Skip to main content

Configure Endpoint Detection and Response options in Nebula

Policies define how Malwarebytes behaves when using Endpoint Detection and Response features. Policies are applied at the group level, and all endpoints in a group use the same policy. By default, endpoints added to the console belong to the Default Group, and the Default Policy.

Endpoint Detection and Response settings

To locate the Endpoint Detection and Response settings tab in your policy:

  1. On the left navigation menu, go to Configure > Policies.
  2. Click the New or select an existing policy.
  3. Select the Endpoint Detection and Response tab to see the specific settings available for each operating system.

Suspicious activity monitoring

Suspicious activity monitoring watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint. Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.

For more information, see Configure Suspicious activity monitoring in Nebula.

Ransomware Rollback

Ransomware Rollback is a feature that remediates damage done to your Windows endpoints by ransomware. Ransomware Rollback uses a special restore process to reverse damage done by threats. Together with our Malware Removal Engine, the rollback cache allows the Endpoint Agent to restore files removed or encrypted by malware.

NOTICE - Suspicious Activity Monitoring must be enabled to allow rollback on workstations. Suspicious Activity Monitoring and Server Operating System Monitoring must be enabled to allow roll back on servers.

For more information, see Configure Ransomware Rollback in Nebula.

Endpoint isolation

Endpoint Isolation temporarily stops threats from spreading between endpoints by restricting their communication or access. An isolated endpoint can still communicate with the console and run Malwarebytes processes.

For more information, see Configure Endpoint Isolation in Nebula.

Active Response Shell

Active Response Shell provides the ability to investigate attacks, collect forensic data, and remediate detections on remote endpoints. Authorized Super Admins can securely access their endpoints remotely with Malwarebytes Nebula. 

For more information, see Configure Active Response Shell in Nebula.

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles