Jump to content

Registry Exclusions not working


Recommended Posts

We are in the process of migrating over from MES to MEP.

As part of my testing, I have about 10 Endpoints that are currently running MEP. One of the first things I did when setting the policy and exclusions was that I copied over the previous exclusions we had set in MES to MEP. The exclusions were all registry key items that are defined by our domain GPO policy. I used the wildcard identifier in the string when adding the exclusions so MEP does not flag them during the daily scan.

 

The problem is that it appears that MEP is still flagging the registry items as PUM's during it's scans and is sending us the alerts via email. I've gone and double checked what it is flagging and tried adding them back as an exclusion with the wild card identifier so it does not flag it any further, however when I go to add it, it tells me that the exclusion already exists.

 

For example, the nightly scan will find the following:

HKU\S-1-5-21-237266697-803961955-1845911597-2578\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|CONNECTIONSTAB

I have this exclusion already set in my exclusion list as: HKU\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|CONNECTIONSTAB and also as:

HKEY_USERS\*\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab
 
MEP keeps flagging it and quarantining the reg entry. What is even more odd, is that it only does it for a few of the Endpoints, not all of them.  Anyone else have this happen to them? I would like  the exclusions to apply to all Endpoints, which is why I used the Wildcard in the exclusion entry. However it appears that MEP is ignoring the exclusions for some of the machines.

 
Edited by Brandon_Lutz
Link to post
Share on other sites
  • Staff

Hey @Brandon_Lutz! I got you. Let me check the endpoint's logs and see if it is successfully applying the excludes. Open an elevated CMD prompt as admin. Change the directory to C:\Program Files\Malwarebytes Endpoint Agent

  • cd C:\Program Files\Malwarebytes Endpoint Agent

Once there, run this command

  • MBCloudEA.exe –diag

That will create a folder on the desktop called MBDiagnostics. Send this zipped folder back to us here or in PM.

Edited by djacobson
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.