Jump to content
EthicalPrivate

EPP installation problem

Recommended Posts

Hi,

I have an issue regarding on the MWB EPP deployment using Endpoint Agent Deployment Tool. I have a problem regarding on pushing the client through Deployment Tool. For the first 6 deployment we can push it to the machine using the Network scan method,  however when we installed a 6 machines already the EPP did not appear to both Cloud Console and to the notification icon that Malwarebytes was installed on machine itself. I look in the path where the agent installed but it doesn’t appear as well. The logs shown on the Deployment Tool says that it was successful.

Here's the logs from the Endpoint Agent Deployment Tool.

 

PHI1NTELP37573.TupperBrands.ph.log

Share this post


Link to post
Share on other sites

This tool is installing the communication agent, not the protection plugin. The agent will need to be able to reach the cloud URL's in order to check-in, receive your policy and download the rest of its pieces and set itself up. Once that is done, then it will show the tray icon. But if it never is able to check into your cloud portal, it will not be complete.

I'll need the info inside - C:\ProgramData\Malwarebytes Endpoint Agent

Make sure your network appliance / firewall has these URL's allowed outbound on port 443, also disable any SSL filtering or deep packet inspection against those URL's.
https://cloud.malwarebytes.com
https://data.service.malwarebytes.com
https://telemetry.malwarebytes.com
https://data-cdn.mbamupdates.com
https://data-cdn-static.mbamupdates.com
https://keystone.mwbsys.com
https://meps.mwbsys.com
https://keystone-akamai.mwbsys.com
https://socket.cloud.malwarebytes.com
https://sirius.mwbsys.com
https://hubble.mb-cosmos.com
https://blitz.mb-cosmos.com
https://cdn.mwbsys.com
https://ark.mwbsys.com

 

Share this post


Link to post
Share on other sites

There's no C:\ProgramData\Malwarebytes Endpoint Agent path as well after installation even though it says successful. It is kindly weird because the following sites are already whitelisted on the firewall and the other machines was succesfully installed and they are on the same subnet. 

When we installed a 6 machines, the remaining is successful but the tray icon not appear even in the Cloud Console.

Share this post


Link to post
Share on other sites

The log you posted doesn't look like a successful agent install, it does look like a successful attempt to use WMI to connect to that machine and begin the installer transfer but does not continue from there. May I have you zip up your D&D folder from the machine with which you were conducting the installs and paste it in your reply?

C:\ProgramData\Malwarebytes Discovery and Deployment

Share this post


Link to post
Share on other sites

The pre-reqs seem like they are not met on these machines, they are failing as access denied due to RPC and WMI being closed. If you have your Windows firewall disabled and these rules were not set beforehand, they will still be closed with the Windows firewall off.

What happens if you run an install package directly on the machines? I am also seeing HTTPS failures, make sure you have TLS 1.1 and 1.2 enabled on the workstations and that no SSL filtering or SSL proxy is in place against the URL's in our exclusion KB here - https://support.malwarebytes.com/docs/DOC-1652

 

Error in deployment for target: "Host name: [redacted]36936.[redacted]; IP Address(es): IP Address: [redacted], ; " Error: System.AggregateException: One or more errors occurred. ---> System.ApplicationException: Error copying files out to the admin share of: Host name: [redacted]36936.[redacted]; IP Address(es): IP Address: [redacted], ;  : Error: Access Denied

2018-05-10 12:31:40,257 pid:11644 [13] ERROR WMIDetector - Connection to WMI scope failed on "[redacted]27388[redacted]" - System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

2018-05-10 12:31:05,989 pid:11644 [14] ERROR WMIDetector - Connection to WMI scope failed on "[redacted].33" - System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

2018-05-10 12:31:12,170 pid:11644 [8] ERROR WMIDetector - Connection to WMI scope failed on "[redacted].197" - System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

2018-05-10 12:30:58,552 pid:11644 [14] ERROR WMIDetector - Connection to WMI scope failed on "[redacted]24225[redacted]" - System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.