Skip to main content

Configure Endpoint Detection and Response options in Malwarebytes Nebula

Policies define how Malwarebytes behaves when using Endpoint Detection and Response features. Policies are applied at the group level, and all endpoints in a group use the same policy. By default, endpoints added to the console belong to the Default Group, and the Default Policy.

Endpoint Detection and Response settings

To locate the Endpoint Detection and Response settings tab in your policy:

  1. Log in to Malwarebytes Nebula
  2. On the left navigation pane, click Settings.
  3. Click Policies. Click the + icon or select an existing policy.
  4. Select the Endpoint Detection and Response tab to see the specific settings available for each operating system.

Suspicious activity monitoring

Suspicious activity monitoring is a feature included in Malwarebytes Endpoint Detection and Response. It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint. Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.

For more information, see Configure Suspicious activity monitoring in Malwarebytes Nebula.

Ransomware Rollback

Ransomware Rollback is a Malwarebytes Endpoint Detection and Response feature that remediates damage done to your Windows endpoints by ransomware. Ransomware Rollback uses a special restore process to reverse damage done by threats. Together with our Malware Removal Engine, the rollback cache allows the Endpoint Agent to restore files removed or encrypted by malware.

For more information, see Configure Ransomware Rollback in Malwarebytes Nebula.

Endpoint isolation

Malwarebytes Endpoint Detection and Response includes Endpoint Isolation, which temporarily stops threats from spreading between endpoints by restricting their communication or access. An isolated endpoint can still communicate with the console and run Malwarebytes processes.

For more information, see Configure Endpoint Isolation in Malwarebytes Nebula.

Active Response Shell

Active Response Shell provides the ability to investigate attacks, collect forensic data, and remediate detections on remote endpoints. Authorized Super Admins can securely access their endpoints remotely with Malwarebytes Nebula. 

For more information, see Configure Active Response Shell in Malwarebytes Nebula.

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles