The Tamper protection policy option in Nebula protects endpoints by limiting the end-user's ability to uninstall the endpoint agent. It also prevents malicious threats from stopping, modifying, or deleting the endpoint agent.
Tamper protection settings
To find and toggle these options in Nebula:
- Go to Configure > Policies.
- Click New or select an existing policy.
- Select the Tamper protection tab.
Options in this section are as follows:
-
Uninstall Protection: This feature is enabled by default and stops all endpoint users from uninstalling the endpoint agent software or stopping the service by requiring a separate password. Users who attempt to uninstall the endpoint agent cannot proceed without this password.
- Click the show password icon
to view the current password.
Note: This button only displays after the default password has been changed in the policy. - Click the copy icon
to copy the current password when shown.
- Click Change password to modify the current password.
- Click the show password icon
-
Service and Process Protection (Windows only): Prevents malware from stopping, modifying, or deleting the following Windows services:
- Malwarebytes Endpoint Agent: Handles the communication between Nebula and the endpoint. Protected on Windows 10 Build 1703 and above.
- Malwarebytes Service: Protection component that blocks and removes threats. Protected on Windows 7 and above.
Notes
- Both features require Endpoint Protection or Endpoint Detection and Response.
- Both features do not support Windows XP endpoints.
