Skip to main content

Manage policies in Nebula

You can add a new policy or modify an existing policy to protect your endpoint groups in Malwarebytes Nebula. The policy's configuration determines how Malwarebytes interacts with your endpoints. This article provides information about policies and shows you how to add, delete, or clone a policy in your Nebula console.

Nebula policy details

  • A group contains one policy.
  • A group contains one or more endpoints. 
  • Policies can be assigned to multiple groups.
  • Endpoints receive the policy assigned to their group. 
  • A policy enables one Malwarebytes Nebula product: Incident Response (IR), Endpoint Protection (EP), or Endpoint Detection and Response (EDR) and modules such as Vulnerability Assessment or Patch Management.
  • A Nebula account with multiple product subscriptions, for example, EP and EDR, should have separate policies per product.
  • If you upgrade your subscription from EP to EDR, you must update your policies to enable the EDR features. Likewise, if you upgrade from IR to EP you must update your policies.
  • If you purchase additional modules, you must update your policies to enable those module features. 
  • If a subscription is downgraded, the product features in the policy will be grayed out.
    • Product features in the policy may still appear check marked, but they are not enabled on the endpoint.
  • Policy changes are automatically pushed to endpoints if they are online.
  • Endpoints silently load or unload additional components based on the configured policy.
  • To view your subscriptions, trials, or modules, go to the Subscriptions section on the Account page. For more information, see Account Page in Nebula.

Add a policy

  1. On the left navigation menu, go to Configure > Policies.
  2. In the upper-right part of the page, click New.
  3. In the Policy page, enter a Policy name.
  4. Configure settings for your Windows, Mac, and Linux endpoints.
  5. Scroll up the page and click Save.

Once you've clicked Save, your new policy appears in policies list.

To nominate a policy to the Default Policy, check the box next to a policy and click Set as Default.

Delete a policy

  1. On the left navigation menu, go to Configure > Policies.
  2. In the policies list, check the box of the policy you want to delete.
  3. In the upper-right corner, click Delete. Any exclusions associated with only this policy will be deleted. Exclusions associated with multiple policies will remain unchanged.
  4. In the confirmation pop-up window, click Delete. If you try to delete a policy with an assigned group attached to it, the system informs you This policy has groups assigned to it and cannot be deleted.

A green confirmation pop-up appears in the top-right corner of the Policies section to confirm you have deleted the policy.

Clone a policy

  1. On the left navigation menu, go to Configure > Policies.
  2. In the policies list, check the box next to the policy you want to clone.
    • You cannot clone your Default policy. When you add a new policy, the new policy has the default settings and configuration of the Default policy.
  3. In the upper right part of the page, click Clone.
  4. In the Clone Policy pop-up window, confirm the following:
    • Clone name: Type in a name for the cloned policy.
    • Do you want to associate exclusions?: The switch defaults to YES. If you don't want to associate exclusions, toggle the switch to NO.
    • Uninstall Protection: If enabled in the host policy, the cloned policy will clone the same password. Otherwise choose to Automatically generate or Manually configure a new password for the cloned policy. 
  5. Click Save.

Once you've clicked Save, your cloned policy appears on your policies list.

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles