Jump to content

Malwarebyes Service Error 5: Access is denied


Recommended Posts

Hello,

I need some assist. As a test, I created a new policy with everything disabled. I moved a single endpoint into this policy. Gave it some time; ~1 hour to propagate into the new policy. I've rebooted the endpoint multiple times, but every time I try to disable the Malwarebytes Service, I get an Access denied. Thank you.

Link to post
Share on other sites

  • Staff

Hello @fyang,

I see that you were having some difficulties with trying to disable the service.  It is likely that you have the "Service and Process Protection" function enabled.  Please see the screenshot below for more information regarding this.  Additionally, if you have the tray icon enabled, you can always hold "CTRL" + "Right-Click" the tray icon and selection the option that says "Stop Malwarebytes Service."

image.thumb.png.e2f9847d9b82dee7d1d72648fb90b977.png1409186639_StopMalwarebytesService.png.f96fc8453abc59d36756e43b0327b013.png

 

Warm Regards,

Link to post
Share on other sites

1 minute ago, CHMOD_777 said:

Hello @fyang,

I see that you were having some difficulties with trying to disable the service.  It is likely that you have the "Service and Process Protection" function enabled.  Please see the screenshot below for more information regarding this.  Additionally, if you have the tray icon enabled, you can always hold "CTRL" + "Right-Click" the tray icon and selection the option that says "Stop Malwarebytes Service."

image.thumb.png.e2f9847d9b82dee7d1d72648fb90b977.png1409186639_StopMalwarebytesService.png.f96fc8453abc59d36756e43b0327b013.png

 

Warm Regards,

Thanks for the prompt response, however, every option within the policy is disabled. Still can't disable the service. Rebooted the endpoint multiple times. A couple hours have also gone by since and still can't disable the service. 

1.PNG

2.PNG

3.PNG

4.PNG

Link to post
Share on other sites

  • Staff

What is the name of the service you are attempting to stop?

If you disable all real-time protection:

  1. Malwarebytes Management Agent [MBEndpointAgent] remains running/always-on
  2. Malwarebytes Service [MBAMService] is unloaded
  3. Malwarebytes Incident Response is not normally running, it is launched only when needed for ad hoc or scheduled scan 

Disabling Malwarebytes Service is not relevant if you have already turned off real-time protection.

Link to post
Share on other sites

6 hours ago, AndrewPP said:

What is the name of the service you are attempting to stop?

If you disable all real-time protection:

  1. Malwarebytes Management Agent [MBEndpointAgent] remains running/always-on
  2. Malwarebytes Service [MBAMService] is unloaded
  3. Malwarebytes Incident Response is not normally running, it is launched only when needed for ad hoc or scheduled scan 

Disabling Malwarebytes Service is not relevant if you have already turned off real-time protection.

It is the Malwarebytes Service; which I assume is the MBAMService. To piggyback off your points:

1. The Malwarebytes Endpoint Agent is disabled (unless there is another agent you're referring to?) which can be seen in the screenshot.

2. The Malwarebytes Service is not unloaded. The service is still running.

The reason why we need to disable Malwarebytes completely is because we're going to be upgrading some of our systems. Per the vendor, all anti-virus applications will need to be either disabled completely or uninstalled to prevent any issues while the upgrade is being performed. I've tried both methods, uninstall from the Nebula console, and uninstall from the Deployment tool, both methods do not work. I've opened a support ticket (3494501) for that issue. Now this is where we're at. It would also be nice, if the devs can implement a button to "disable" an endpoint. I don't see that option in Nebula. Please advise. Thank you.

 

 

5.PNG

Link to post
Share on other sites

  • Staff

1. Enable/start the Malwarebytes Management Agent, it should be always running and will not interfere with your maintenance,  so that

a) It is responsive to console commands - Console-initiated uninstall cannot be received if Agent is stopped; and

b) Responsive to the  Malwarebytes icon in the system tray 

2) Use CTRL key and  Right-click with mouse on the icon to bring up prompt to locally/temporarily disable the protection service.  Perform maintenance. Then repeat to ensble.

3) Alternatively,  Console disable - create a new policy with all protection disabled, create a new group with this policy

a) Move the endpoint into it to disable realime potection (reboot may occur).   Management Agent will receive changed policy, causing the Malwarebytes Service [MBAMService] to unload/uninstall, replacing it with a scanner plugin MBIRPlugin (which is unused until a scan is initiated)

b) Perform maintenance

c) Move endpoint back to group/policy with all protection enabled.

4. If Management Agent is corrupted with side by side error, use this instruction.

https://support.malwarebytes.com/hc/en-us/articles/360040259453-Restore-Malwarebytes-Endpoint-Agent-configuration-from-side-by-side-configuration-error-#:~:text=Malwarebytes automatically backs up the,lowest number in the sequence.

ALTERNATIVES

6. Use Add Remove Programs locally.  Passphrase is needed if you have tamper protection enabled. Consider moving endpoint to a group/policy with tanper protection disabled.

7. Run this deletion utility, as a last desort 

https://support.malwarebytes.com/hc/en-us/articles/360038524734-Malwarebytes-Support-Tool-for-business-environments

Above are plenty of options for you (and others following this forum) , otherwise Support Ticket is the way to go.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.