For communication to flow between the Malwarebytes console and endpoints, you must adjust your firewall and software exclusions. This article lists internal network recommendations, external access requirements, and recommended exclusions that apply to Malwarebytes Nebula and Malwarebytes OneView.
File and Printer Sharing
We recommend using Administrator shared folders to perform network tasks, such as installations. To use them, you must enable File and Printer Sharing on your endpoints.
The location of File and Printer Sharing options depends on which operating system your endpoint uses. Consult your operating system guide for additional information.
External Access Requirements
Allow the following addresses through your firewall or other security software. Endpoint Agents use the sites below to reach Malwarebytes services.
You must allow or exclude all addresses on port 443, outbound.
Address | Purpose |
https://ark.mwbsys.com | Used to deliver updates to Malwarebytes products. |
https://blitz.mb-cosmos.com | Used to upload files for research and analysis to Malwarebytes. |
https://cdn.mwbsys.com | Used to deliver updates to Malwarebytes products. |
https://cloud.malwarebytes.com | Used to access the Nebula admin console. |
http://cosmos-shuriken-samples-mb-prod.s3.amazonaws.com/ | Used to process samples sent from the endpoint agent. |
https://data-cdn.mbamupdates.com | Used to deliver updates to Malwarebytes products. |
https://data-cdn-static.mbamupdates.com | Used to deliver updates to Malwarebytes products. |
https://detect-remediate.cloud.malwarebytes.com | Used to provide Endpoint Detection and Response capabilities. |
https://hubble.mb-cosmos.com |
Used to validate threats against Malwarebytes servers for better protection and reduce false positives. |
https://keystone-akamai.mwbsys.com | Used to validate Malwarebytes product licensing. |
https://keystone.mwbsys.com | Used to validate Malwarebytes product licensing. |
https://nebula-agent-installers-mb-prod.s3.amazonaws.com | Used to download the endpoint agent installer and component package updates. |
https://nebula-diagnostics-mb-prod.s3.amazonaws.com | Used to provide diagnostic data from the endpoint agent to Nebula. |
https://nebula-helix-syslog-mb-prod.s3.amazonaws.com | Used to provide syslog functionality between the endpoint and Nebula. |
https://sirius.mwbsys.com | Used to check for updates for both the product version and the protection database. |
https://socket.cloud.malwarebytes.com | Used to provide real-time communication between the endpoint agent and Nebula |
https://storage.gra.cloud.ovh.net | Used to upload suspicious files for sandbox analysis for Endpoint Detection and Response. |
https://telemetry.malwarebytes.com | Used to communicate telemetry and threat information to Malwarebytes servers. More information on our telemetry can be found on our Privacy Policy. |
https://downloads.malwarebytes.com | Used to download Malwarebytes packages and unmanaged remediation utilities |
https://links.malwarebytes.com | Used to access product documentation through Nebula. |
https://meps.mwbsys.com |
Used to validate the Ransomware Extinction Prevention system in Nebula. |
https://ars.cloud.malwarebytes.com |
Used to allow access for Active Response Shell. |
https://arsws.cloud.malwarebytes.com |
Used to allow websocket connection for Active Response Shell. |
https://api.malwarebytes.com |
Used to communicate with the Malwarebytes Public APIs. |
https://oneview.malwarebytes.com |
Used to access the OneView admin console. |
https://*.cloudflare-gateway.com |
Used for the DNS Filtering module. |
Notes:
- Malwarebytes does not allow packet-inspection, as this interferes with the service protocols.
- Bypass inspection is required for packet-inspection of Malwarebytes.
- Malwarebytes supports proxy configuration, using built-in functions.
- Pass-through proxy configuration is recommended.
- Dynamic proxy configuration is not supported.
- To test the Endpoint Agent connection, see: Use the Endpoint Agent Command-line tool with Malwarebytes Nebula platform
Antivirus and Firewall Exclusions
If you use additional security software with Malwarebytes, we recommend adding specific software exclusions. These exclusions prevent your other software from conflicting with Malwarebytes. Conflicting security software may range from your network firewall to antivirus.
We recommend that you exclude the following folders and files in your antivirus, firewall, or other software. In addition to the items below, see our specific third-party antivirus software exclusions.
For more information on setting exclusions in Malwarebytes, see Add exclusions to Malwarebytes Nebula.
For Windows Endpoints
%ProgramData%\Malwarebytes Endpoint Agent\
%ProgramData%\Malwarebytes\MBAMService\
%ProgramFiles%\Malwarebytes Endpoint Agent\
%ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Endpoint Protection\
%ProgramFiles%\Malwarebytes\Anti-malware\
%SystemRoot%\system32\drivers\ESProtectionDriver.sys
%SystemRoot%\system32\drivers\MBAMChameleon.sys
%SystemRoot%\system32\drivers\MBAMSwissArmy.sys
%SystemRoot%\system32\drivers\farflt.sys
%SystemRoot%\system32\drivers\flightrecorder.sys
%SystemRoot%\system32\drivers\mbae.sys (mbae64.sys on an x64 system)
%SystemRoot%\system32\drivers\mbam.sys
%SystemRoot%\system32\drivers\mwac.sys
For Mac Endpoints
/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent
/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/UserAgent.app
/Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist
Return to the Malwarebytes Nebula Administrator Guide.