Jump to content
kahml

Running Tasks in Endpoint Protection

Recommended Posts

I am running a trial of the new Malwarebytes Endpoint Protection on my own computer.

I have installed the agent and it shows active in Services; however, I have submitted three activities:  Check for Updates, Refresh Asset Info, and Threat Scan.  After more than four hours they are all still in the "Pending" status.

What does it take to activate these - because I can't seem to find a "scan immediately" option?

Thanks!


 

Share this post


Link to post
Share on other sites

Hi @kahml are you still using the default policy or have you set up your own policy yet? The program's initial install during deployment is only the communicator and the platform. You'll need to flesh out a group and policy, with the pieces of the software which will actually do the protection and scanning, set to be pulled to the endpoint by the communicator/platform piece.

Share this post


Link to post
Share on other sites

Are you suggesting that because I am using the default group and the default policy that nothing will take place?

If that's the case, then your documentation is missing a very BIG piece of the puzzle...

 

Share this post


Link to post
Share on other sites

Extremely. I am actually working on KB's that will go over initial setup and configuration. I apologize that you got trapped in that. Hop into your default policy, go to the endpoint protection section, and turn on the main piece. Once that is done, all the machines tied to this policy via the group will then pull down the protection pieces, from there they will then be able to process what you've asked them to do.

Also be aware that the Anti-Ransomware portion does not support server OS at all. Any servers you have are going to need their own group and policy with the Anti-Ransomware portion turned off.

Capture.JPG.8216748e7a0289413e642fa636511296.JPG

Share this post


Link to post
Share on other sites

But with some further poking around, I found the Logs in the ProgramData folder and there seems to be a problem posting data back to the web:
 

2017-08-29 20:38:31,724-04:00 [39] ERROR EAEngine Error posting to Nebula. Url:/api/v1/machine/results
System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed to /api/v1/machine/results. Http Code: 400 Reason:Bad Request
    Body Response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidArgument</Code><Message>Unsupported Authorization Type</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIyMDE3LTA5LTEyVDE2OjMzOjQzWiIsInMiOjIsInYiOjEsInQiOiJtYSIsImtpZCI6ImRlZmF1bHQiLCJkIjp7ImFpZCI6ImY5NGFlOGY3LWFkZWQtNGJmNC1hMmRhLTQ3YThkNmE2NmFlOSIsIm1pZCI6IjNhZTFiMDE0LTlkY2ItNDBkYy04MWIyLTQ4MWFmM2NhM2Y0OSJ9fQ.dZ9706B1YJ2MNnS6BrOn8kMEnc17a53PUztRkEfWzfQk1MIKClcRUZzZqAD1M24Lx_euYJaMmdEpv_Cl4kGgFw</ArgumentValue><RequestId>180DBB2DC9D521D7</RequestId><HostId>knF1DHsLsDx5FL1ujJ5cl7PVjSZ0BQ5/CeGPkvGxvl3U7WiyRiUv833Ih4k5z3Dl+32FlCUOlI8=</HostId></Error>
   at EAEngine.Http.EAWebClient.<EnsureSuccessStatusCode>d__20.MoveNext()

 

And this is repeated on and on...

Share this post


Link to post
Share on other sites

We are seeing the same thing and we have already created a Non-Default policy and group. Seeing the same thing in each of the endpoints logs as well. All the endpoints show online but console gives us

"Unable to retrieve endpoint agent information.

If the problem persists, contact Malwarebytes support."

Share this post


Link to post
Share on other sites

OK, so I created a test group and a test policy - still no dice.

So I deleted this computer from the console and then ran the MBAM clean utility (I had previously had the business edition installed) and rebooted.

This time, I used the Discovery Tool to install and found - based in the logs - that this is working, but it simply cannot post the data to the web.

Zipped logs are attached if there is someone who can review them...

Logs.zip

Share this post


Link to post
Share on other sites

Having the same issue. Tasks are just sitting at pending for 2 days now.  Have created new group and policies. Are there any ports that needed to be allowed through firewall?

 

Edited by rm304

Share this post


Link to post
Share on other sites

Im seeing this in the log for one of my domain machines. "HTTP Request failed to /api/v1/machine/sync. Http Code: 502 Reason:Bad Gateway"


 

Share this post


Link to post
Share on other sites

Has everyone here completed their external access requirements?

You can be found in the admin guide on page 2 - MBQSG.pdf

and in our KB area here - https://support.malwarebytes.com/docs/DOC-1760

External Access Requirements - If your company’s Internet access is controlled by a firewall or other access-limiting device, you must grant access for endpoint agents to reach Malwarebytes services.

https://cloud.malwarebytes.com
https://telemetry.malwarebytes.com
https://data-cdn.mbamupdates.com
https://data-cdn-static.mbamupdates.com
https://keystone.mwbsys.com
https://data.service.malwarebytes.com
https://meps.mwbsys.com
https://keystone-akamai.mwbsys.com
https://socket.malwarebytes.com
https://sirius.mwbsys.com
https://hubble.mb-cosmos.com
https://blitz.mb-cosmos.com
https://cdn.mwbsys.com
https://ark.mwbsys.com

All are port 443 outbound.

 

Share this post


Link to post
Share on other sites

We were able to get them working but needed to move any ones that were in the default policy to a new policy and "REBOOT"

A few of them we had to uninstall and reinstall twice to get it to work

We used the WEB installer

Share this post


Link to post
Share on other sites

Miraculously, this product started working this morning when I turned on my computer.

What I hope that doesn't indicate is that a full shutdown is required...  that would be ludicrous for a managed environment.

Share this post


Link to post
Share on other sites

Do you have another machine presenting the same issue? I'd like to test if restarting the MBCloudEA service is what will fix it without a full restart.

Share this post


Link to post
Share on other sites
7 hours ago, kahml said:

Miraculously, this product started working this morning when I turned on my computer.

What I hope that doesn't indicate is that a full shutdown is required...  that would be ludicrous for a managed environment.

As we mentioned when you first install, move the endpoint out of the default policy and you have to restart, we are pretty sure that it has to do with the .Net 4.2 install. The ones that did not have to install the .Net 4.2 connected right away after being moved out of the default policy and .Net is more of a windows thing then Malwarebytes....

 

If we follow this everything works fine.

Share this post


Link to post
Share on other sites

I'm using Ninite Pro (cloud version) to handle third-party patching.

The test clients that I used for this trial are on Lenovo equipment.

The Lenovo system updater requires the latest .Net , so they were already at 4.6.2.

Share this post


Link to post
Share on other sites

Hi, 

I'm also having the issue where tasks are not running - just sitting in pending. I've performed all of the suggestions here, creating a new policy, enabling end point protection but it's not working. I've also confirmed the proper .NET framework is installed. Finally I'm not blocking outbound connections to the required sites. 

Is there anything else I can do to get this to work?

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.