Policies define how Malwarebytes behaves when using Endpoint Detection and Response features. Policies are applied at the group level, and all endpoints in a group use the same policy. By default, endpoints added to the console belong to the Default Group, and the Default Policy.
Endpoint Detection and Response settings
To locate the Endpoint Detection and Response settings tab in your policy:
- On the left navigation menu, go to Configure > Policies.
- Click the New or select an existing policy.
- Select the Endpoint Detection and Response tab to see the specific settings available for each operating system.
Suspicious activity monitoring
Suspicious activity monitoring watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint. Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.
For more information, see Configure Suspicious activity monitoring in Nebula.
Ransomware Rollback is a feature that remediates damage done to your Windows endpoints by ransomware. Ransomware Rollback uses a special restore process to reverse damage done by threats. Together with our Malware Removal Engine, the rollback cache allows the Endpoint Agent to restore files removed or encrypted by malware.
NOTICE - Suspicious Activity Monitoring must be enabled to allow rollback on workstations. Suspicious Activity Monitoring and Server Operating System Monitoring must be enabled to allow roll back on servers.
For more information, see Configure Ransomware Rollback in Nebula.
Endpoint Isolation temporarily stops threats from spreading between endpoints by restricting their communication or access. An isolated endpoint can still communicate with the console and run Malwarebytes processes.
For more information, see Configure Endpoint Isolation in Nebula.
Active Response Shell
Active Response Shell provides the ability to investigate attacks, collect forensic data, and remediate detections on remote endpoints. Authorized Super Admins can securely access their endpoints remotely with Malwarebytes Nebula.
For more information, see Configure Active Response Shell in Nebula.
Return to the Malwarebytes Nebula Administrator Guide.