Malwarebytes Breach Remediation (MBBR) allows business users to detect and remove threats directly from endpoints. You can download the unmanaged client from your Malwarebytes Nebula console. This article describes how to download and register Malwarebytes Breach Remediation for Windows.
Use of Malwarebytes Breach Remediation requires a subscription to one of the following:
- Malwarebytes Incident Response
- Malwarebytes Endpoint Protection
- Malwarebytes Endpoint Detection and Response.
For Windows 7 and Windows Server 2008 R2, Windows security patches KB4474419 and KB4490628 must be installed to use MBBR. For more information, see Windows 2019-09 Security Update for Windows devices running Malwarebytes business products.
Download and register Breach Remediation
- Log into your Nebula console. Go to Downloads and scroll down to the Remediation (Unmanaged) section. Under Windows Breach Remediation, use the dropdown menu to choose the appropriate OS version, then click Download.
- Extract the Malwarebytes_Breach_Remediation_4.x.x.x folder into the directory of your choice.
- Navigate to the subfolder \Windows\Remediation to find MBBR self-extracting executable. Right-click the program and run as administrator to extract the program and its dependencies. You now need to register Breach Remediation and update its malware definitions.
- Get your product license key from the Nebula console. In Nebula, select your name in the top-right > Profile > License Information tab. Manually copy the license or click the copy to Clipboard icon next to the license key.
- From an elevated Command Prompt, run the following command to register the product:
mbbr register –key:YOURKEYHERE
- Run the following command to retrieve the latest malware definitions:
- The program is now registered and updated. Copy the entire Remediation folder to your target machine and run one of the following commands to scan:
- Threat scan: mbbr scan -remove
- Threat scan with Rootkit detection: mbbr scan -ark -remove
- Full Scan (all local drives): mbbr scan -full -remove
- Scans will automatically reboot the system as needed if the -remove switch is used.
- Add -noreboot after the -remove switch if you want to disable automatic restart. In this case, you must manually restart the device to complete the removal process.
For additional commands and switches, reference the Malwarebytes Breach Remediation Windows Administrator Guide.
Malwarebytes Breach Remediation definitions are valid for 48 hours, after which the product must be updated via step 6. The product remains registered for 14 days, after which it will require registration via step 5. This is to prevent unauthorized use. There is no additional cost to re-register the client.