Nebula contains real-time protection layers and additional modules which support stock Windows Server Operating Systems from 2008 R2 through 2022, including variants. Server protection requires one of the following subscriptions:
- Endpoint Protection for Servers
- Endpoint Detection and Response for Servers
The protection layers are:
- Web Protection - Prevents connections to and from malicious public IP addresses and compromised websites. Web protection is redundant if a server only communicates with private IP addresses.
- Exploit Protection - Prevents vulnerability exploits and zero-day attacks.
- Malware Protection - Prevents malware infections.
- Behavior Protection - Detects and blocks ransomware based on behavior analysis.
For more information, see Protection policy settings in Nebula.
The paid modules are:
- Vulnerability Assessment - Checks for vulnerable applications.
- Patch Management - Installs OS patches and software updates on third-party applications.
- DNS Filtering - Blocks connections to domains based on Nebula admin configuration.
- Application Block - Blocks specific applications from running.
For more information, see Modules.
Some protection layers and paid modules should not be enabled for specific server roles, as they can cause performance or network-related issues.
The following recommended configurations should be applied to these server roles.
| Windows Server Role | Description | Recommended Configuration |
| Internet Information Server or other Web Server | Web application system which delivers website content. |
|
| Active Directory Server or Domain Controller |
Manages the network and authentication of users and devices on the network. |
|
| DNS Server | Matches website hostnames to their corresponding IP address. |
|
| Exchange Server or other SMTP server role | Email and calendar system that provides access across mobile devices, desktops, and web-based systems. |
|
| SQL Server or other database server role | Database administration system designed to manage and store information. |
|
| RDP or terminal services | Provides users access to remotely connect with their physical workstations. |
|
Set up server exclusions
For performance reasons, you may wish to set up exclusions for specific file types on your server. See the following external articles for more information.
-
Exchange Server or other SMTP server role - See the Microsoft article Running Windows antivirus software on Exchange servers.
- %ExchangeInstallPath% is not a supported exclusion file path. For supported exclusion types, see Overview of exclusions in Nebula.
- SQL Server or other database server role - See the Microsoft article How to choose antivirus software to run on computers that are running SQL Server.
Server policy recommendations
The following suggestions may improve your Nebula experience within a server environment.
Disable automatic reboot
You may wish to turn off automatic reboot for server endpoint agents. This policy level change prevents an automatic reboot of servers from Nebula.
- On the left navigation menu, go to Configure > Policies.
- Select a policy, then choose the Endpoint agent tab.
- Under Reboot settings, confirm Automatically reboot endpoints when required is not selected.
- Click Save.
Disable tray interaction for multi-user environments
You may prevent the Endpoint Agent Tray from loading on Standard-level user accounts, and only load for Administrator-level users. This is helpful for running Nebula in a more silent manner or in multi-user environments such as Microsoft Terminal Services.
- On the left navigation menu, go to Configure > Policies.
- Select a policy, then choose the Endpoint agent tab.
- Select Allow only Administrator level users to interact with the Malwarebytes Tray to enable.
- Click Save.
Disable automatic endpoint agent updates
You may wish to install endpoint agent updates manually during a maintenance window rather than automatically. This policy level change prevents automatic endpoint agent updates. Pending software updates will be displayed with a Software Update available icon in the Dashboard and updates may be manually installed.
- On the left navigation menu, go to Configure > Policies.
- Select a policy, then choose the Endpoint agent tab.
- Under Endpoint agent updates, confirm Automatically download and install Malwarebytes application updates is not selected.
Endpoint Detection and Response (EDR) Settings
If you subscribe to Endpoint Detection and Response for Servers (EDRS), apply the following policy settings in addition to the ones described above. EDRS requires Enable server operating system monitoring for suspicious activity to ensure your Windows Servers receive the maximum protection.
- On the left navigation menu, go to Configure > Policies.
- Select a policy, then choose the Endpoint Detection and Response tab.
- Select the following options and enable:
- Suspicious Activity Monitoring
- Under Advanced Settings, Enable server operating system monitoring for suspicious activity
- Ransomware Rollback
- Enable endpoint isolation to allow locking/unlocking of endpoints
- Click Save.
