Jump to content

Recommended Posts

Have begun roll out of EP and IR to our ~150 machines to varying degrees of success.

Issue we are having is none of our Mac endpoints are reporting to the Cloud Console. All I see is the attached error.

I currently have 5 Macs registered but the plan is to roll that out to our 20+ machines.

All of the Macs are in their own group with their own policy that has IR turned on and EP turned off.

On the client side I have tried turning the Firewall on and off on.

I also understand from doing some research that the logs that might tell me what is wrong are located here /Library/Application Support/Malwarebytes/NebulaAgent/Logs

Such a folder does not exist. On the client machine there is only "Malwarebytes Endpoint Agent" folder located within "Malwarebytes" folder. This folder does contain a Logs folder however.

 

MacMalwarebytesError.JPG

Link to post
Share on other sites
  • 2 weeks later...
  • 1 year later...
  • Staff

Look at latest version of manual - Malwarebtyes Cloud Adminstrator Guide, page 3

Mac Endpoints directories

/var/log/com.malwarebytes.EndpointAgent.log

/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent 

/Library/Application Support/Malwarebytes/Malwarebytes Endpoint 

/Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist 

Your symptom means the Malwarebytes Endpoint Agent is not in communication with Cloud Management.  A 'good' entry for agent reporting looks like this:

2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO    NebulaWebService: postAgentInfo:
2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO    URL: https://cloud.malwarebytes.com/api/v1/machine/results
2018-11-19 19:13:01.029 EndpointAgentDaemon[101:613] INFO    parameters: {
    data = "{\"schedules\":[],\"engine_version\":\"1.5.0.121\",\"object_guid\":\"\",\"os_info\":{\"os_platform\":\"MacOS\",\"os_architecture\":\"amd64\",\"os_version\":\"10.13.6\",\"os_release_name\":\"macOS High Sierra 10.13.6\",\"os_type\":\"workstation\"},\"policy_etag\":\"3a403b2ecafe4a3e7b398b16858b8f7b\",\"nics\":[{\"description\":\"en0\",\"ips\":[\"10.0.0.1\"],\"mac_address\":\"C4:B3:01:BA:26:5B\"}],\"tray_version\":\"1.5.0.108\",\"object_sid\":\"\",\"plugins\":[{\"plugin_version\":\"1.5.58\",\"product_name\":\"Incident Response\",\"sdk_version\":\"macosx10.13\"},{\"plugin_version\":\"1.5.59\",\"product_name\":\"Asset Manager\",\"sdk_version\":\"macosx10.13\"}],\"culture\":\"en_US\",\"host_name\":\"RMT-3019\",\"time_zone\":\"Australia\\/Melbourne\",\"fully_qualified_host_name\":\"RMT-3019.local\"}";
    "duration_seconds" = 0;
    "job_id" = "";
    "schedule_etag" = "";
    "started_at_local" = "2018-11-19T08:13:01+11:00";
    type = "AGENT_INFORMATION";
}
2018-11-19 19:13:01.031 EndpointAgentDaemon[101:613] INFO    EndpointAgent: Boomerang connected.
2018-11-19 19:13:01.543 EndpointAgentDaemon[101:613] INFO    EndpointAgent: Update agent info successful!
2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO    AgentSettings: Reading custom settings.txt file...
2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO    AgentSettings: Using external setting: NebulaUrl=https://cloud.malwarebytes.com
2018-11-19 19:13:01.555 EndpointAgentDaemon[101:613] INFO    AgentSettings: Using external setting: AccountToken=b1db5245-b788-4950-8c8b-xxxxxxxxxxx
2018-11-19 19:13:01.568 EndpointAgentDaemon[101:613] INFO    PluginManager: setPluginLogLevel: INFO  
2018-11-19 19:13:01.568 EndpointAgentDaemon[101:613] INFO    PluginModule: Setting plugin log level to: INFO  

Edited by AndrewPP
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.