Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

Correct method to update Anti-Exploit

Simon_2016
 Share

Recommended Posts

Simon_2016

Simon_2016

Posted
Posted

Hello,

I've upgraded the management console and server to 1.8.0.3443.

I've upgraded the anti-exploit agent on the same management server to 1.09.2.1413

However, when I run the client push update in order to update all clients it lists v 1.09.2.1291 and not 1.09.2.1413. How do I get the server to push out this edition?

Thanks

Simon

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hey Simon,

 

I understand now, thank you. So aside from the deployment of what MBMC currently has in it and doing a manual install like you did, the only other way of updating endpoint agent clients is to use the automatic update feature that is in mbae. With the setting enabled your clients will reach out and get the latest version and install it without you having to do anything manual. If you go into the policy your clients are on in the management console, you should see the anti-exploit tab at the top. In the upper right corner should be the option for automatic updates. If you want to enable that, it will allow your clients to update when the latest version is released automatically. So if you set that and have your clients check in and get the policy update, they will reach out and get the newest anti-exploit version shortly after that. 

Link to post
Share on other sites
Simon_2016

Simon_2016

Posted
  • Author
Posted

Thanks for getting back Ron.

I've had the 'Automatically upgrade anti-exploit on clients' enabled for almost a week now and the clients aren't receiving the latest MBAE version. I've added the following to the firewall:

https://data.service.malwarebytes.org

https://data-cdn.mbamupdates.com

https://keystone.mwbsys.com

Any ideas?

Thanks

Simon

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hey Simon,

 

It may because of this one:

 

https://sirius.mwbsys.com

 

Sirius is where anti-exploit goes to check in and get updates as well. So make sure that is added along with all of them being allowed outbound 443. That should allow you to connect and get it. Once you do that, restarting the computer should prompt it to reach out to the server and update. If it doesn't update after about 10 minutes, collect the C:\Programdata\Malwarebytes anti-exploit log directory from one of the computers and I can take a look at why that is occurring! 

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hey SImon,

 

I am not seeing any errors in those logs. Do you happen to have any network firewall restriction that prevents .exe's from being downloaded from CDN's like that? From a few customers I worked with this is not uncommon and will stop our program from updating. It reaches out to those addresses when a service is restart happens (or through the day) to check if it has the latest version. If it doesn't, it pulls the .exe package directly and runs it under the system account. If you don't, we may need to get a wireshark log next after a service restart occurs. But lets look into the .exe possibility first. 

Link to post
Share on other sites
Simon_2016

Simon_2016

Posted
  • Author
Posted

Hello,

I've asked whether or not access to cdn's and in particular  https://data-cdn.mbamupdates.com are restricting exe downloads and I've been told no.

Using wireshark I can see (after stop/starting MalwareBytes Anti_exploit service)  that the endpoint is successfully reaching out to 52.22.111.103 which is Sirius.mwbsys.com by my reckoning. I can't see any attempted connections to data-cdn.mbamupdates.com which seems to translate to 92.122.164.242. I can get a copy of these logs over to you if you have a secure method?

Thanks

Simon

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.