Jump to content

Inherited Management Console


Recommended Posts

I have recently inherited an installation of Management Console.

There are 190 clients utilizing this installation.  One is not showing a database version.  Multiple are not scanning nightly (some show that the scheduled scan was successful in the logs). But, the database versions are updating successfully.

I would like to accomplish 2 tasks.

1)  Get all of the clients so that they are scanning successfully (As specified in the policies)

2)  Generate a log of clients that have not scanned.  

For number 2, the installation is using the embedded database.  I am attempting to log in using sqlcmd but it says that I cannot connect to the scdb.mdf file as I do not have permissions under the current security context.  What are the default logins to the database, so that I can query the data?

Thanks.

Link to post
Share on other sites

Ok... Here is an update.  

I installed SSMS on the box and logged in using the service account in order to give myself access to the database.  

I then created a command line using sqlcmd to generate a report of clients that had not scanned in 24 hours and added this to scheduled tasks.  #2 above is done.

I had one client not showing a database version.  I manually reinstalled the client on that server.  This resolved this client.  It is scanning based on policies.

Only issue left is getting all client to scan based on policies.  I am manually scanning each.  This appears to fix the policy so it starts scanning based on the schedule again.  

I noticed that the time zone on the server was central rather than eastern.  I switched it back to eastern.  Now it appears that my session in the Management console times out as soon as I log in.  I am thinking about increasing the timeout on the management console.  Any issue with that?

 

Link to post
Share on other sites

You do not need to run database queries.  In Client/Client View, if you click on the column Last Scan Time, it will sort the column.  You can easily see clients not-scanned at top of list.

I would suggest rebooting the server to ensure the running service picks up the correct system time.

If you have 'inherited' a system, please check you are running current version of Management Console/Packages, which is 1.8.

Whilst I am on staff, I am not in the support team, so I hope the above gets you moving a bit. 

As per other post, as a subscribed customer please use SUPPORT.MALWAREBYTES.COM for better support turnaround.  You will get  a tracking number/email you can respond into for each ticket etc.

 

Link to post
Share on other sites

The current version is 1.8.0.3443.

I have bounced the box and it has not changed anything, beyond exhibiting other bizarre behavior (until I bounced it again).

I have submitted 3 tickets since 10/12/2017.  What type of turn around time should I expect?

Running a sqlcmd allows me to have the report that you are showing above emailed to me automatically rather than Logging into the console and manually exporting the client list daily.  It does not appear that the Management Console has the ability to create proactive reporting.

Link to post
Share on other sites

@DBPaul, I understand your wait has been frustrating. To be upfront with you, our reply time has suffered in the wake of hurricane Irma hitting one of our offices where a decent portion of our B2B support staff works. Whiile those folks were unable to work, the case load had increased to the point where we were, and still are, playing catch up. The response time is usually much better, but right now direct case emails and forum replies are behind.

And yes, you are correct, the reporting in the console is not customizable at all or exportable. I've mentioned this here:

And here:

The report panes are live SQL queries ran each time you click that category or login and land on the Home pane. To go custom in your reporting would require you accessing the SQL directly as you have been doing. We are also free to share the DB's schema if you need it for your query writing. Here's the database schema for console 1.8 - https://malwarebytes.box.com/s/yzov412l8bydq85v5j5kx82ifhnrqz00

Our SQL connections are like this: 
External SQL use allows for remote connections but you must use an SQL logon, no Window's credentials are supported in this mode.

Embedded SQL does not allow for remote connections at all, you must perform the commands locally to the server with the SQL Express DB install. Window's credentials are supported in this mode. If your current account does not have permissions over the embedded DB, run this script (make sure to right clicked as admin), as written by Microsoft, to grant SQL DB permissions to the user who is running it.

Add Self to SQL - https://malwarebytes.box.com/s/f3eu99g8f6p00xvyftt4uttu7nwd1d1

Edited by djacobson
Link to post
Share on other sites

Dyllon,

Thank you for your response.  I have gotten past the reporting issues.  I have a windows scheduled task running a sqlcmd to send me the reporting that I was looking for.
 

My remaining issue has to do with scheduled scans.  I have 60+/- clients that are not scanning based on schedules set in profiles.  Some show scan started in the logs but it never updates in the console.  On the clients some show that MBAM crashed others show 6-9 MBAM processes running.  These are mission critical servers and I am not near a maintenance window to bounce the boxes to troubleshoot the issues.  Some begin scanning again when a manual scan is forced.  Others never scan again.  Reinstalling the client resolves some, others lose the database version information when the client is reinstalled.

Link to post
Share on other sites

VB6 error, got it. I'm wondering if you're hitting a desktop heap memory issue, I take it these servers are up for a long amount of time? If that's the case, Anti-Malware may be unable to being its scanning if the heap memory is low. The more user profiles tied to the machine, the worse it can be. Big symptoms start around 80 roaming profiles. Are these in a terminal services role at all?

Link to post
Share on other sites

  • 2 weeks later...

Sorry I didnt get back on the Forums.  I was working this through email with support.

Some have TS role others do not.  I noticed that reinstall and restart of some servers resolves the issue.  Others it does not.

These are mission critical boxes so, restarts need to be scheduled and are generally once a month.  Individually reinstalling on each of these (190) boxes cannot be done in the maintenance window.

Link to post
Share on other sites

  • 2 weeks later...

@DBPaul

Does your error look like this?

image001.png.fc2ab1372a0948ac6bbefcc9646c298b.png

All the server's in TS roles need to have the realtime protection pieces disabled, you can only use the scanner for these. The TS role is not supported by the realtime engine.

I do think the scan issue is related to desktop heap memory, the longer the system is up, if Anti-Malware 1.80 hits about 60-100 scans in a row, it will crash as there is a known active X object load limit of instances for Anti-Malware. There is no way to reset desktop heap memory without a reboot. There used to be a tool that Microsoft had but it doesn't support any OS past XP and server 2003.

We may need to move you to the Malwarebytes Incident Response product version for your servers, this scanner tool does not have the same load limit issue, to be upfront though, it is more hands on as it is a command line tool.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.