Jump to content

Bug?: Uninstalling Endpoint doesn't update Oneview Site


Recommended Posts

After, I had to recover from a ransomware attack that affected one of our customers machines that I was pretty sure that I deployed Malwarebytes to, but it was able to infect their machine. I was thinking I was starting to go crazy because I know for a fact that I deployed the agent a couple of months ago and had a active subscription for Malwarebytes Endpoint Protection and Response for that customers site. But, I was unable to find any indication in the Events view of Malwarebytes being either deployed or removed from the customers site.

Apparently there might be aa bug that occurs after the Malwarebytes Endpoint agent is uninstalled from the users device.  After this occurs, the Oneview site doesn't update or display that the endpoint has been removed.  Giving a false impression that the endpoint software is still installed and protecting the users machine, despite the fact that it has actually been uninstalled from the device, therefore leaving that device vulnerable to attack.

I was able to reduplicate this issue with a Temporary test site in Oneview that I set-up and allocated up-to 2 licensed for, deploying a endpoint to the test machine, and manually uninstalling the Malwarebytes endpoint agent from the test machine itself.  I have also taken screenshots showing how Oneview gives the false indication that the endpoint is still deployed, despite the fact that the Malwarebytes endpoint has been uninstalled from the Windows machine.

Site View for the test site displaying that the agent is still deployed

1052261004_mwbtestview.thumb.PNG.ea67a7a8bc055eddfc743cc075d4a5c9.PNG

 

Dashboard view of the Test Site after manually uninstalling the endpoint from the test machine

 1153922073_uninstallsitedashboard.thumb.PNG.281272009746f18ba87998246020573b.PNG

 

Events View for the test site after endpoint was manually uninstalled

705817394_MWBuninstallfromdesktop-Copy.thumb.PNG.c5b5e3c772506013d032ce06d3993189.PNG

 

And Finally, what the Endpoint view in Oneview shows after the manual uninstalling the endpoint agent552769720_manualuninstallendpoints.thumb.PNG.ab317cf2cc93edda54f58cb980f6a200.PNG 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.