RickyF Posted January 10, 2020 ID:1355082 Share Posted January 10, 2020 Hi @Leewei, I tried to use the addin and I´ve got error messages like this ones. Any idea? Thanks Ricky Link to post Share on other sites More sharing options...
RickyF Posted January 10, 2020 ID:1355083 Share Posted January 10, 2020 Now it is ok. I have updated the adin to version 3.1.1 and is working fine Sorry about my mistake! Best Ricky Link to post Share on other sites More sharing options...
LeeWei Posted January 10, 2020 Author ID:1355265 Share Posted January 10, 2020 13 hours ago, RickyF said: Now it is ok. I have updated the adin to version 3.1.1 and is working fine Sorry about my mistake! Best Ricky No Ricky it is not your mistake. I have been tracking this error for a while now, but not successful. The error has to do with my code not being able to create a Worksheet. First of all, it has nothing to do with Malwarebytes Cloud or API. I don't know what state does Excel get into where it does not allow me to create the worksheet. Restarting Excel, or possibly restarting the computer fixes this. Link to post Share on other sites More sharing options...
BrianA Posted January 22, 2020 ID:1357780 Share Posted January 22, 2020 Is there a list of IP addresses for https://cloud.malwarebytes.com/ that is published that I can use for a whitelist? I am unable to connect with the excel add on since AV policies are set to block W97/Downloader from connecting to external IP addresses? Link to post Share on other sites More sharing options...
LeeWei Posted January 22, 2020 Author ID:1357793 Share Posted January 22, 2020 48 minutes ago, BrianA said: Is there a list of IP addresses for https://cloud.malwarebytes.com/ that is published that I can use for a whitelist? I am unable to connect with the excel add on since AV policies are set to block W97/Downloader from connecting to external IP addresses? We use Amazon CloudFront as the CDN (Content Delivery Network) and the IP might change. So we don't have static IPs for whitelisting. Is whitelisting an arduous process? You want to try the first IP is resolves to and see how long it might stay the same? Link to post Share on other sites More sharing options...
BrianA Posted January 22, 2020 ID:1357799 Share Posted January 22, 2020 21 minutes ago, LeeWei said: We use Amazon CloudFront as the CDN (Content Delivery Network) and the IP might change. So we don't have static IPs for whitelisting. Is whitelisting an arduous process? You want to try the first IP is resolves to and see how long it might stay the same? It is a bit of a process since the request has to go through a SecOps process to allow exceptions and get the policy implemented and them pushed to a machine. I white-listed 2 ip addresses yesterday and it appears that they are using different ones today so I dont think that is going to be an acceptable solution to open a support request each day nor would it be to allow excel to make internet calls to all IP addresses. Seems like I am in a bit of a bind. Link to post Share on other sites More sharing options...
LeeWei Posted January 22, 2020 Author ID:1357816 Share Posted January 22, 2020 1 hour ago, BrianA said: It is a bit of a process since the request has to go through a SecOps process to allow exceptions and get the policy implemented and them pushed to a machine. I white-listed 2 ip addresses yesterday and it appears that they are using different ones today so I dont think that is going to be an acceptable solution to open a support request each day nor would it be to allow excel to make internet calls to all IP addresses. Seems like I am in a bit of a bind. Given their large number of IP addresses, I wonder how useful this page is. I am not familiar with your whitelisting process and wonder if SecOps will just laugh us out of the room. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html Note this URL with the large number of IPs: https://ip-ranges.amazonaws.com/ip-ranges.json I wonder if further possible to narrow by service and region. Link to post Share on other sites More sharing options...
Vegita Posted April 3, 2020 ID:1370684 Share Posted April 3, 2020 Hi Lee Wei, I am getting this error when I go to view my scheduled reports. Summary report > View Schedules I looked through the forums and didn't see anything, I also updated to 3.1.1 and am getting the same error. Thanks! Link to post Share on other sites More sharing options...
LeeWei Posted April 3, 2020 Author ID:1370700 Share Posted April 3, 2020 On 4/3/2020 at 12:36 PM, Vegita said: Hi Lee Wei, I am getting this error when I go to view my scheduled reports. Summary report > View Schedules I looked through the forums and didn't see anything, I also updated to 3.1.1 and am getting the same error. Thanks! Sorry, there must be a bug somewhere. The schedule information is stored in the Windows Registry here: HKEY_CURRENT_USER\Software\Malwarebytes\ExcelAddin\Schedules. - If you want to keep the schedule(s), you can export the hive and send me to debug (lwei @ malwarebytes.com). - If you don't care to keep the schedules, you can delete the entries and you will be able to "View Schedules" again. Former Malwarebytes employee Follow us: Twitter, Become a fan: Facebook Link to post Share on other sites More sharing options...
ConnorElliott Posted July 21, 2020 ID:1396017 Share Posted July 21, 2020 Hello! Currently having an issue when I try and use the Excel Add-in and load a site Link to post Share on other sites More sharing options...
wep Posted July 29, 2020 ID:1397616 Share Posted July 29, 2020 When I open the "detection and threat" report, it is not showing the total number of detection's in the report. For example, we have one computer with 100 detection's in the last 90 days. The total detection's for all the computers is 250. All of the detection's show in the "detection data" spreadsheet but in the formatted "detection reports" it only shows 50 detection's. The detection's are PUP's and blocked websites. How would I get the "detection report" to show all of the detection's? Thanks Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted August 5, 2020 Staff ID:1399134 Share Posted August 5, 2020 On 7/21/2020 at 9:20 AM, ConnorElliott said: Hello! Currently having an issue when I try and use the Excel Add-in and load a site @ConnorElliott did you resolve this issue? I don't recall this problem off hand. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted August 5, 2020 Staff ID:1399135 Share Posted August 5, 2020 On 7/29/2020 at 7:57 AM, wep said: When I open the "detection and threat" report, it is not showing the total number of detection's in the report. For example, we have one computer with 100 detection's in the last 90 days. The total detection's for all the computers is 250. All of the detection's show in the "detection data" spreadsheet but in the formatted "detection reports" it only shows 50 detection's. The detection's are PUP's and blocked websites. How would I get the "detection report" to show all of the detection's? Thanks @wep When there is a threat detected, Malwarebytes console will show you all the different traces of the threat. For example, one PUP will show up in the console as many entries, sometimes into the hundreds. The Excel Addin defaults to "aggregating Detections". This behavior can be changed by going into the "Configuration and Options" menu then check the option to "Do not aggregate the Detections". Please see if that is what you are encountering. Link to post Share on other sites More sharing options...
wep Posted August 5, 2020 ID:1399203 Share Posted August 5, 2020 10 hours ago, Lee-Wei said: @wep When there is a threat detected, Malwarebytes console will show you all the different traces of the threat. For example, one PUP will show up in the console as many entries, sometimes into the hundreds. The Excel Addin defaults to "aggregating Detections". This behavior can be changed by going into the "Configuration and Options" menu then check the option to "Do not aggregate the Detections". Please see if that is what you are encountering. Problem solved! Thanks for the help. Link to post Share on other sites More sharing options...
uaorK Posted September 15, 2020 ID:1407782 Share Posted September 15, 2020 @LeeWei Hi, I was wondering if there is a way to turn Asset Information, Software Installed, and Updates Installed into a generated report that could be emailed to the user similar how the Summary Report can generate a PDF/HTML report of Endpoint Data and Detections and Threats. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted September 15, 2020 Staff ID:1407791 Share Posted September 15, 2020 21 minutes ago, Calebxx1 said: @LeeWei Hi, I was wondering if there is a way to turn Asset Information, Software Installed, and Updates Installed into a generated report that could be emailed to the user similar how the Summary Report can generate a PDF/HTML report of Endpoint Data and Detections and Threats. @Calebxx1hi there - I am not working on this project actively. The team is very interested in getting additional feedback from the community, so I suggest entering the request within the console as a feedback. 1 Link to post Share on other sites More sharing options...
Olivier75 Posted December 4, 2020 ID:1425084 Share Posted December 4, 2020 Hi, This tool looks great but when I try to extract Asset Information I get this error message. Doesn't matter how many Asset there are. Does anyone can help me with this? Thanks in advance Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted December 8, 2020 Staff ID:1426043 Share Posted December 8, 2020 @Olivier75I can help you debug this if you contact me directly leewei at leewei.com. This is usually due to some data that I am not expecting causing some parsing errors. Link to post Share on other sites More sharing options...
RickyF Posted December 9, 2020 ID:1426169 Share Posted December 9, 2020 Hi Lee, I have multiple sites in my environment. I wonder if I could extract the data from all of them at once using the excel plugin so I can have all data from all sites on the same sheet. Right now it only lets me do it one by one and when I try to download them all at once it gives me this error that I send you in the capture "no permission for site" Thanks!! Link to post Share on other sites More sharing options...
Flyers2020 Posted December 9, 2020 ID:1426209 Share Posted December 9, 2020 Opened a ticket but suspicious activity is not included in the summary report. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted December 11, 2020 Staff ID:1426597 Share Posted December 11, 2020 On 12/9/2020 at 1:33 AM, RickyF said: Hi Lee, I have multiple sites in my environment. I wonder if I could extract the data from all of them at once using the excel plugin so I can have all data from all sites on the same sheet. Right now it only lets me do it one by one and when I try to download them all at once it gives me this error that I send you in the capture "no permission for site" Thanks!! @RickyF, the "All Site" option should have been taken out as it has not been implemented. Sorry about that. Link to post Share on other sites More sharing options...
Flyers2020 Posted December 14, 2020 ID:1427078 Share Posted December 14, 2020 What is the difference between 'found' and 'quarantined' in the detection data worksheet? I downloaded filezilla as a test, I was able to install it and later mb quarantined the setup file. That detection has a 'quarantined' status not 'found'. Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted December 14, 2020 Staff ID:1427086 Share Posted December 14, 2020 12 minutes ago, Flyers2020 said: What is the difference between 'found' and 'quarantined' in the detection data worksheet? I downloaded filezilla as a test, I was able to install it and later mb quarantined the setup file. That detection has a 'quarantined' status not 'found'. If a threat is detected and actioned upon, it will be tagged as Quarantined. If it is only detected but not remediated, than you see the status as Found. Found is possible if you performance a scan but chose not to remediate for reporting only. Link to post Share on other sites More sharing options...
Flyers2020 Posted December 14, 2020 ID:1427090 Share Posted December 14, 2020 ok that makes sense, i chose scan and report after deploying to endpoints in November. So far in December nothing has been marked as 'found'. can you comment on my previous post about suspicious activity not showing up in the summary report? Link to post Share on other sites More sharing options...
Staff Lee-Wei Posted December 14, 2020 Staff ID:1427091 Share Posted December 14, 2020 1 minute ago, Flyers2020 said: ok that makes sense, i chose scan and report after deploying to endpoints in November. So far in December nothing has been marked as 'found'. can you comment on my previous post about suspicious activity not showing up in the summary report? Correct that suspicious activities are not currently included as part of the summary report. There is not a plan to do that. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now