Author: Bob Lin

Situation: 1. Malwarebytes Cloud Manager reports a computer hasn’t run Malwarebytes for a month.

2. Running Malwarebytes manually doesn’t do anything and no error message. 

Troubleshooting: 1. Make sure two Malwarebytes services (Malwarebytes Endpoint Agent and Malwarebytes Service) are running. To do that, type service in the search bar. Click on Service App to run.

With the Service open, make sure the computer is running Malwarebytes Endpoint Agent and Malwarebytes Service.

If the Malwarebytes Endpoint Agent and/or Malwarebytes Service are not running, highlight the service and click Start service icon.

Now, try to run Malwarebytes again. If the Malwarebytes doesn’t run, or the computer missing one of  the Malwarebytes services, go to troubleshooting 2.

Troubleshooting 2: Remove and re-install the Malwarebytes.

In the search bar, type control. Then click on Control Panel App.

In All Control Panel Items, click on Programs and Features.

Highlight the Malwarebytes Endpoint Agent and click on Uninstall.

After uninstalling Malwarebytes, restart your computer. Then re-install Aetup.MBEndpointAgent.Full.exe file to re-install Malwarebytes.  

please view this step by step video:

Situation; The client just replace a defected hard drive on his dell computer. However, he can’t boot with “No bootable devices found”.

Troubleshooting: 1. Run Dell diagnostics tool to confirm the hard drive passing the test.

2. compare the hard drive, we found original hard drive which is defected is SSD hard drive which compatible with UEFI Mode boot. The replaced hard drive is ATA hard drive which is not compatible with UEFI Mode boot. in other words, ATA hard drive is compatible with BIOS Mode boot.

3. Access BIOS settings to change to Legacy boot fixes the problem.

Please refer to this step by step how to enable BIOS mode boot video:

Situation: The client tries to download a file fro fedex ftp, but he can’t do so.

ftp://ftp.fedex.com/pub/us/software/FedExShipManager_3406.exe

Troubleshooting: By default, paloalto firewall basic file blocking blocks .exe file. Quoted:

basic file blocking—Attach this profile to the Security policy rules that allow traffic to and from less sensitive applications to block files that are commonly included in malware attack campaigns or that have no real use case for upload/download. This profile blocks upload and download of PE files ( .scr, .cpl, .dll, .ocx, .pif, .exe) , Java files (.class, .jar), Help files (.chm, .hlp) and other potentially malicious file types, including .vbe, .hta, .wsf, .torrent, .7z, .rar, .bat. Additionally, it prompts users to acknowledge when they attempt to download encrypted-rar or encrypted-zip files. This rule alerts on all other file types to give you complete visibility into all file types coming in and out of your network.

Palo Alto Firewall not only allows you to monitor activity on your network, but also is a useful troubleshooting tool. This video shows you how to monitor and troubleshoot related to Port Traffic Filter.

Example 1: To shows all traffic traveling from source port 3389, use this command: (port.src eq 3389)

From the results, we can see type, source IP address, Destination IP address, port, applications, action  and Rule.

Example 2: To shows all traffic traveling to destination port 443, use this command: (port.dst eq 443).

Example 3: to shows all traffic traveling from source port 80 and traveling to destination port 443, use this command:  (port.src eq 80) and (port.dst eq 443)

Example 4: To shows all traffic traveling from source ports 1-22, use this command: (port.src leq 22).

Note: the port starts at 0.

Example 5: To shows all traffic traveling from source ports 1024 – 65535, use this command: (port.src leq 22).

Example 6: To All Ports Greater Than Or Equal To Port 1024, use this command: (port.dst geq 1024).

Example 7: To shows all traffic traveling from source port range 20-53, use this command: (port.src leq 22).

Example 8: To hows all traffic traveling to destination ports 1024 – 13002, use this command: (port.dst geq 1024) and (port.dst leq 13002).

Please view this step by step video:

Palo Alto Firewall not only allows you to monitor activity on your network, but also is a useful troubleshooting tool. This article shows you how to monitor and troubleshoot related to Zone Traffic Filter.

Example 1: To shows all traffic coming from the GlobalProtect zone, use this command: ( zone.src eq GlobalProtect )

From the results, we can see source IP address, VPN username, Destination IP address, port, applications, action  and Rule.

Example 2: To shows all traffic going out the AWS zone, use this command:

(zone.dst eq AWS).

The result shows from trust to AWS, source IP address, destination IP address, p[ort, application and rule.

Example 3: to shows all traffic traveling from the GlobalProtect zone and going out the DMZ zone use this command: ( zone.src eq GlobalProtect ) and ( zone.dst eq dmz )

Case 1: The client provides remote desktop access for their customers. Service dept reports some customers can’t access the remote server and would lie to know if their firewall blocks customers’ IP address.

Resolution:  Run this command: ( zone.src eq untrust ) and ( action eq deny) and ( port.dst eq 3389 ). The result shows the firewall blocks only foreign countries IP addresses as shown next page.

Finally, they find the RDP server has a software called RDPGurad which blocks any failed login 3 times accounts. It is no thing to do with the firewall. The case closes.

please view step by step video:

Situation: When installing installing Windows 10 version 2004, the client’s receives top code: KMODE EXCEPTION NOT HANDLED BSOD.

Troubleshooting: The windows creates C:\Windows\Minidump and it seems to us the computer is not compatible with version 2004. Re-installing Windows 10 version 1909 fixes the problem.

Situation; After a windows update, the client’s windows 10 receives top code: KMODE EXCEPTION NOT HANDLED BSOD.

Troubleshooting: The windows creates C:\Windows\Minidump and we can tell it is installing Windows 10 Version 2004. It seems to us the computer is not compatible with version 2004. Re-installing Windows 10 version 1909 fixes the problem.

Situation: A user reports she has a problem using audio.

Troubleshooting: We find that Windows 10 KB4565351 update may change the audio settings. You may receive “no audio output/input is enabled” error

The resolution is going to Settings> System>Sound to reset input and output.

Situation: When attempting to re-install Windows 10 on a computer, you may receive this message: “Windows cannot be installed to this disk. The selected disk is not of the GPT partition style”

Resolution 1: Convert MBR to GPT with Windows Installation Media

Step 1. Turn off the PC and put in the Windows installation DVD or USB.

Step 2. Boot the PC from the DVD or USB.

Step 3. In Windows Setup, press “Shift + F10” to start Command Prompt.

Step 4. Enter the following command in order:

diskpart

list disk

select disk 1 (choose the disk you want to install Windows on)

clean

convert gpt

exit

Situation: When installing Windows 10 KB4566782, some user reported they can’t install it with error code 0x800f081f.

Troubleshooting: 1. Download the update from the Microsoft and install it manually. Please refer to this post:

Download and install Windows 10 update manually

2. Download and install Windows 10 Update Assistant. Please view this step by step video.

How to download and install Windows 10 Update Assistant