Jump to content

Running Tasks in Endpoint Protection


Recommended Posts

I am running a trial of the new Malwarebytes Endpoint Protection on my own computer.

I have installed the agent and it shows active in Services; however, I have submitted three activities:  Check for Updates, Refresh Asset Info, and Threat Scan.  After more than four hours they are all still in the "Pending" status.

What does it take to activate these - because I can't seem to find a "scan immediately" option?

Thanks!


 

Link to post
Share on other sites

  • Staff

Hi @kahml are you still using the default policy or have you set up your own policy yet? The program's initial install during deployment is only the communicator and the platform. You'll need to flesh out a group and policy, with the pieces of the software which will actually do the protection and scanning, set to be pulled to the endpoint by the communicator/platform piece.

Link to post
Share on other sites

  • Staff

Extremely. I am actually working on KB's that will go over initial setup and configuration. I apologize that you got trapped in that. Hop into your default policy, go to the endpoint protection section, and turn on the main piece. Once that is done, all the machines tied to this policy via the group will then pull down the protection pieces, from there they will then be able to process what you've asked them to do.

Also be aware that the Anti-Ransomware portion does not support server OS at all. Any servers you have are going to need their own group and policy with the Anti-Ransomware portion turned off.

Capture.JPG.8216748e7a0289413e642fa636511296.JPG

Link to post
Share on other sites

But with some further poking around, I found the Logs in the ProgramData folder and there seems to be a problem posting data back to the web:
 

2017-08-29 20:38:31,724-04:00 [39] ERROR EAEngine Error posting to Nebula. Url:/api/v1/machine/results
System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed to /api/v1/machine/results. Http Code: 400 Reason:Bad Request
    Body Response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidArgument</Code><Message>Unsupported Authorization Type</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOiIyMDE3LTA5LTEyVDE2OjMzOjQzWiIsInMiOjIsInYiOjEsInQiOiJtYSIsImtpZCI6ImRlZmF1bHQiLCJkIjp7ImFpZCI6ImY5NGFlOGY3LWFkZWQtNGJmNC1hMmRhLTQ3YThkNmE2NmFlOSIsIm1pZCI6IjNhZTFiMDE0LTlkY2ItNDBkYy04MWIyLTQ4MWFmM2NhM2Y0OSJ9fQ.dZ9706B1YJ2MNnS6BrOn8kMEnc17a53PUztRkEfWzfQk1MIKClcRUZzZqAD1M24Lx_euYJaMmdEpv_Cl4kGgFw</ArgumentValue><RequestId>180DBB2DC9D521D7</RequestId><HostId>knF1DHsLsDx5FL1ujJ5cl7PVjSZ0BQ5/CeGPkvGxvl3U7WiyRiUv833Ih4k5z3Dl+32FlCUOlI8=</HostId></Error>
   at EAEngine.Http.EAWebClient.<EnsureSuccessStatusCode>d__20.MoveNext()

 

And this is repeated on and on...

Link to post
Share on other sites

We are seeing the same thing and we have already created a Non-Default policy and group. Seeing the same thing in each of the endpoints logs as well. All the endpoints show online but console gives us

"Unable to retrieve endpoint agent information.

If the problem persists, contact Malwarebytes support."

Link to post
Share on other sites

OK, so I created a test group and a test policy - still no dice.

So I deleted this computer from the console and then ran the MBAM clean utility (I had previously had the business edition installed) and rebooted.

This time, I used the Discovery Tool to install and found - based in the logs - that this is working, but it simply cannot post the data to the web.

Zipped logs are attached if there is someone who can review them...

Logs.zip

Link to post
Share on other sites

  • Staff

Has everyone here completed their external access requirements?

You can be found in the admin guide on page 2 - MBQSG.pdf

and in our KB area here - https://support.malwarebytes.com/docs/DOC-1760

External Access Requirements - If your company’s Internet access is controlled by a firewall or other access-limiting device, you must grant access for endpoint agents to reach Malwarebytes services.

https://cloud.malwarebytes.com
https://telemetry.malwarebytes.com
https://data-cdn.mbamupdates.com
https://data-cdn-static.mbamupdates.com
https://keystone.mwbsys.com
https://data.service.malwarebytes.com
https://meps.mwbsys.com
https://keystone-akamai.mwbsys.com
https://socket.malwarebytes.com
https://sirius.mwbsys.com
https://hubble.mb-cosmos.com
https://blitz.mb-cosmos.com
https://cdn.mwbsys.com
https://ark.mwbsys.com

All are port 443 outbound.

 

Link to post
Share on other sites

7 hours ago, kahml said:

Miraculously, this product started working this morning when I turned on my computer.

What I hope that doesn't indicate is that a full shutdown is required...  that would be ludicrous for a managed environment.

As we mentioned when you first install, move the endpoint out of the default policy and you have to restart, we are pretty sure that it has to do with the .Net 4.2 install. The ones that did not have to install the .Net 4.2 connected right away after being moved out of the default policy and .Net is more of a windows thing then Malwarebytes....

 

If we follow this everything works fine.

Link to post
Share on other sites

  • 3 weeks later...

Hi, 

I'm also having the issue where tasks are not running - just sitting in pending. I've performed all of the suggestions here, creating a new policy, enabling end point protection but it's not working. I've also confirmed the proper .NET framework is installed. Finally I'm not blocking outbound connections to the required sites. 

Is there anything else I can do to get this to work?

Thanks!

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.