If you cannot find an endpoint in Nebula, it may be due to endpoints having outdated certificates.
- Endpoint is not showing up in Nebula.
To verify it's an outdated certificate issue, locate %ProgramData%\Malwarebytes Endpoint Agent\Logs\EndpointAgent.txt and search for the following error:
- System.Security.SecurityException: Issue with Authenticode signature Error:2148098053
- Windows endpoints
Windows endpoints running the endpoint agent require certificates to connect with Nebula.
Option 1 - Install latest Windows Updates (preferred)
In general, to solve this issue, install the latest Windows Updates. Once the computer is up to date, install the endpoint agent software and check Nebula to verify it's connected.
Option 2 - Manual certificate installation
If Windows Updates does not install the certificates or you have disabled automatic update of Certificate Trust Lists (CTLs), you must install the certificates manually under an Administrator account.
- On the affected endpoint, go to the following repositories and download the corresponding certificates:
Repository Certificates Microsoft
- Microsoft Identification Verification Root Certificate Authority 2020
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- DigiCert Trusted Root G4
- Starfield Class 2 Certification Authority Root Certificate - G2
- AAA Certificate Services
- Import security certificates to the Trusted Root Certification Authorities store.
- Refer to the instructions in Microsoft's article Manage Trusted Root Certificates.
- For the Verisign Universal Root Certification Authority certificate, export one from an endpoint with a working certificate.
- Deploy the Malwarebytes Endpoint Agent. If already installed, open an elevated command line prompt and run the following command:
"C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe" -restart
- Verify the endpoint is showing in the console.
Option 3 - CertUtil.exe
Use CertUtil.exe to manually obtain trusted root certificates and CTLs from Windows Update. For more information, see Configure Trusted Roots and Disallowed Certificates.