Endpoint Scan window

[EdwardQ]

I'm getting a few users reporting that a Endpoint Scan window popup keeps popping up on their screen.     It looks like the attached.   They would close it and it would pop back up.    What is this?

[EdwardQ]

I little more information.    I discover that this pop up in on one of our citrix servers.    I tried restarting the Services.  (Agent and Service) The window is still there..

[EdwardQ]

What ever it is.. It is still showing the same progress.

[TonyCummins]

This is the screen my end users get if the scan is initiated by them at the endpoint

 

[djacobson]

A few features that were slated for Nov. 15th had been pulled due to showstoppers. Those were fixed and sent out on Nov. 27th to finish the release update. There was a change included with the Incident Response for Windows, where a scan dialogue window was incorporated. If the user initiates the scan, they can cancel it. This is popping up on your server because one of your users started a scan.

Remove the software from your Citrix server or disable the incompatible roles. Citrix and Terminal server's can only use the Exploit protection feature, create a new group and policy for these servers and keep the Web and Malware pieces disabled as they do not support the role, and the Ransom protection should also be disabled as it does not support server OS.

[MarkFleming]

@djacobson, can you please confirm which modules are supported for RDS/Citrix servers?

 

Are there any plans to get those features working on server OS? It leaves a pretty big protection gap for my clients who run exclusively on RDS/Citrix...

[djacobson]

@MarkFleming, see this post - 

 

[MarkFleming]

Thanks djacobson... that's the exact opposite to what the sales guys told me yesterday when I raised issues with them.

 

Thanks very much for your continued responses, but trying to deploy this product really is getting to be a shitshow. Conflicting and out of date information, no one 'true source' of what is correct and what is not...

 

Do you have any insight into why RDS should be different from Citrix (I'm specifically referring to XenApp)? I'm assuming it's an issue with multiple user sessions, but if that's the case then RDS and XenApp would be functionally the same?

 

I'm also pretty pissed off that the (quite frankly, glaring) limitations weren't communicated when we trialed the product. Can you confirm whether up to date information is being passed to sales teams, or is there any escalation process to talk to someone who has the full facts as to what the product does and does not support?

 

I am of course raising ALL of these issues with the sales guys I'm talking to, but they don't seem to have the answers either.

Edited December 4, 2017 by MarkFleming

[djacobson]

The sales team have resources for this when you are running a trial setup and encounter problems before closing, they are called the sales engineering team, SE's, they usually go over the more nitty gritty details that a sales agent most likely will not know about, since they aren't system admins, or as technically versed like someone deeper in the IT field.

RDS itself used to be in the same boat as Terminal and Citrix but was recently cleared with the release of MBEP's version of Anti-Malware tech within it. Terminal is being tested, though no date has been given. The status for Citrix, if and when it will be supported, is not known to me, though I can try to get an official statement from our Product Managers.

The issues are related to the multiple user sessions in two ways. On the technical side, each time a user connects, it generates another instance of the realtime process, which can bring a server down due to resource usage issues, if enough users are connected to eclipse the server's available resources. The other side is account management and licensing for a setup like that, this needs to be solved as well. If you are able to install and run the protection locally for the endpoints, that is supported, though if you have very minimal thin client setup, or have it so all applications and user profiles run from the Citrix server, I understand that is not going to be an option.

[MarkFleming]

Thanks for the explanation.

 

Any idea why RDS is cleared but Citrix is not, given that they are both multi-user OS's and will both run a process per user? Is it just a case of it still being run through testing to make sure it is OK, or are there active known issues with running EP on XenApp?

 

I would love to have some clarity from the Product managers or the SE team...

[EdwardQ]

Ok..  I may have initiated the scan and canceled.  The icon in the tray from the Citrix server is being passed to the clients.  So on my client computer it shows 2 or more Malwarebytes icons depending on the number of citrix servers they are connecting to.   Is there a way to stop that?

[djacobson]

@MarkFleming only that RDS was tested, the ok was given for MB3 based tech of the MBEP product, I do not know the reason why RDS is ok but Citrix is not. RDS is still not supported for the MBMC version of the product.We are tracking this in order to feed info back to the development team about how people have it configured

 

@EdwardQ we will need to open a real ticket for that, please email corporate-support@malwarebytes.com. I have never heard of or seen that issue before. This will be something that will go to the development team. While Citrix is not supported right now, it can still give the dev team valuable info for when we try to bring support to Citrix.

[Stephensit]

Hi all

 

have the same issues but on around 20 end windows clients.

 

the issues has only appeared the past two days and all apps are up to date running the latest version

 

how is this issue resolved, a uninstall / reinstall? 

[djacobson]

Is this happening on regular desktops or Citrix/RDS/Terminal clients?