Jump to content
AlexLeadingEdge

Machine Command Failed

Recommended Posts

Hi guys,

At the moment when I do a scan on a computer using the cloud console I'm getting emails like the one below. It's not every scan, maybe 1 in 30, but it's still significant since we have several hundred end points. Re-running the scan gives the same error message (below).

Any idea as to how I can get them to work properly?

Quote

 

Based on your preferences, you are being notified that a new event has occurred on your account:


Endpoint Name: COMPUTERNAME.DOMAINNAME.DOMAINNAME
Source: managed.machines
Severity: warning
Type: machine.command.failed
Details: command.threat.scan

 

 

Share this post


Link to post
Share on other sites

When I've run into this type of issue, though when it started it for me it didn't correct itself, I would have to remove MEP and reinstall. In some cases this would include a purge of all Malwarebytes from the system using the MB-Support tool after traditional uninstall, the tool was designed for the commercial side but works are scrubbing out MEP as well (don't let MB-Support reinstall after the scrub as it will install the commercial version). Anything further you'd have to talk to Support.

Share this post


Link to post
Share on other sites

Even though they are not local, are they on the same network as you? If so then PDQ Deploy could access them as long as you have admin rights to the workstation. We use it push out Malwarebytes and many other products (Adobe, Chrome, etc).

Share this post


Link to post
Share on other sites

No, different companies, different domains. We have PDQ Deploy in some of our bigger client's premises. I have remote access to all of the computers, it's just a pain as there are quite a few. Just doing an audit, it's not as bad as I thought as some have the same error multiple times; it's 10 computers in 6 different companies.

Share this post


Link to post
Share on other sites

Going by the failure log and comparing it to the scan log of the individual machines, it seems to be intermittent and usually runs the next time it is scanned.

I wonder if the computers are simply being turned off during the scan and the console is reporting that as "machine.command.failed"?

Maybe the error message is just not very helpful / self-evident?

Share this post


Link to post
Share on other sites

I know when the endpoints are off it doesn't produce that type of alert in the Cloud when it misses a schedule, we have about 5 schedules a day (3 asset and 2 scan). Usually when that type of alert comes up for us is when I manually told the endpoint to do something, like check for protection updates or scan and quarantine, and it never reached the endpoint or it kept trying to run the command on the endpoint and it failed/timed out.

Share this post


Link to post
Share on other sites

Not that I've seen, but that's not definitive by any means. What's odd is it works and then it doesn't which means that something is interfering with it. The other odd point is why are they running manually? If it missed a schedule it would put a crosshair like icon next to the endpoint and wait till it came back online. I'd probably get support involved because some things just don't add up or I'm missing a piece of the puzzle.

Share this post


Link to post
Share on other sites

You can retrieve c:\ProgramData\Malwarebytes Endpoint Agent\logs\MBEndpointAgent.txt and c:\ProgramData\Malwarebytes\MBAMService\MBAMService.log
to understand Endpoint behaviour e.g. whether agents and plugins are turned on, running, active at the time, internal errors. 
They are verbose and for technical support, but you can try reading.

All Endpoint Protection customers have an included Premium support subscription,
so raise a case via: https://support.malwarebytes.com/community/business/pages/contact-us
Log collection instructions are here - https://support.malwarebytes.com/docs/DOC-1818

 

Share this post


Link to post
Share on other sites

Hi guys,

It turned out there were three copies of Malwarebytes on that computer. Version 2 (Corporate), Version 3 (Free, installed via Ninite), and the Cloud Agent we are currently using. Talking to Malwarebytes Support Australia the Cloud Agent should have removed the previous versions automatically but for some reason failed to do so. It appears the Cloud Agent was the only one running but the old folders and files were there from the previous versions and was screwing things up.

I uninstalled all Malwarebytes using Add or Remove Programs / Programs and Features / appwiz.cpl, only version 3 and Cloud Agent were available to uninstall, then manually deleted all folders with "Malwarebytes", "MBAM" or "MB3" in the Program Files, Program Files (x86), and Program Data folders. Reinstalled the Agent. Scans now work as expected.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.