Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Unable to Scan Or Deploy to Systems (Target Directory)

I am experiencing an issue with about 1/6 th of my assets, where PDQ Inventory and Deploy return errors that they are "Unable to create target directory".  This results in a failure to deploy the scan or package.  The error goes away after the system is rebooted, but eventually returns after the reboot.  It appears that the folders within the C:\Windows\AdminArsenal\PDQDeployRunner and C:\Windows\AdminArsenal\PDQInventory-Scanner are loaded up, with some folders not being able to delete due to permissioning errors (requires permission from Administrators), even though both PDQ and myself are full admins on the machines.

I have applied exceptions on both of my security products (Malwarebytes Cloud and Symantec Endpoint Protection (SEP))  

Anyone else having this issue?  It has been almost a month of back and forth with email support and no productive results.  Problem has worsened.

1

Comments

3 comments
Date Votes
  • I am also seeing this issue. I dealt with this when we had Malwarebytes Endpoint Security with Anti-Ransomware installed. Back then adding the exclusions to ARW fixed it. We recently converted to Malwarebytes Endpoint Protection (Cloud) and it is back again. I entered the same exclusions and it has not fixed the issue.

    I have also added a Startup Script to delete all of the leftover files in the Deploy and Inventory directories under C:\Windows\AdminArsenal\. I have duplicated my main MB policy and moved my PC into it to try to figure out what setting is causing it, but no lock yet. It was ARW before, but I don't see any ARW-specific settings in Nebula except for Rollback. I tried turning off Anti-Exploit so far with no luck.

    Have you figured out a cure yet?

    1
  • The issue seemed to go away on its own.  There were a number of steps followed, I opened tickets with both vendors on this.

     

    Reference PDQ case 205607 .  This case has a number of standard checks.  It also had fixes to a partially corrupt DB, which you may want to check if appropriate.  It may help support get you to a solution faster than I did (a couple of months)

    Reference Malwarebytes ticket 2934238. This case involved process captures and identified the anti-ransomware portion as the culprit.  They had a beta build that they wanted me to test out, but by the time I circled back to the issue, it suddenly disappeared. Been gone since.

    1
  • Thanks for the info on the case numbers.

    I turned off Behavior Protection on my test policy a few days ago and the Inventory scan cleanup has been successful ever since. I just turned it back on to see if it starts leaving behind the exe's again.

    1