Jump to content

event viewer logging MBAM issues


Recommended Posts

I have my multiple endpoints logging bunches of issues.......can anyone tell me whats going on please. 

2017-11-09 07:27:44,011-07:00 [26] WARN  MBAMPlugin Unable to get anti-exploit advanced techniques from mbam

2017-11-09 07:16:30,729-07:00 [22] WARN  MBAMPlugin Unable to get anti-exploit advanced techniques from mbam

2017-11-09 07:16:20,121-07:00 [26] WARN  MachineImpl Computer is registered on a domain, but that domain is currently unreachable System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: The requested authentication method is not supported by the server.
 ---> System.Runtime.InteropServices.COMException: The requested authentication method is not supported by the server.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
   at EAEngine.MachineImpl.GetNameAndNics()

2017-11-09 07:16:19,341-07:00 [26] ERROR PolicyHandlerWeb Error getting verion information from sirius. Attempting to continue with existing plugins
System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at EAEngine.Policies.PolicyHandler.<InstallPlugins>d__14.MoveNext()

2017-11-09 07:16:19,341-07:00 [26] ERROR SiriusWrapper Error loading package information from sirius
System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sirius.SiriusClient.<CheckForUpdates>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at EAEngine.SiriusIntegration.SiriusWrapper.<GetPluginVersionInfo>d__19.MoveNext()


2017-11-09 07:16:14,957-07:00 [26] ERROR EAWebClient Error PostWithRetryForever
System.OperationCanceledException: The operation was canceled.
   at System.Threading.CancellationToken.ThrowOperationCanceledException()
   at Polly.Retry.RetryEngine.<ImplementationAsync>d__1`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Polly.Policy.<ExecuteAsync>d__100.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at EAEngine.Http.EAWebClient.<PostAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at EAEngine.Http.EAWebClient.<PostWithRetryForever>d__20.MoveNext()
 

 

Link to post
Share on other sites

Received reply from support this morning....simply telling me the following:
 

Quote

 

 

I replied with a screenshot of the .net 4.7 installed.and told him i used the full mbam installer on all my endpoints and asked if the pre-requisite installer wasn't supposed to check - install anything that mbam will need to run correctly. 
Also asked if the FRST logs i sent in show wats running and installed, Which to me answered the 2 questions i was asked in the 1st reply to my support case !!
so now ill wait another 24 hours plus to hear their reply.

 

Link to post
Share on other sites

Finally received a reply just now, asking me to run the FRST and send the logs to support !!  Which i did when requested to do last Friday. My confidence in support is weaning day by day, seems like i'm getting the same canned reply to all my tickets and like today a second time asking for the same info tells me the support thread / emails are not being read.

Link to post
Share on other sites

Update: I managed to get tech support and they did a remote session to a couple of the effected endpoints. After some troubleshooting i was assured that all protection was enabled and running correctly and that the events were "background noise"  He tested on his VM and changed the startup type to delayed and received no more of these events. Mentioned that many people had reported the issue and dev was working on a solution>

Link to post
Share on other sites
  • 2 months later...
  • Staff

This is unimportant info from an attempt to update the plugin, that update was probably pulled. The "WARN  MBAMPlugin Unable to get anti-exploit advanced techniques from mbam" bit refers to a time when the MBAE advanced settings pieces were not yet part of the cloud portal. The rest looks to coincide with the updates that were taking place in early Nov to move the plugin from 3.0.6 to 3.1.8. The Endpoint Agent service, despite a few changes here and there in other updates to tone it down, writes with extreme verbosity to Event Viewer. Real product issues will be located in the program's own logging information. Event Viewer info is not really used by us for diagnostics.

Link to post
Share on other sites

Hello all.  I was experiencing the same issue on a single Windows 8.1 workstation on a domain.  The station was visible in the cloud console, but it wouldn't show any info.  I uninstalled/reinstalled MBEP, removed all traces of it in the registry and file system, and nothing helped.  I also noticed that I was getting seemingly unrelated GroupPolicy EventID 1090 errors and was unable to view RSoP info, possibly due to WMI errors.  As this was a legacy client that I inherited from a completely incompetent IT provider, I decided to reset some key items using Tweaking.com's Windows Repair to make sure all services were set to their defaults.  So I ran the following repairs:

Reset Service Permissions
Repair WMI
Repair Hosts File
Remove Policies Set By Infections
Restore Important Windows Services
Set Windows Services to Default Startup

After repair and rebooting, I right-clicked on the MBEP icon in the System Tray and the "Start Threat Scan" message came up (I usually use this as a quick way to determine if it has initially synced with the cloud console and installed all components).  I then checked the console and the station was there and all station info was now populated.  Lastly, my Group Policy issues were also resolved.  Now all i have to do is cancel my support ticket with MB.

Hopefully this helps.

Robert


 

Edited by rramin
Wasn't done.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.