bumskull

it only happened this one time that i know of and yes only on this one computer.

Here is the zip mbae.zip

How do I exclude something? Antiexploit blocked one of our GPO scripts but it seems at least for now to only be on one computer. When in the threat view it will not let me exclude it. When I try i get a message "Selected threat does not contain a valid payload checksum, it cannot be added into exclusion list."

I suspect the only option besides remote scripting would be to uninstall and reinstall on each but maybe support has another option that better fits. However you could try these powershell scripts. Please test them first as they are put together kinda quickly and by no means do I consider myself all that proficient at Powershell scripting. Google is my friend when it comes to powershell. READING VALUES: $Logfile = "C:\Logs\MBDBVales.log" Out-File $Logfile $SRVS = get-content "c:\Logs\RemoteComputers.txt" foreach ($SRV in $SRVS) { If (test-connection -ComputerName $SRV -Count 1 -Quiet) { $REG = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $SRV) $RK1 = $REG.OpenSubKey("SOFTWARE\\Wow6432Node\\Malwarebytes' Anti-Malware") $V1 = $RK1.GetValue("dbdate") $V2 = $RK1.GetValue("dbversion") Write-Host "$SRV`t$V1`t$V2" Write-Output "$SRV`t$V1`t$V2" | Out-File $Logfile -Append $V1 = "" $V2 = "" } else { Write-Host "$SRV`tunreachable" Write-Output "$SRV`tunreachable" | Out-File $Logfile -Append } } WRITING VALUES: $f = get-content "C:\Logs\MBDBVales.log" foreach ($line in $f) { $fields = $line.split("`t") $SRV=$fields[0] $dbdate=$fields[1] $dbversion=$fields[2] If (test-connection -ComputerName $SRV -Count 1 -Quiet) { Write-Host "$SRV`tRemoteReg`tSetValue" $REG = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $SRV) $RK1 = $REG.OpenSubKey("SOFTWARE\\Wow6432Node\\Malwarebytes' Anti-Malware",$True) $RK1.SetValue("dbversion","$dbversion") $RK1.SetValue("dbdate","$dbdate") } else { Write-Host "$SRV`tunreachable" Write-Output "$SRV`tunreachable" | Out-File $Logfile -Append } } This will read from a text file that has a computer name per line then it will read the 2 registry values and output the computer name and 2 values to a tab text file. You will need to edit the text file and make sure that the 2 values are correct. Then run the write script and it will set the corrected values. Then you can see if the service will start and stay started. Example of output file: computername Sun, 13 Nov 2016 23:13:33 GMT v2016.11.13.07 AGAIN i will add caution that you should test these script first and make sure that these 2 registry values are actually your issue.

You could use remote registry, powershell or vbscript to make changes to the remote pcs. I would use powershell to query the 2 registry values on all pcs and write to a file. Then you can compare each computers settings modify to match then use powershell again to write the adjusted values back to each pc and tell the service to restart.

In my case it was a conflict in registry values. The dbversion and dbdate values needed to show the same date. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\

No i have not do so yet. Ill try to do that today

It seems that we are no longer able to auto update the signatures. The last time it autoupdated as on 10/15. Ever since then I have had to log into the server every other day or so and tell it to check for updates and it does and downloads just fine. Also this may be related but when you log in it says Unable to contact server to verify your license key. I know its not expired as our renewal isn't until 3/2017

I have upgraded to 1.7 and everything seems fine on the server end of things. Now its time to upgrade all my clients to the new versions. Whats the best method here? Since I have multiple policies i can't just make one install package from the console and use SCCM to push it out without messing up everyone's policy. Is there a preferred method that will leave the current policy in place on the client and just upgrade the Manged Client, MBAM and MBAE software?

I also had this question but found my answer here https://support.malwarebytes.org/customer/portal/articles/1835539-how-do-i-upgrade-to-the-latest-version-of-the-malwarebytes-management-console-?b_id=6520

Support got mine working. It was that the service would stop due to an invalid registry key value. In my case it was actually blank. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\dbversion Currently my value is set to v2016.04.25.05 and the dbdate shows Mon, 25 Apr 2016 20:08:39 GMT

Ive not tried to group together as that can't accomplish what I am looking for. Like hide all unregistered or have the ability to select more than one status. Showing online is ok but if something is scanning it doesn't show up. Using a policy doesn't really help as I have 3 policies and you can't select more than one of those at a time either. Basically hiding unregistered would take care of all i am looking for in the filter for daily use. I would also like to see filters for database date and version so you could query for computers that are more than a day old or something like that instead of trying to sort all computers by the date and scrolling back to see whats old.

As an update i had restarted the service and not see any change but it appears it needs about 10 min after the service is started/restarted for you to see the computer as online in the console. Hopefully ill be able to work with support and see why the service is either not starting or stopping.

I opened a case. I checked that service and it was started on some but stopped on others that show offline. I have stopped started restarted to no avail

I have several clients that appear offline in the console but they are not offline. In fact it reports the host server as an offline client. I restarted one of the 2012r2 servers that appears offline in the console with no effect. On this server I can tell MBAM to update and it says its updated to the latest DB but i can see the numbers on it and its clearly out of date. It reports that I have v2016.03.19.02 on the client. On the console for this server it says i have v2016.03.19.01. The console shows that i have v2016.03.22.04 as the current latest database as well as most clients report having this too. There are no firewalls between these 2 servers. Not even the windows firewall is enabled. I have also rebooted the console server with no effect. This is a 2008r2 server in case it matters. As it sits right now it shows 60 online and 101 offline clients. Maybe half or less are actually offline or off network right now.