows.  I did create an offline installer and that does not work either.  I really believe there is a bug in the program which is preventing this from working properly.  The managed program does not include mbam service and the meeclient service will not start.  Malwarebytes support looked at my computer and that was determined to be.  They thought it was due to Mcafee.  That is why i used a clean machine to do my test.  The only thing installed was Windows.  

Link to post
Share on other sites

djacobson

I just reformatted a computer.  Installed Windows only.  Put the computer on the domain, installed the managed standalone version created from the console.  And no change.  I can see the device listed in the console.  I started the service MEEclient.  The mbam service is not present at all.  The Meeclient would not stay running, but would stop.  There is something wrong with the program.

Link to post
Share on other sites
  • Staff

Are you making an EXE or MSI? For the EXE, are you right clicking and running as admin? That needs to be done no matter if you are logged in as admin already.  For MSI, are you running it from an already elevated CMD? Use msiexec /i clientsetup.msi /qn in an admin elevated prompt.

Additionally, make sure you are copying the install file locally to the computer to which you are installing, it cannot be ran from a drive share.

Be aware that fresh Windows installs will still have Defender on them unless you snapped a custom image of it with those services explicitly disabled. WinDefend service runs under an svchost process in Win 7.

Edited by djacobson
Link to post
Share on other sites

Thank you.  I just spoke with Malwarbytes support and this is bug in the Console version 1.8.  I was told that a hotfix is due to release today which should fix this issue and if not, I can go back to version 1.7 and should be fine.

 

Thanks for all your help.

Link to post
Share on other sites

Okay, so you are saying that this hotfix is not going to fix the check in issue that I am having?  To answer your previous question, I am installing the client as an admin.  I reformatted the desktop and installed it from a disk.  Windows defender was not a part of the Windows install disk and it still did not work.   This is becoming very discouraging.

Link to post
Share on other sites
  • Staff

The check-in issue maybe if your logs have shown the zero timer entry, but the check-in bug doesn't cause the services/processes to not be created. Are you logged in as admin just clicking the installer or logged in as admin and right clicking the installer and selecting run as administrator?

Link to post
Share on other sites
  • Staff

You can use the unmanaged installer to get MBAE on the system without having to redo the current deployment. Unmanaged MBAE will convert to managed in the presence of the managed client communicator. Only MBAE can do this, MBAM cannot. You can leverage one of the following options for the installation:

  1. Using the MBAE Standalone MSI Installer to upgrade specific endpoints via Active Directory GPO.
    • Command to execute: “msiexec /i mbae-setup-1.xx.2.xxxx.msi /quiet”.
    • This has the benefit of only upgrading the MBAE agent without having to re-deploy the communications agent and MBAM agents.
       
  2. Using the MBAE Standalone EXE Installer to upgrade specific endpoints
    • Manually: By running the MBAE EXE installer locally on the endpoint (i.e. double-click).
    • Remotely: By running the MBAE EXE installer silently over the network using command-line options and relying on existing deployment tools like SCCM, psexec, etc. (for ex “psexec \\targetcomputer -u DOMAIN\administrator -p mypassword -d \\FILESERVER\Installers\mbae-setup-1.xx.2.xxxx.exe /log /SP- /VERYSILENT /SUPPRESSMSGBOXES”).
      TIP: The command "psexec \\*" will execute the installer command on all workstations belonging to the Domain.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.