Management Console Reports offline machines as online

[StroTech]

CUrrently, some machines have Malwarebytes latest versions and others have 1 version or more lower. I tried forcing the update by opening the program and pushing the update and I tried updating through the malwarebytes management console. I was only able to get them to update by either rebooting the machine or turning off and restarting the malwarebytes services. 

Also, the Malwarebytes management console does not seem to always be correctly reporting the client information. For instance, it still shows a client that is offline as online with a logged in user and some of the database versions for the clients are showing differently than on the client machine itself. I have gotten it to update by restarting the client or the malwarebytes services.

[djacobson]

Hi @StroTech, if the Managed Client version does not match you Console version, the clients will not report correct information. Your check-in interval can also affect whether correct information is displayed as the client pane will not change the data about that client until that client check-in has taken place.

For the upgrade piece, when your Anti-Malware portion moves from 1.75.0.1300 to 1.80.2.1012 or 1.80.0.1010/1.80.1.1011 to 1.80.2.1012, a reboot is required to load the new drivers.

[StroTech]

Sorry, I meant the database version when it updates, not the client program itself

[StroTech]

We currently use management console version 1.8.0.3443, but the managed client version is 1.7.0.3208. How do we go about getting a similar version of the managed client?

 

[StroTech]

Nvm, figured out how to update it, will let you know if it does not work

[StroTech]

Ok, so the clients have updated version of malwarebytes. They seem to be updating the protection version now, however, They still show as online when turned off.

[djacobson]

How long is your check-in time set for and do you have auto-refresh on in your client view?

[StroTech]

We are having an issue where the malwarebytes management console will report an offline machine as online and with a user still logged in. Have tried turning off and on the MEEClientservice (SCCommService) and that works fine, when I turn it off, the client goes offline and when i trun it on the client goes online. However, when the computer sleeps, restarts, or shuts down, the client still shows as online. It is as if the Management Console is not getting the information that MEEClientService is being shut down when the computer does, or sleeps.

Have tried tinkering with different settings to no avail, also tried fresh reinstalls after using the removal tool.

[StroTech]

Sorry for the late response, the checkin time is 10 minutes and I do have auto refresh on

[djacobson]

Hi @StroTech, grab some info from an example client.

MBMC Client log
On the client go to C:\Program Files (x86)\Malwarebytes' Managed Client and run the tool CollectClientLog.exe. Attach the folder it generates.

Frst Log
Please follow the steps below to run frst.

1.) Please download frst and frst64 from the link below and save it to your desktop:

FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST
FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64

Note: You need to download the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your computer; that will be the right version. Some traditional Anti-Viruses may false positive the download or running frst, I can assure you it is safe. If this happens, please temporarily disable the AV.

2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears.
3.) Click the Scan button
4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt.

Please attach MBMC client log, frst.txt and Addition.txt in your reply.

 

  

[StroTech]

Here they are:

 

MBMC_Client_Diagnosis_Info_2017_06_30_131608.zip

FRST.txt

Addition.txt

Edited June 30, 2017 by StroTech

[StroTech]

Are the logs still being looked at?

[djacobson]

I have not yet been able to, we were off for the holiday and we've also been reorganizing the forum. I'll get to them as soon as I am able.

[djacobson]

@StroTech, I recognize that username in the logs ;p I've actually been helping Vincent with your case. I asked him to follow up with you to get a new MBMC server log set, the last one was corrupted and I could not extract them.

We cannot test traffic from an offline client, the managed client software is what controls communication, if the client machine is off, there's no way that client itself is who is saying it is still online. Because of this I suspect that the check-in interval is far too long, the policy is corrupted and holding a longer value than you set or there is possible database corruption with duplicate clients. So when one is off, the other is on and reporting as the name of the first one of them that checked in. We'll continue within your case ticket and its escalation, no sense in doing the diag work twice.

[StroTech]

Ok, I just uploaded the new logs to Vincent.

[atrave]

Any solution for this problema @StroTech @djacobson????I have same proble in this post and no solution 

 

After upgrade MC and clients....all clients now appears online. I powered off pc's, but MC stills showing online. No SSL cert problem. The problem is on the upgrade of MC. 

 

 

[djacobson]

4 hours ago, atrave said:

I have same proble in this post and no solution 

Gather the same logs outlined here on post #10.

[spnkzss]

Same problem.  Has there been any updates?

[djacobson]

@spnkzss, gather logs and submit them, each case with this can have unique root causes.

[djacobson]

locking due to inactivity