Jump to content
likwyd

Offline clients keep listing (DNS flush not a fix)

Recommended Posts

I currently have 15/38 endpoints showing as offline.  This seems to randomly happen on occasion and a reinstall has previously worked, but not this time.  I flushed the DNS on a few, as suggested in the FAQ but, it did not help.  I tried using the deployment tool to uninstall and reinstall.  The tool showed that everything was a success but, still, they listed as offline.  So I remote in to one of the endpoints to try a manual re-install.  Attached are the results of an error upon uninstalling the Endpoint Agent.  The endpoints in question are all running Windows 7 64 bit.  The endpoints online are also the same except for one (1) 32 bit machine and one (1) mac.  No proxy and no outgoing limitations on firewall.
Is anyone else having this problem?

MWB error.png

Malwarebytes_Endpoint_Agent_and_.NET_system_prerequisites_installer_20171003101108.log

Share this post


Link to post
Share on other sites

I only have 52 of 113 endpoints showing, rebooting doesnt help, flushing DNS doesnt help, sometimes reinstalling helps, but sometimes not.

I see the last time any of them were online they all did a "Agent Information Posted" like 6x before finally going offline for good. I am currently working from one of the machines that it says is offline.

I wish there were admin utilities on the cloud to ping the endpoints or perform basic tasks.

Share this post


Link to post
Share on other sites

I just tried uninstalling an endpoint that had the same symptoms, appearing offline in the cloud, and got the same error when trying to uninstall it.

 

Did you figure that one out?

Share this post


Link to post
Share on other sites

Not quite yet.  This morning I now have 30/39 "offline", including my workstation.  I also had a Power Kernel issue last night that caused a reboot.  While checking Event Viewer for why, I noticed that Malwarebytes Endpoint Agent had a side by side issue.  I cannot get the service to start because apparently its side-by-side configuration is incorrect.

Share this post


Link to post
Share on other sites

Yes, whatever the problem is appears to be causing a blue-screen (Power Kernel Issue) which then borks the Malwarebytes installation. I had to system restore to a date prior to the kernel power event, then I was able to uninstall the endpoint agent but couldnt uninstall the Malwarebytes 3.1.8 installation the agent installed. I reinstalled the full installation and now it all appears to be ok except I STILL don't have permissions to change anything in the /Program Files/Malwarebytes/Anti-Malware folder. I was missing the unins000 files so it couldnt uninstall, but when trying to copy the files from another install into that folder I get an access denied message. When I try to do it from command prompt in safe mode I get the same error and when I try to take ownership of the folder it tells me I need permission from myself to make changes. I have the only account on the machine and it is an administrator account but still I can't make changes or delete the folder.

 

This leads me to believe that even though the agent is running, the actual scanning portion of the software is not running, and since there is no way for end-users to see if it's working, I'm guessing it is not working.

Extra fun is that I cannot properly uninstall this without a system restore.

Share this post


Link to post
Share on other sites

Looks like my posts are being deleted, awesome support right there.

I'm formatting and reinstalling my system, appears to be the only way to successfully remove the software.

Share this post


Link to post
Share on other sites

I just restored to before the kernel power issue.  Also, I tried to recover unins000.dat and unins000.msg from Veeam backup.  Access denied.

Share this post


Link to post
Share on other sites

Yeah same problem here. Something takes ownership of that folder and just blocks everyone and everything from doing anything in that folder. Which probably means any definition updates aren't being processed etc. etc.

I would maybe try to restore to before you installed MWB to see if you can get the folder to go away, it seems to be an old version anyways, the standalone client was at version 3.2 which i uninstalled when installing the endpoint agent. Not sure if it's deploying old software or they just haven't updated their package names.

Either way, we have no way of knowing if the software is actually running, just the endpoint agent (maybe) is running.

This whole thing just seems like a hot-mess that we are beta-testing in live corporate environments.

 

Share this post


Link to post
Share on other sites

Likwyd sorry to hear you are experiencing this

Can we please try the following and let me know if you are able to reinstall successfully?

Please use the following clean tool to uninstall all of the Malwarebytes products currently

https://downloads.malwarebytes.com/file/mb_clean

Run this once with the GUI as an administrator then allow the machine to restart

Once the machine is back up please run this again, this time from an Admin CMD prompt window with a /cloud switch following the .exe file path

Again allow the machine to restart

At this point we should be cleared of old installs and ready to re-install with the package, please let me know if the problem persists

Share this post


Link to post
Share on other sites

KDawg, thanks for your response.
I followed your instructions and the log reflects errors uninstalling everything completely. Malwarebytes EndPoint Agent and .NET system prerequisites installer is still listed in Programs.  Log file attached.  I have not tried to reinstall anything.  Waiting on your reply first.

mb-clean-results.txt

Program Files still has both Malwarebytes and Malwarebytes Endpoint Agent folders with contents.

Edited by likwyd
Update

Share this post


Link to post
Share on other sites

From your log file it looks like the uninstall program is failing to do what we tried to do manually. Can't take permission of the folder to delete the contents, and because the folder isn't empty it can't delete it.

 

Thanks for testing that out before I ruined another system!

Share this post


Link to post
Share on other sites
7 minutes ago, IT_Guy said:

From your log file it looks like the uninstall program is failing to do what we tried to do manually. Can't take permission of the folder to delete the contents, and because the folder isn't empty it can't delete it.

 

Thanks for testing that out before I ruined another system!

Thing is, it did delete a lot of the files (comparing to backup), just not all of them.  Question is, why not?

Share this post


Link to post
Share on other sites
1 minute ago, likwyd said:

Thing is, it did delete a lot of the files (comparing to backup), just not all of them.  Question is, why not?

Yup, good question, mine was able to delete the whole endpoint folder and the unins000 files out of the malwarebytes anti-malware folder but that was it. Everything else was access-denied. I tried taking ownership and it told me I needed permission from myself to do that and access was denied. I tried going into safemode and removing all attributes and access was denied. I tried renaming the folder in safe mode and access was denied.

 

On the upside I'm 80% of the way reinstalling this machine that I was working on...

Share this post


Link to post
Share on other sites

This is we believe this may be an issue on our side with the Boomerang Error, this has been escalated to our development team and we should have an update on what is going on shortly.

Share this post


Link to post
Share on other sites

Is there any update on this?  This software was expensive, which is not my biggest concern, but it's time consuming, which is one commodity that I DON'T have.  I am beginning to notice a trend with this company, between the cloud solution and the other server based solution, corporate environments is not their strong suit and I don't take kindly to being BETA testers without knowing this up front.

Rob

Share this post


Link to post
Share on other sites

Agreed. I've got 30+ endpoints that have been offline for more than 2 weeks. I know the users are here and working so something is wrong with the installation.

 

If I have to spend an hour uninstalling and reinstalling everything that's 30 hours or about 50% of my week wasted redeploying this software.

 

Share this post


Link to post
Share on other sites

I was told by TS " I am being told that the clients showing up offline issue, has now been resolved and you should no longer be experiencing this. ".  I have responded by saying not true, but wanted to hear if any of you have been able to get theirs back up?

Share this post


Link to post
Share on other sites

I'm still showing 27 offline for 7+ days.

 

I have 60 online and 52 offline right now, 60 online is probably the highest I've seen it since I started it. I have a feeling a lot of workstations didn't install correctly or were corrupted.

Share this post


Link to post
Share on other sites

We have deployed to 80 PC's

We're into a daily routine of...

 

1. selecting all the 'offline' clients in the cloud console

2. pinging those PC's showing as offline - to see if they really are offline

3. for the PC's that are actually on, I connect remotely to their service console and 9 times out of 10 find that the Cloud Agent Service has failed to start when the user booted

4. I remotely restart the cloud agent service, and that typically gets the PC showing back online in the cloud console

5. where this happens more that twice on the same PC - I  do a full uninstall/cleanup and a fresh re-install locally under the local admin account.

At the rate we're going it won't be long until I'll have ended up doing a uninstall/cleanup/re-install on the entire user base

 

I, along with the other IT admins here, frankly have better things to do with my time.

 

Share this post


Link to post
Share on other sites
3 hours ago, wiggy said:

We have deployed to 80 PC's

We're into a daily routine of...

 

1. selecting all the 'offline' clients in the cloud console

2. pinging those PC's showing as offline - to see if they really are offline

3. for the PC's that are actually on, I connect remotely to their service console and 9 times out of 10 find that the Cloud Agent Service has failed to start when the user booted

4. I remotely restart the cloud agent service, and that typically gets the PC showing back online in the cloud console

5. where this happens more that twice on the same PC - I  do a full uninstall/cleanup and a fresh re-install locally under the local admin account.

At the rate we're going it won't be long until I'll have ended up doing a uninstall/cleanup/re-install on the entire user base

 

I, along with the other IT admins here, frankly have better things to do with my time.

 

I did this and had 4/15 able to restart services and connect.  So far 1 out of those 4 have successfully scanned for threats (if that's true).

The other 11 that gave side by side errors while trying to restart services, I am currently working on re-installing the whole malwarebytes package.  So far, the first two have succeeded. **This is only possible because of Revo Uninstaller**  Without this, I would not be able to uninstall anything.

Anything that has shown up as online in the dashboard I have started a manual threat scan and I will update tomorrow if/when scheduled scans do their thing or not.

Share this post


Link to post
Share on other sites

We are still currently investigating the side by side errors, we have re-enabled boomerang with a fix.

If you are experiencing offline clients please use our clean tool below:

https://downloads.malwarebytes.com/file/mb_clean

From an administrator command prompt run the .exe with a /cloud switch please allow the restart.

Once cleaned please re-install with the prerequisites exe from your cloud console Endpoints > Add

 

If the clients still has any issues or you get a side-by-side error please let me know, or update your current service case.

Share this post


Link to post
Share on other sites
15 hours ago, KDawg said:

We are still currently investigating the side by side errors, we have re-enabled boomerang with a fix.

If you are experiencing offline clients please use our clean tool below:

https://downloads.malwarebytes.com/file/mb_clean

From an administrator command prompt run the .exe with a /cloud switch please allow the restart.

Once cleaned please re-install with the prerequisites exe from your cloud console Endpoints > Add

 

If the clients still has any issues or you get a side-by-side error please let me know, or update your current service case.

Does this cleaner work now?  I have tried it on multiple machines and it never seems to get everything.  It says it does but when you go to reinstall it asks to remove malwarebytes.  Which of course, I just did.

Share this post


Link to post
Share on other sites

Please run from admin command prompt, with the /clean switch after the .exe

A good indication it was successful is it will request a restart which you should allow.

Please PM me if you are still having trouble uninstalling.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.