Jump to content

Management Console Reports offline machines as online


Recommended Posts

CUrrently, some machines have Malwarebytes latest versions and others have 1 version or more lower. I tried forcing the update by opening the program and pushing the update and I tried updating through the malwarebytes management console. I was only able to get them to update by either rebooting the machine or turning off and restarting the malwarebytes services. 

Also, the Malwarebytes management console does not seem to always be correctly reporting the client information. For instance, it still shows a client that is offline as online with a logged in user and some of the database versions for the clients are showing differently than on the client machine itself. I have gotten it to update by restarting the client or the malwarebytes services.

Link to post
Share on other sites
  • Staff

Hi @StroTech, if the Managed Client version does not match you Console version, the clients will not report correct information. Your check-in interval can also affect whether correct information is displayed as the client pane will not change the data about that client until that client check-in has taken place.

For the upgrade piece, when your Anti-Malware portion moves from 1.75.0.1300 to 1.80.2.1012 or 1.80.0.1010/1.80.1.1011 to 1.80.2.1012, a reboot is required to load the new drivers.

Link to post
Share on other sites

We are having an issue where the malwarebytes management console will report an offline machine as online and with a user still logged in. Have tried turning off and on the MEEClientservice (SCCommService) and that works fine, when I turn it off, the client goes offline and when i trun it on the client goes online. However, when the computer sleeps, restarts, or shuts down, the client still shows as online. It is as if the Management Console is not getting the information that MEEClientService is being shut down when the computer does, or sleeps.

Have tried tinkering with different settings to no avail, also tried fresh reinstalls after using the removal tool.

Link to post
Share on other sites
  • Staff

Hi @StroTech, grab some info from an example client.

MBMC Client log
On the client go to C:\Program Files (x86)\Malwarebytes' Managed Client and run the tool CollectClientLog.exe. Attach the folder it generates.

Frst Log
Please follow the steps below to run frst.

1.) Please download frst and frst64 from the link below and save it to your desktop:

FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST
FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64

Note: You need to download the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your computer; that will be the right version. Some traditional Anti-Viruses may false positive the download or running frst, I can assure you it is safe. If this happens, please temporarily disable the AV.

2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears.
3.) Click the Scan button
4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt.

Please attach MBMC client log, frst.txt and Addition.txt in your reply.

 

  

Link to post
Share on other sites
  • Staff

@StroTech, I recognize that username in the logs ;p I've actually been helping Vincent with your case. I asked him to follow up with you to get a new MBMC server log set, the last one was corrupted and I could not extract them.

We cannot test traffic from an offline client, the managed client software is what controls communication, if the client machine is off, there's no way that client itself is who is saying it is still online. Because of this I suspect that the check-in interval is far too long, the policy is corrupted and holding a longer value than you set or there is possible database corruption with duplicate clients. So when one is off, the other is on and reporting as the name of the first one of them that checked in. We'll continue within your case ticket and its escalation, no sense in doing the diag work twice.

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.