cxl48548

We were not on 1.6.1 at the time, and I don't actually believe it was in full release, only beta at the time of my post, but yes, we're on 1.6.1.2897 currently and using wildcards since upgrading. It was a much needed enhancement, and I'm so very glad to have it now.

I have this same issue. Bumping for awareness. Also Yes I aready have a Business Support case open, no response as yet (opened about 5 hours ago so far so not a super long time admittedly)

Yes, it is. + 1

MBAM is now available for MAC OS X 10.7+ https://www.malwarebytes.org/downloads/ There is no Linux edition at present, and I couldn't comment on MB's plans so I'll let a moderator take that one. While I feel it's somewhat short sided to think there is zero risk, Linux is vastly less targeted than the MS OS products, so your likely hood of getting infected is vastly reduced. CxL

Hi Ron, I'd be surprised if you are not the same Ron working my ticket already to be honest, MB seems to have a fairly small support staff.....but Ron is not exactly an uncommon name so....I digress... I have an open case with Support for about 2 months - best Development has been able to tell me to this point is that they do not know why "some" customers (me being one of them) have this issue, and a new Console is being worked on that I could get access to test once it's Beta available if I'm interested. So for now I'm left with a kludgy and maunally intensive effort PSEXEC method of remote push installation. The push via PSEXEC itself works fine but managing which clients are online, do not have the software yet and pushing it to them even in batches via the \\@file parameter is just......very manual and time consuming.Not to mention I have to pull off the non managed Premium v 2.0 MBAM clients on many end points - the console has just.....disapointed me with it's basic feature set and issue with MBAE 1.5 so far. I've provided so many logs I doubt another would yeild anything additional, but if you tell me what log(s) you want I will gladly send more in the sake of getting resolution. Thanks CxL

Thanks Ron. I had that document, so I went to the referenced section 7.4 I then found the other bit about the OPERATION colum being documented somewhat at 7.1.2 although it was more like a side note, and doesn't really define what the statuses meant - some of them being self evident of course, but like my query about what does Success indicate exactly...that isn't really defined that I could find even after the additional review of the document. Thanks for the follow up. CxL

Hi Ron, I guess the biggest question is, why is not not covered in any documentation? Or if it is, can you kindly point me to which documentation addresses these items, as it may contain other information I could learn from. I hear you about the default policy for PUP's to be list but not remove. I learned that recently through experience, so I modified the policy to be: PUP : Show & check for removal PUM: Show & check for removal P2P: Show & check for removal I can see that some of the client(s) that I am questioning, are reporting the most recent policy version is in effect, yet they remain 'pink' But they are not frequently online so it may just be that they have not reported back a 'clean' scan to the console as yet. Thanks, CxL

What you fail to mention is that Development is aware of several customer for which updating MBAE via the method in that link does *not* work properly. Ask me how I know ? - Because MBAE installer hangs if I push any 1.5 build version from the 1.4.1 managment console and there's no fix for past 2 months on going now. I'm somewhat surprised that that workaround thread has been allowed to stand without a follow up indicating that it will not necessarily work as described or pulled all together until the issue is resolved. CxL

Been trying to get the Endpoint Security going in our org. A few points of confussion for me that I need further clarity on. I've read the following documents without actually seeing these items documneted? Endpoint Security Quick Start Guide.pdf Malwarebytes Management Console 1.4.1 Administrators Guide.pdf Malwarebytes Management Console 1.4.1 Best Practices Guide.pdf 1) When a machine has a detection it shows up highlight pink in the clients view of the console: But for how long? Forever? Until the client logs are cleared? Until the infection is removed? 2) Regading removals - there's a colum in the Security Logs tab within the Client console view that is titled OPERATION What does this column actually indicate, and what are the range of responses? So far I've noted <None> and success But what do they mean? Presumably <none> means no action was taken and success means the infection was removed? or whatever the policy action is set to be for that class of detection, yes? So circle back to the top if success means removed/quarentined etc, will the client stop being highlighted in PINK to alert that there's an infection? Thanks, CxL

With MBAE, our users are getting a program folder group on their start menu, and an UNINSTALL option right there on the Start Menu Program Folder. That's not good. The rest of the End Point Security suite installs without the Start menu group being created (when those options are selected in the policies, but MBAE doesn't have it's own set of policy options regarding those settings and does not apparently inherit the settings from the policies defined for MEE. I've seen this with every version of MBAE we've tested so far, but for the record, the currently installed version is 1.05.2.1016 Will this be corrected, and or is there a way to achieve this with the current version? Thanks, CxL

Well, this has been helpful.... I defacto figured this out, The log entries are based on the End Point's local time, because otherwise I've got a server reporting things in it's future! ha ha Example, had an end point report something with a time stamp of an hour later than it actually was on the server. Server is on CST time EndPoint was on EST, ergo the timestamp on the event in the System Log was the End Point's time based on it being +1 hour from the servers clock. Replying to my own thread with the answer in case someone else comes along after me with the same question. CxL

Thank you I will open a ticket presently. CxL

I have clients in various timezones, so I'm not clear on what the time stamp generated for an activity in the logs is based upon, the Management Server's time or the end point's? Assuming the servers, but looking to verify. Thanks, CxL

I was coming to post a similar thread. I can not successfully push a client install. I see "installing" as the status for about 15 minutes and then it fails stating the PC is busy? Watching the running processes on the target system I can see a few installation service spawn but they never complete and just seem to be stuck waiting, neither growing in memory used or cpu cycles. CxL I so far can only use the exported installation package via PSEXEC to perform an install. As soon as the installation completes the console 'sees' the new client and begin logging activity. I also seem to not be able to force a database update from the console to an end point, or initiate a scan - so it seems as if the clients can talk back to the server, but the server can't successfully SEND to the clients.

As a current, but fairly new MBES customer, I too would like to add my support for the ability to send e-mail alerts from the console. CxL