If any issues are encountered when using Breach Remediation, you may need to collect diagnostic logs for investigation or to submit them to our support team for troubleshooting the issue.
This article explains the steps to take before collecting logs, how to gather diagnostic logs for the unmanaged Breach Remediation client, and how to switch to trace-level logging.
Windows: check before collecting logs
Run through these steps before pulling logging, as these will resolve most MBBR failures:
- Run as Administrator: Breach Remediation refuses any change without elevated privileges. A CMD window with admin permissions should show the following at the top of the window: 'Administrator: Command Prompt'
-
Check registration duration: Subscription registration expires after 14 days; malware definitions expire after 48 hours. Confirm both are current before further diagnostics.
- Use this command to check if the subscription is active:
- mbbr.exe register
- Use this command to update to the latest malware definitions:
- mbbr.exe update
- Use this command to check if the subscription is active:
-
Confirm your CMD window is in the correct directory: mbbr.exe is in the \mbbr-windows\Remediation\ directory after downloading and extracting the unmanaged Client. You can change to the directory mbbr.exe is in by copying the file path at the top of the file explorer window and pasting it into a cd command like below:
- cd <path to directory>
- Verify outbound HTTPS: Confirm outbound port 443 to brix.threatdown.com is permitted through all firewalls and proxies. For the full domain list, refer to the Configure firewall ports for Breach Remediation article
- Windows 7 / Server 2008 R2 only: KB4474419 and KB4490628 must be installed before MBBR can run on these platforms.
Collect Breach Remediation diagnostic logs
Collect the following directories to troubleshoot Breach Remediation issues:
| Log Folder | OS | Description | Contents |
|---|---|---|---|
| \mbbr-windows\Remediation\Logs\ | Windows | Folder where logs for the unmanaged Breach Remediation client are stored. |
|
| \mbbr-windows\Remediation\ScanResults | Windows | Default unmanaged-client output folder when MBBR is run directly from the extracted package. |
|
| /Library/Application Support/Malwarebytes/MBBR/Logs | macOS | Default folder where MBBR logs are stored for macOS. |
|
Enable Trace Logging
In some cases, ThreatDown support may request trace level logging to diagnose more complex issues with Breach Remediation.
Important: Trace logging can affect system performance. Turn off trace logging after collecting the logs.
Windows Trace Logging
- Open an admin elevated CMD prompt and use the cd command to change directory to \mbbr-windows\Remediation\
- Run the following command:
- set MBBR_TRACE=1
- Reproduce the issue
- Collect trace logging by copying the MBBR-errout.txt file inside the logs subfolder of your MBBR directory
- Turn off trace logging after collecting the logs by running this command:
- set MBBR_TRACE=0
Mac Trace Logging
- Download the files attached at the bottom this document: logConfigUI.plist & logConfig.plist
- Create backups of the following files:
- /Library/Application Support/Malwarebytes/MBBR/Settings/logConfig.plist
- /Library/Application Support/Malwarebytes/MBBR/Settings/logConfigUI.plist
- Replace the original files with the downloaded versions
- Reproduce the issue.
- Zip and collect the following folders:
- /Library/Application Support/Malwarebytes/MBBR/LogsEx
- /Library/Application Support/Malwarebytes/MBBR/Logs
- Turn off trace logging by restoring the original logConfig.plist & logConfigUI.plist from the backups