Jump to content
IT_Guy

Website Blocked 255.255.255.255

Recommended Posts

ive currently got 3 pcs with this issue.......lost IP / blocked from dhcp or unable to renew..not sure. And yes, remote locations. End users telling me its grabbing internal 169. IP
 

This is making me really nervous..really ! nervous. The 3 pcs in question had another hour and a half in their work day so i was able to talk my way into waiting till morning....that said...if this had have been any of  my 24hr dispatch center pcs id have been dead in the water. !

 

Share this post


Link to post
Share on other sites

Yeah I noticed that immediately yesterday, this was the DHCP heartbeat. Once MWBEP blocked that, it blocked its own network connection and made it impossible to connect to its DHCP server and thus blocked itself from the internet and any potential solution that could be pushed.

 

You will probably have to add 255.255.255.255 port 68 and 17500 to your exception list so the machines can process the update, then you can remove it.

Share this post


Link to post
Share on other sites
26 minutes ago, IT_Guy said:

You will probably have to add 255.255.255.255 port 68 and 17500 to your exception list so the machines can process the update, then you can remove it.

After you give it a static IP just so it can get on the internet again. ;)

That is a perfect example that I spoke of a few months ago why I need the option to be able to add exceptions and do "things" at the PC.  Having a "slave only" application sounds nice, but never works out appropriately.

 

I was fortunate that my remote office has enough guys that can connect to their phones long enough for me to remote in and "fix" these machines.

Share this post


Link to post
Share on other sites

Yeah, depending on the security level of your end users and their competency you can try getting them to assign themselves static IP addresses.

I was thinking from the cloud end you could fix it but your way works from the other end as well.

Share this post


Link to post
Share on other sites
1 minute ago, IT_Guy said:

I was thinking from the cloud end you could fix it but your way works from the other end as well.

Can you fix it from the cloud end if the PC can't connect to the internet to get the update?

Share this post


Link to post
Share on other sites

Oh yeah! Only had one cup of coffee so far this morning, you're right. Once it processes that command it won't be able to get onto the internet again.

 

I need to go check my DHCP boxes!

Share this post


Link to post
Share on other sites

 

1 hour ago, IT_Guy said:

Yeah I noticed that immediately yesterday, this was the DHCP heartbeat. Once MWBEP blocked that, it blocked its own network connection and made it impossible to connect to its DHCP server and thus blocked itself from the internet and any potential solution that could be pushed.

 

You will probably have to add 255.255.255.255 port 68 and 17500 to your exception list so the machines can process the update, then you can remove it.

 

That makes perfect sense !
What a cluster F%*k !! I had to get in early today and drive out to 3 of my remote areas where the 3 offending pc's were offline.Did NOT make me look good to have this happen only 2 weeks after going live !! On top of all that it turns out my "endpoint overview" does not display signature version / date so i had no clue what endpoint was getting wat version and had to jump through hoops running around with the mb-check tool.
Capture.thumb.PNG.4ece42bbefbc16177190ec8507ea915b.PNG

 

Share this post


Link to post
Share on other sites

Thanks for pushing the fix out. Our accounting department got the message first and freaked out. I turned notifications off as soon as I saw what address was being blocked. Thanks for the timely update, and admission there was an issue to be fixed. It makes life so much easier knowing right away where the problem was.

Share this post


Link to post
Share on other sites
1 hour ago, TonyCummins said:

 

 

That makes perfect sense !
What a cluster F%*k !! I had to get in early today and drive out to 3 of my remote areas where the 3 offending pc's were offline.Did NOT make me look good to have this happen only 2 weeks after going live !! On top of all that it turns out my "endpoint overview" does not display signature version / date so i had no clue what endpoint was getting wat version and had to jump through hoops running around with the mb-check tool.
Capture.thumb.PNG.4ece42bbefbc16177190ec8507ea915b.PNG

 

I end up just logging in to the cloud from the endpoint so that I can verify the machine is working properly.

Share this post


Link to post
Share on other sites
4 hours ago, spnkzss said:

That is a perfect example that I spoke of a few months ago why I need the option to be able to add exceptions and do "things" at the PC.  Having a "slave only" application sounds nice, but never works out appropriately.

An API to directly interact with the clients is in the works guys.

Share this post


Link to post
Share on other sites
4 hours ago, IT_Guy said:

I end up just logging in to the cloud from the endpoint so that I can verify the machine is working properly.

No use to me when half my endpoints show grey and offline...even though they are not

Share this post


Link to post
Share on other sites
16 hours ago, TonyCummins said:

No use to me when half my endpoints show grey and offline...even though they are not

Haha yeah, true enough. I've been sorting out my workstations like that for weeks, finally down to the last few machines.

It's handy having the offline for 7+ days, I filter that list and start at the top and machine by machine, run mb_clean /cloud from an elevated command prompt, then reboot, then run mb_clean from gui, then kill the process, then uninstall malwarebytes, then delete the folders, then reinstall, then after the agent has posted the information I tell it to run an update and scan. Takes about 30 minutes per machine.

Share this post


Link to post
Share on other sites
On 11/22/2017 at 5:32 AM, IT_Guy said:

Haha yeah, true enough. I've been sorting out my workstations like that for weeks, finally down to the last few machines.

It's handy having the offline for 7+ days, I filter that list and start at the top and machine by machine, run mb_clean /cloud from an elevated command prompt, then reboot, then run mb_clean from gui, then kill the process, then uninstall malwarebytes, then delete the folders, then reinstall, then after the agent has posted the information I tell it to run an update and scan. Takes about 30 minutes per machine.

wow !!  that's quite the procedure to get them back online !  I was sent a couple of commands by djacobson that i have not had a chance to try yet but here they are

sc config MBEndpointAgent start= delayed-auto
sc failure MBEndpointAgent actions= restart/900000 reset= 120

Im not familiar with the mb_clean /cloud     Is there any documentation on the commands that can be run for troubleshooting etc?

what do you mean by "mb_clean from gui,"  Is there a tool available im not aware of ?

Share this post


Link to post
Share on other sites

@IT_Guy  Is the above information you posted something that you've discovered yourself through troubleshooting to get the offline clients back up or is that something support suggested you do?

I'm going to have to start tackling the offline endpoints on Monday and was wondering what the "correct" troubleshooting process was.
@djacobson do you know what the current situation is with the offline clients with regards to the dev team and is there a correct preferred procedure to troubleshoot this or do i just need to start a new ticket and let support figure it it?

Share this post


Link to post
Share on other sites
17 hours ago, TonyCummins said:

@IT_Guy  Is the above information you posted something that you've discovered yourself through troubleshooting to get the offline clients back up or is that something support suggested you do?

I'm going to have to start tackling the offline endpoints on Monday and was wondering what the "correct" troubleshooting process was.
@djacobson do you know what the current situation is with the offline clients with regards to the dev team and is there a correct preferred procedure to troubleshoot this or do i just need to start a new ticket and let support figure it it?

This is advice I've found through these forums, if you google for mb_clean you will find their tool for removing the software. If you go into control panel and try to just uninstall MBEPP it will fail and potentially ruin your windows installation as it tries to remove the .net framework. I had to wipe a machine because I was trying to uninstall this software.

If you search this forum for mb_clean you will probably find the original post I followed to get things uninstalled properly.

Share this post


Link to post
Share on other sites
On 11/24/2017 at 5:24 PM, KDawg said:

I generally recommend uninstalling from Add/Remove programs

Only if that fails do I recommend the clean tool

https://downloads.malwarebytes.com/file/mb_clean

Endpoints should now all be correctly showing online

Please submit a ticket if you still have online endpoints incorrectly showing off for more direct assistance

 

I was never able to successfully uninstall v.199 using add/remove programs, it would try to uninstall .net 4.7 and fail halfway killing the .net installation and not allowing anything else to install or uninstall the .net framework. I forget if it actually pooched my restore images as well but I know the only computer i tried to use add/remove programs on i had to end up reinstalling from a fresh image.

Anything running the new version shows up properly, problem is going around and removing the old version so the new version can be installed.

 

Share this post


Link to post
Share on other sites

So the 255.255.255.255:68 web block came back in my environment today.  Why is malwarebytes insisting on blocking UDB broadcast traffic?

Share this post


Link to post
Share on other sites

I just noticed this happening on all of my Endpoints this morning. I just recently moved all of my clients back over to a policy that has web protection enabled and immediately this popped up in the cloud console.

Share this post


Link to post
Share on other sites
On 2/10/2018 at 12:38 PM, Brandon_Lutz said:

I just noticed this happening on all of my Endpoints this morning. I just recently moved all of my clients back over to a policy that has web protection enabled and immediately this popped up in the cloud console.

This also began happening to us. We created an exception for 255.255.255.255 in the Cloud Console, but we would rather have not had to do that.

Share this post


Link to post
Share on other sites

Please add the exception for the 255 temporarily, we are not actually blocking but the program is incorrectly reporting such.


We have a fix in the works for this and should see it resolved soon. In the meantime adding a 255.255.255.255 exclusion will resolve.

 

 

Share this post


Link to post
Share on other sites
5 hours ago, KDawg said:

Please add the exception for the 255 temporarily, we are not actually blocking but the program is incorrectly reporting such.


We have a fix in the works for this and should see it resolved soon. In the meantime adding a 255.255.255.255 exclusion will resolve.

 

 

Wasn't this already addressed and fixed when it first surfaced back in November? why is the issue reoccurring?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.