Breach Remediation (MBBR) allows business users to detect and remove threats directly from endpoints. You can download the unmanaged client from your Nebula or OneView console. This article describes how to download and register Breach Remediation for Windows.
Use of Breach Remediation requires a subscription to one of the following:
- Incident Response
- Endpoint Protection
- Endpoint Detection and Response.
For Windows 7 and Windows Server 2008 R2, Windows security patches KB4474419 and KB4490628 must be installed to use MBBR. For more information, see Windows 2019-09 Security Update for Windows devices running business products.
Download and register Breach Remediation
- Log in to Nebula or OneView.
- On the left navigation menu, click Download Center.
- Select the Advanced tools tab.
- Scroll down to the Remediation (Unmanaged) section.
- Under Windows Breach Remediation, click Download.
- Extract the Breach_Remediation_4.x.x.x folder into the directory of your choice.
- Navigate to the subfolder \Windows\Remediation to find MBBR self-extracting executable.
- Right-click the program and run as administrator to extract the program and its dependencies.
- You now need to register Breach Remediation and update its malware definitions.
- Get your product license key from the Nebula console. In Nebula, select your name in the top-right > Account > License key at the top left.
- Manually copy the license or click the copy to Clipboard icon next to the license key.
- From an elevated Command Prompt, run the following command to register the product:
mbbr register –key:YOURKEYHERE
- Run the following command to retrieve the latest malware definitions:
- The program is now registered and updated. Copy the entire Remediation folder to your target machine and run one of the following commands to scan:
- Threat scan: mbbr scan -remove
- Threat scan with Rootkit detection: mbbr scan -ark -remove
- Full Scan (all local drives): mbbr scan -full -remove
- Scans will automatically reboot the system as needed if the -remove switch is used.
- Add -noreboot after the -remove switch if you want to disable automatic restart. In this case, you must manually restart the device to complete the removal process.
For additional commands and switches, reference the Breach Remediation Windows Administrator Guide.
Breach Remediation definitions are valid for 48 hours, after which the product must be updated via step 6. The product remains registered for 14 days, after which it will require registration via step 5. This is to prevent unauthorized use. There is no additional cost to re-register the client.