Correct way of making changes to MBAM policy

[esheldon]

Sorry if this is an easy question, but we rolled out MBAM & MBAE about a year ago and have decided to make some changes with how it's setup, as well as add some directories to exclude due to new software in our infrastructure.  How do I go about pushing those changes down to the clients already installed?

[exile360]

Greetings,

As I understand it, once you make the changes, as soon as the clients check in with the management system it should pull down and apply the new policies automatically and the endpoints check in on a regular basis according to a pre-programmed heartbeat/interval, so it should happen pretty soon once each client comes online and checks in, however if you have a test endpoint on your network that you can monitor, that might prove useful in determining how long it takes to apply the changes (just be sure to close/reopen the main UI to check for the changes pretty frequently, as I don't believe the UI will update automatically what is shown onscreen once the new settings are picked up even once the new policies become active so you'll have to close/reopen the main UI to see them visibly).  You might also be able to monitor the logs for the changes being applied, depending on what details they show (I'm not too familiar with the business product's logging structure so I don't know for certain whether the endpoints log changes to exclusions or not).

[esheldon]

This product is showing me that it's less and less of an enterprise solution.  I have checked DNS/DHCP/AD/etc, and everything shows fine.  I can ping my computer from the server fine (of which I have myself set as a static ip for the past few years).  I have rebooted the MBAM server.  I have updated the console to the latest version.  Yet, the MBAM software can't see my computer.  Showing network path not found.  

[exile360]

@djacobson can you help us out please?

I've notified a member of the Malwarebytes Business Support team.  He should be able to enlighten us as to any known issues and possible solutions and workarounds and/or provide guidance on troubleshooting the problem.

[djacobson]

Hi guys, changes to the policies within MBMC will be picked up by the clients themselves once they check into the management server. The version number of the policy will iterate, and in your client view, machines which need to check-in to receive the policy change will be highlighted in yellow. Once the highlight goes away, those machine have accepted the new policy and reported back.

[esheldon]

Exactly what I needed to know.  Still...the admin side of the product doesn't seem ready for Enterprise level.  Maybe 20-30 ee's, but not over a hundred like we have.  Either way, thanks so much for letting me know that piece, because that truly helps!

[exile360]

@esheldon do you happen to have any suggestions as to how Malwarebytes could improve their implementation to better suit your needs, requirements and expectations?  I ask because a huge driver for the decisions they make and features they choose to develop and implement is direct feedback from customers/users, so if you have any good ideas as to how they might make their product better, there's a good chance you may see it implemented in a future release.

Obviously you don't have to answer if you do not wish to, however it could be a good opportunity for you to provide valuable feedback which you and others may end up benefiting from in the future.

[djacobson]

MBMC can support in excess of 20k seats. It all depends on your SQL config.

There are other limitations with the product that can be impactful to enterprise setups, that's detailed here - 

 

Here is a matrix to help you design good policies for your endpoints based on their OS and role.