Machine Command Failed

[AlexLeadingEdge]

Hi guys,

At the moment when I do a scan on a computer using the cloud console I'm getting emails like the one below. It's not every scan, maybe 1 in 30, but it's still significant since we have several hundred end points. Re-running the scan gives the same error message (below).

Any idea as to how I can get them to work properly?

Quote

 

Based on your preferences, you are being notified that a new event has occurred on your account:

Endpoint Name: COMPUTERNAME.DOMAINNAME.DOMAINNAME
Source: managed.machines
Severity: warning
Type: machine.command.failed
Details: command.threat.scan

 

 

[AlexLeadingEdge]

Anyone? :(

[Kalrand]

When I've run into this type of issue, though when it started it for me it didn't correct itself, I would have to remove MEP and reinstall. In some cases this would include a purge of all Malwarebytes from the system using the MB-Support tool after traditional uninstall, the tool was designed for the commercial side but works are scrubbing out MEP as well (don't let MB-Support reinstall after the scrub as it will install the commercial version). Anything further you'd have to talk to Support.

[AlexLeadingEdge]

Thank you for your reply. I had hoped it wasn't the case as most of these machines with the issue are not local 😭

[Kalrand]

Even though they are not local, are they on the same network as you? If so then PDQ Deploy could access them as long as you have admin rights to the workstation. We use it push out Malwarebytes and many other products (Adobe, Chrome, etc).

[AlexLeadingEdge]

No, different companies, different domains. We have PDQ Deploy in some of our bigger client's premises. I have remote access to all of the computers, it's just a pain as there are quite a few. Just doing an audit, it's not as bad as I thought as some have the same error multiple times; it's 10 computers in 6 different companies.

[Kalrand]

Oh, ouch. Yeah, I can see the headache. A solution for that isn't coming to mind.

[AlexLeadingEdge]

Going by the failure log and comparing it to the scan log of the individual machines, it seems to be intermittent and usually runs the next time it is scanned.

I wonder if the computers are simply being turned off during the scan and the console is reporting that as "machine.command.failed"?

Maybe the error message is just not very helpful / self-evident?

[Kalrand]

I know when the endpoints are off it doesn't produce that type of alert in the Cloud when it misses a schedule, we have about 5 schedules a day (3 asset and 2 scan). Usually when that type of alert comes up for us is when I manually told the endpoint to do something, like check for protection updates or scan and quarantine, and it never reached the endpoint or it kept trying to run the command on the endpoint and it failed/timed out.

[AlexLeadingEdge]

So other than reinstall it while on the machine itself, there is no other solution?

[Kalrand]

Not that I've seen, but that's not definitive by any means. What's odd is it works and then it doesn't which means that something is interfering with it. The other odd point is why are they running manually? If it missed a schedule it would put a crosshair like icon next to the endpoint and wait till it came back online. I'd probably get support involved because some things just don't add up or I'm missing a piece of the puzzle.

[AndrewPP]

You can retrieve c:\ProgramData\Malwarebytes Endpoint Agent\logs\MBEndpointAgent.txt and c:\ProgramData\Malwarebytes\MBAMService\MBAMService.log
to understand Endpoint behaviour e.g. whether agents and plugins are turned on, running, active at the time, internal errors. 
They are verbose and for technical support, but you can try reading.

All Endpoint Protection customers have an included Premium support subscription,
so raise a case via: https://support.malwarebytes.com/community/business/pages/contact-us
Log collection instructions are here - https://support.malwarebytes.com/docs/DOC-1818

 

[AlexLeadingEdge]

Hi guys,

It turned out there were three copies of Malwarebytes on that computer. Version 2 (Corporate), Version 3 (Free, installed via Ninite), and the Cloud Agent we are currently using. Talking to Malwarebytes Support Australia the Cloud Agent should have removed the previous versions automatically but for some reason failed to do so. It appears the Cloud Agent was the only one running but the old folders and files were there from the previous versions and was screwing things up.

I uninstalled all Malwarebytes using Add or Remove Programs / Programs and Features / appwiz.cpl, only version 3 and Cloud Agent were available to uninstall, then manually deleted all folders with "Malwarebytes", "MBAM" or "MB3" in the Program Files, Program Files (x86), and Program Data folders. Reinstalled the Agent. Scans now work as expected.