Jump to content

PCs in the wrong OU / question about not installed correctly Malwarebytes


Recommended Posts

Long story short, we found out about a month ago that we weren't installing Malwarebytes Anti Exploit and Anti Malware correctly. Instead of following the gold image rules (can't be connected to the internet), we just installed Malwarebytes onto the gold image with internet and it's duplicated IDs not registering with the Management Console properly. Since then i've been tasked to remedy this issue. We currently have approximately 800 PCs.

In Management Console under the Client tab, there is "Ungrouped Clients" and our OU group. For some reason, several of the PC's will show up in "Ungrouped Clients" even though in AD the PC shows up in the correct location. Trying to move the PC into the correct group is not possible as the options are grayed out. Why is this and how do i fix this issue? I've tried syncing the Domain query account but the PC still won't populate in the correct location. We just updated to version 1.8.0.3443 but it has yet to fix the issue. 

The second issue is we are trying to figure out the easiest method of fixing the unregistered PCs in our domain due to the improper method we used to install Malwarebytes on the gold image. We currently have PDQ Deploy and ManageEngine and both are capable of removing and installing the software. Only when given access to the Malwarebytes Management Console did i realize there is an option to do the "Client Push Install." I saw that user djacobson posted this:

"An additional item to note, based on the upgrade tactic you've chosen with KACE, when you use the offline installer package through a third party push tool (GPO, SCCM, KACE PDQ Deploy etc), you cannot install the upgrade over the top of the existing software. You must first uninstall the current builds, reboot the machines, and then deploy the upgraded build through your chosen tool. Only the built-in push tool within the console can upgrade client builds over the top of the existing install."

So i know that on the client PCs there is a SCComm file and values are automatically inputted in. From what i know, the "ServerRef" and "Policy" values will stay the same across all the PCs and the "Client" value should vary for the PC. My question is does the 'Group" value vary for every PC? If i apply the "Client Push Install" on all the PCs in our domain, will this fix the deployed cloned pcs we have,  register new values into the SCComm file, make the PC go from unregistered to active in Management Console and  or will i have to run the Malwarebytes removal tool first?

Link to post
Share on other sites

In addition to this, I played around with upgrading the previous Malwarebytes build with the push to client option, and in the management console the shield shows offline. "Anti Exploit Protection Module" is off. If go to the PC, MAE is running fine and is on the latest build, 1.10.2.41. Rebooted the PC and it still shows MAE is offline, but the PC has it online.

 

I've tried removing the software with the Malwarebytes removal tool, reinstalled through the push to client with the same issues. Tried this on about 10 PCs, all have the same result. 

 

MAE on PC.png

 

MAE.png

Edited by wiile
Link to post
Share on other sites

Hello @wiile, there is definitely some work ahead to fix this. The two main portions to do are to change the ID's but keep the communication info the same and clear the duplicates from the Database.

We will create a generic sccomm.xml file and swap that file out from the PC's that are duplicated. You finding that file is the correct move, though there is more to consider. We must also remove the machine entries from your SQL or they will just end up receiving the same ID. Do you have SQL Management Studio installed?

Link to post
Share on other sites

The second question regarding MBAE, those machines likely need to reboot. Your console does not deploy version 1.10.2.41, so those machines in the screenshots have just upgraded, try a reboot to let that upgrade finish. It should then post a correct status to the console.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.