If you cannot find a Malwarebytes Endpoint Agent in the Malwarebytes Nebula platform, it may be due to endpoints having outdated certificates. To confirm this, go to C:\ProgramData\Malwarebytes Endpoint Agent\Logs and open up the EndpointAgent.txt.
In the Malwarebytes Endpoint Agent log, confirm you see the following error message:
System.Security.SecurityException: Issue with Authenticode signature Error:2148098053
The error message above indicates the local endpoint has outdated security certificates. The Malwarebytes Nebula platform and Malwarebytes Endpoint Agent require these certificates to run. The certificates needed for authentication are:
- Digicert's certificates to validate our digital signature.
- Verisign Universal Root Certification Authority certificate is to validate the counter signature by Microsoft.
- Starfield Class 2 Certification Authority Root Certificate - G2 is the timestamp server certificate
Manually update the local endpoint's security certificates using the steps below.
The easiest way to solve this issue is to make sure Windows is fully up to date. The certificates we use are ones the computer would normally receive as part of security updates. Once the computer is up to date, go ahead and re-install the endpoint agent software and it should now connect to the Nebula console.
Sometimes the certificates will not be pulled after the windows update. This can be due to security software or a third party network setup preventing the download. If this does occur, please use these instructions to do the steps manually:
Note: You must have Administrator privileges to complete this procedure.
- On the affected machine, go to Digicert to download the following security certificates.
- On the affected machine, go to this repository to download the Starfield certificate listed below.
- Starfield Class 2 Certification Authority Root Certificate - G2
- Import the extracted security certificates to the Trusted Root Certification Authorities store.
- Refer to the instructions in Microsoft's article Manage Trusted Root Certificates.
- For Verisign Universal Root Certification Authority, please make sure the computer is up to date on windows updates. If the certificate is still missing or outdated, export one from a machine with a known good version of the certificate.
- Deploy the Malwarebytes Endpoint Agent. If already installed, open an elevated command line prompt and run the following command:
- "C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe" -restart
After installation is complete, the Malwarebytes Endpoint Agent service starts, and the endpoint appears in Malwarebytes Nebula. In the Malwarebytes Nebula console, click the Endpoints tab to view all reporting Endpoint Agents.