Disappointed with Endpoint Protection.

[fittan]

Hi, I recently converted from ES to EP and is very frustrated with the whole experience and/or management interface. Maybe I am missing something. Can someone review following points and let me know if this is the "norm" or I am missing something. Thanks.

1) No ability to determine if clients have up-to-date definitions or policy.

Under Endpoint Security console, you can quickly see all client and their latest definitions version, engine, policies etc. With the new cloud console, you only the client and "Last seen at". It is also not possible to customize columns. So to determine client definition version, I need to click every single client and then exit and repeat for however many clients I have. 

2) No longer received email notifications of blocked websites.

Under Endpoint Security, whenever a client visit a malicious website, I get notified via email. In some ways, this is how I know that the agents are working. With EP, this notification is no longer available. 

3) On the client, the Malwarebytes icon is useless.

When I click on icon, the only option is to perform a manual scan. With ES, I was able to view latest definition, policy applied and even some logs.

4) Unable to identify infected computers

From "Dashboard", under "Endpoints" section, it shows Online, Offline and Infected computer. I have 3 "Infected" computers. However, I can't click on the "3" to identify which computers are infected. The only option is "Manage Enpoints" which brings me back to main screen. In short, there is no way to quickly identify which are the infected computers. 

5) The Malwarebytes Endpoint Agent service keeps shutting off.

On a daily basis, this service on 1/2 my clients keep shutting off by itself. The main Malwarebytes Service is still UP, but this agent (which reports to the cloud) will be off automatically. 

 

[CHMOD_777]

Hello Fittan,

I see that you had some questions regarding the features and operations available to you in Endpoint Protection.  I wanted to reach out and discuss these with you.

1.  The ability to see the current protection version from a glance is something that is being worked on by our product development team and should be released in the near future.

2.  By design, email notifications are not sent out for blocked websites as the email notifications could become overwhelming if there are multiple detections coming up.  However I would be happy to put in a feature request to allow users to re-enable/toggle that function on and off.

3.  The Malwarebytes Icon in the tray allows you to perform a manual scan as well as collecting Diag logs from the endpoint if you hold CTRL + Right-click the icon.

4.  If you are seeing that endpoints show as infected from the dashboard, by going into the "Detections" tab on the left hand side, you can get even more information on the latest detections each endpoint has.

5.  Regarding the Endpoint Agent shutting off, I would like to open a support ticket with this so that I may take a closer look into this issue you are experiencing.

 

Warm Regards,

[AndrewPP]

1. Viewing Endpoint Versions - Use Malwarebytes Excel Add-In
From this you can see versions of components and protection update status.  There is an asset information and health data view. 
https://support.malwarebytes.com/docs/DOC-2672  available for Endpoint Security too

2. Knowing Endpoint are Working
Currently, this can be best seen through the Excel Add-in. Freshness of versions and online/offline status can be checked. 
There is colour-coding for unprotected endpoints.
Web blocks are voluminous and better viewed through reporting.

3. Information from Endpoints
Comprehensive information as an endpoint status can be viewed by this script - https://support.malwarebytes.com/docs/DOC-2617
Apart from ctrl-right-click, the protection logs are all directly available in c:\ProgramData\Malwarebytes\MBAMService\
xxDetections\ and scanResults\ subdirectories have much more detailed JSON logs than Endpoint Security.  The management agent log is similarly available
These logs can be silently viewed via network share e.g. c$, if required

4.  Viewing Detections
Elaborating, the dashboard panel shows last 72 hours/3 days.  Viewing Detections list for last 3 days gives you the data you required. 
The Malwarebytes Add-in for Excel can filter for last 3.  Agree a quick-link to filter Detections table to 3-days, only, would be neater
 

[TonyCummins]

@AndrewPP...Thanks for posting the excel add-in !!  I was not aware of that.