Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

issue with malwarebytes

wcutler
 Share

Recommended Posts

schester

schester

Posted
Posted

I actually found that the overwhelming majority of our endpoints have updated automatically. I had about 5% that weren't updated. Most of them I've been able to get into via a ScreenConnect, even though I couldn't connect via remote desktop or TeamViewer to them. I have about 1% that are not letting me in regardless, but I can see from the network side that they are online. They may need a power cycle or physical access.

Unfortunately I don't know anything about the cloud console.

Link to post
Share on other sites
  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

NathanMitten

NathanMitten

Posted
Posted
49 minutes ago, schester said:

I've found that disabling the website blocking, then updating the database fixes the problem and the website blocking can be re-enabled. No restarts are needed, but we are running 1.80 for MSP, so it could be different for others.

What I can't figure out is how to do this on all the machines that we can't talk to because of this issue. Has anyone found a viable way to tell the remote devices to update? The impacted devices don't seem to be checking in to LabTech/Automate.

We were about half way through migrating clients from a normal MBAM console and the MBAM plugin with Labtech. The ones that are on the console I didn't have any issues changing policy, updating and changing back.

 

However, clients in the RMM plugin I've had less luck finding any method to make work, they report into Labtech, but can't figure out a way to get the policy to update.

Link to post
Share on other sites
schester

schester

Posted
Posted
42 minutes ago, NathanMitten said:

We were about half way through migrating clients from a normal MBAM console and the MBAM plugin with Labtech. The ones that are on the console I didn't have any issues changing policy, updating and changing back.

 

However, clients in the RMM plugin I've had less luck finding any method to make work, they report into Labtech, but can't figure out a way to get the policy to update.

Once the fix was released, I waited a few hours before getting in to check things. And, quite honestly, our LabTech server was also being blocked by mbam, so I couldn't get in to really check anything. After about 3 hours when it seemed clear that it wasn't going to solve itself, I found a way into the LabTech server (was able to remote desktop from another device on the same subnet, but couldn't remotely), I was able to get mbam fixed on there. Once I got it fixed, I gave things a few minutes and then found most of the clients were checking in.

I *assumed* if they were checking into LabTech, that mbam probably wasn't causing a problem on them. I spot checked a few and of the online agents they all had v12 or v13 of today's definitions. The agents that weren't showing online had v02 (mostly or exclusively) definitions.

I ran a search for LabTech last checkin >1 hour and <1 day to give me a list of agents that weren't checking in. Some of those had gone offline for other reasons and there was only 5% or so that I needed to go through.

If the agents are checking in, but not getting mbam updates, could sending a restart script to all of them help?

Link to post
Share on other sites
NathanMitten

NathanMitten

Posted
Posted
2 minutes ago, schester said:

Once the fix was released, I waited a few hours before getting in to check things. And, quite honestly, our LabTech server was also being blocked by mbam, so I couldn't get in to really check anything. After about 3 hours when it seemed clear that it wasn't going to solve itself, I found a way into the LabTech server (was able to remote desktop from another device on the same subnet, but couldn't remotely), I was able to get mbam fixed on there. Once I got it fixed, I gave things a few minutes and then found most of the clients were checking in.

I *assumed* if they were checking into LabTech, that mbam probably wasn't causing a problem on them. I spot checked a few and of the online agents they all had v12 or v13 of today's definitions. The agents that weren't showing online had v02 (mostly or exclusively) definitions.

I ran a search for LabTech last checkin >1 hour and <1 day to give me a list of agents that weren't checking in. Some of those had gone offline for other reasons and there was only 5% or so that I needed to go through.

If the agents are checking in, but not getting mbam updates, could sending a restart script to all of them help?

In our case it is really only the .03 update that is an issue. All the other versions updated to v12 and v13. 

 

Are you using MBAM plugin with Labtech or do you have a separate MB management console? I had no issues moving policies within the management console, even if LT and SC were not working. Problem with the plugin is there isn't any good way to force it to another policy because the command is coming from the labtech agent. It was hit or miss on if I could change the computer policy via the plugin or not. If I could then a reboot would work, but I couldn't reboot them via labtech.

 

At this point we are looking at around 60ish manual uninstall / reboots.

Link to post
Share on other sites
schester

schester

Posted
Posted
2 minutes ago, NathanMitten said:

In our case it is really only the .03 update that is an issue. All the other versions updated to v12 and v13. 

 

Are you using MBAM plugin with Labtech or do you have a separate MB management console? I had no issues moving policies within the management console, even if LT and SC were not working. Problem with the plugin is there isn't any good way to force it to another policy because the command is coming from the labtech agent. It was hit or miss on if I could change the computer policy via the plugin or not. If I could then a reboot would work, but I couldn't reboot them via labtech.

 

At this point we are looking at around 60ish manual uninstall / reboots.

I think I was seeing .02 because once updated to .03 they wouldn't check in. I don't know if it was just timing as to how some may have skipped it and it was only the machines that actually got .03 that I had to get on, but we had two clients call today because no one could work today, but fortunately the majority of our clients were off today.

We have only ever used the mbam plugin with LabTech.

Do you have any other third party software that could do reboots? Maybe even get on one machine on site and use shutdown /i to try and get all problematic computers to restart? (It didn't seem to work for me, likely because mbam was blocking access to RPC or whatever shutdown needs, but it could be worth a try for you.) Maybe your AV has a reboot function? I didn't try it in this instance, but I've seen many times when LT agent isn't checking in, but we can SC to a workstation and issue a reboot from the SC even if it doesn't really connect to show you the session.

Link to post
Share on other sites
schester

schester

Posted
Posted

I just saw this from LabTech support:

Quote

I realize that the issue may prevent the machines from checking into the Automate Server, so you can send the commands to the machines from the Control server. 

1. Log onto your Control Server which is normally http(s)://FQDN:8040.
2. Click the Access link on the left side
3. Click the check box at the top of the main window and select All.
4. Click on the link to Run Command from the right side.

Push this command through Control to disable MBAM:

sc stop mbamservice & sc config mbamservice start= disabled & taskkill /IM MBAMService.exe /f

Push this command though Control or Automate to re-enable MBAM:

sc config mbamservice start= active & sc start mbamservice

Hopefully that helps you @NathanMitten or someone else!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.