Jump to content

Recommended Posts

Some of my endpoints have trouble reporting. They'll report offline and not scan, especially with Windows 10, but not ONLY Windows 10. Also happens on Windows 7 and 8. Brand new computer, scans fine for 2 days or so. These are the errors from the Event Log.

I don't know what to do at this point. Uninstall and reinstall works some times, but sometimes works for days, sometimes only hours. 

image001.png

image002.png

image003.png

image004.png

Edited by chloe_

Share this post


Link to post
Share on other sites

As a stop-gap measure, try running the below script on the endpoint. We do this on our own endpoints when they happen to drop off.

START /WAIT net stop "MBEndpointAgent">nul 2>&1
timeout /T 3 /nobreak>nul
sc config "MBEndpointAgent" start= delayed-auto
START /WAIT net start "MBEndpointAgent">nul 2>&1

This stops the agent and restarts it with a delayed start which I believe is being pushed aside during Windows boot up. The agent only controls the GUI and communication with the Cloud Portal and won't interfere with active protection, the engine. Though I believe updates is handled by the agent as well though I don't know that for certain having it start a few seconds later won't interfere with it running and updating.

Edited by Kalrand

Share this post


Link to post
Share on other sites

Hi there @chloe_, the middle event there with ARW is normal, that comes up when exclusions you have set are attempted to be applied to the ARW module, if the path does not exist on that machine it will "fail" to clear, then later "fail" to apply. The first one and the last one look to be related. Are you behind a Sonicwall?

Share this post


Link to post
Share on other sites

It doesn't happen to all the computers though, which is why I haven't considered it as a firewall issue.

Share this post


Link to post
Share on other sites

It has to do with the cert the appliance is using when the program tries to connect to the backend.

Download this certificate package - https://malwarebytes.app.box.com/s/lhd76bqvur0gqtr2sfs30safdjjjtm9f

Import the certificates for Malwarebytes to the Sonicwall so that it serves the correct one for the handshake when the application tries to dial out - https://www.sonicwall.com/en-us/support/knowledge-base/170505885674291

Following that, make sure the external access URL's from this KB - https://support.malwarebytes.com/docs/DOC-1652 - are allowed past Sonicwall's Content Filter  - https://www.sonicwall.com/en-us/support/knowledge-base/170505604252027

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.