Jump to content

Offline Clients Still Showing as Being Online


Recommended Posts

We recently upgraded our Malwarebytes for Business implementation to Malwarebytes Endpoint Security 1.8.0.  After upgrading some of our endpoint clients, they are showing as being online with the green light and users logged in when they are actually offline.  Connectivity does not appear to be an issue as they are still getting their daily database updates and protection is showing as enabled.  This is the first time that I have had a problem with the Management Console misreporting the computer state.  Does anyone know why this is happening?

Link to post
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Thanks, Dyllon, Actually, I didn't have Auto Refresh checked.  However, even after doing a manual refresh, the computer state is not accurate.  I have a system that I know is on, but is showing as being offline this morning.  I have version 1.8.0.3431.

Link to post
Share on other sites
  • Staff

3431 has a zero integer check-in timer bug, which sounds like exactly what you are experiencing. I would recommend getting on the 3443 hotfix build as soon as possible. Re-download the package like you did for 3431, the new console installer will be on that same link.

Link to post
Share on other sites

After updating to 1.8.0.3443, I am still getting unreliable workstation status reporting.  Example:  I have a test machine that has been off since yesterday afternoon, and the console is still reporting it as being on and logged in as of this morning.  I have been running Malwarebytes for Business for the past 3 years and have never had so many problems since upgrading to 1.8.0.  Is there anything that can be done to resolve this?

Link to post
Share on other sites
  • Staff

May I have you change the policy to the auto / 5 second setting and then restart the MEEClientService on the machine under test to force a new check-in / policy pull? The auto setting will stagger the check-in automatically based on the size of the deployment.

Link to post
Share on other sites

I duplicated the current policy and assigned it to my test machine.  The automatic update setting is still showing at 10 minutes.  Unfortunately, there is no option to set the update interval below 1 minute. I'm still wondering why the check-in time was showing 600 minutes when the policy is set to 10 minutes.  Something clearly is not working properly.  Where do we go from here?

Link to post
Share on other sites

It looks like a 5-second stagger won't be available in my situation as this option is only presented when the total number of registered machines is under 50.  I guess this is based on the global number of registered machines, not via the number of machines assigned to a specific policy.

Link to post
Share on other sites
  • Staff

Hey @cjones_ufv, my bad on the timer, it slipped my mind that it is a global number. Somehow that check-in number became corrupted; either on the endpoint due to a mismatch between console / client communicator before 0 timer bug or in the SQL table as the policy is pulled from it. It may be worth moving everyone to the policy copy you made and deleting the original in case the SQL table is the reason why the timer was so long. Having the timer at 10 minute auto should be fine, but the shorter manual interval is useful to test with since you don't have to wait so long to see the changes. Any other stragglers that are not picking up the changes or are not showing the correct status, go ahead and restart their MEEClientService to force a new check-in to get them reset.

Edited by djacobson
Link to post
Share on other sites
  • Staff

MEEClientService is tied to the sccomm.exe process, it must be running at all times for the clients to be able to check-in, it is the process that controls the server/client communication. If MEEClientService is unable to run, be sure to have C:\Program Files (x86)\Malwarebytes' Managed Client\sccomm.exe ignored by whatever other security software you have in place.

MbamScheduler.exe is your scheduled scan task engine. It should be running or scheduled scans will not kick off.

MbamService.exe is your real time protection engine, it should also be running or you have none of the real time protection features.

Link to post
Share on other sites

That's interesting.  I was pushing out the client to a workstation yesterday.  At first, I couldn't find it when scanning the IP.  I fixed some firewall issues and ensured that the RemoteAdmin service was enabled.  I was then able to scan the workstation and push the client out.  The installation was successful.  However, the client failed to register.  "The client has not been registered.  The installation procedure has ended before the client registered"  Even when I manually uninstall the client and re-install locally, it will not register with the management console.  When I checked the services, only the MbamScheduler service was running.  Any ideas what is going on here?

Link to post
Share on other sites
  • Staff

Usually registration failure is not a show stopper, the installs should be fine, although with the lack of services running, there must be a deeper issue. What that regfail error means is client did not check back into the server within a set hardcoded time-frame. It could be because of firewall, network speed and another security product interfering with our communication. It is most likely happening because the sccomm process is not running or even getting installed.

Let's check some things. On your server go to C:\Program Files (x86)\Malwarebytes Management Server\PackageTemplate and check the file sccomm.xml file. Make sure it contains the correct server address.

On a client with the check in issue, go to C:\ProgramData\Sccomm and check out the sccomm.xml there, check that the server info is correct.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.