![]() ![]() Malwarebytes support suggest doing a reinstall when there is no protection service version present. Over the course of a few hours, the free space issue on the hard disk would be resolved. In the event that the endpoint didn't show up in the Nebula console, remotely running the Configuration Recovery Tool with MBCloudEA.exe as the argument would reconnect the endpoint to Nebula. Over the course of several weeks, more endpoints were having a similar issue. The endpoint was restored and the backup retention policies had kicked in and culled the old files. psexec \\computer cmdĬ:\Windows\system32> cd "C:\Program Files\Malwarebytes Endpoint Agent\"Ĭ:\Program Files\Malwarebytes Endpoint Agent> ConfigurationRecoveryTool.exe MBCloudEA.exeĪfter approximately 10 minutes, the free space on the computer started to slowly increase, until after a few hours it was back to normal. This tool attempts to restore the endpoint to a previously working version, so I ran it on the endpoint remotely using PSExec. ![]() When checking remotely, I noticed the Malwarebytes Endpoint Agent service was no longer running and I couldn't start it.ĭoing another web search, I came across this inbuilt tool called the Configuration Recovery Tool. However, there was an error midway through the uninstall process, and it seemed to be in a half-installed state somehow more broken than before. When in doubt, reinstalling the endpoint seemed the best course of action to take. I tried sending actions to the endpoint such as running a scan or updating the endpoint version, but these would just sit as "Pending". ![]() I logged onto the Nebula management console and found the endpoint online. Further down the thread, there was the hint of the policy that controls retention of file backups being key to this behavior, perhaps if it wasn't applying correctly, the result would be that the backups would not be culled, and subsequently fill up the hard disk. From reading the thread, it was obvious that deleting the files inside the folder was not an option due to being protected by the antivirus agent. The culprit was C:\ProgramData\Malwarebytes Endpoint Agent\Plugins\EDRPlugin\Backup.Īfter a brief web search, a relevant thread on the official support forum was found. In organisations where staff turn over is high and there is no group policy or automated process to remove user profiles after x days of no logon, the process was to manually remove user profiles of users who had left the company and call it a day.Īfter the users of the affected endpoint soon called back to say the disk was full again, Treesize was used to get a better understanding of the culprit directory location(s). The reason the first broken endpoint was escalated to me was because the hard disk was full.
0 Comments
Leave a Reply. |