Skip to main content

Configure Suspicious activity monitoring in Nebula

Suspicious activity monitoring is a feature included in Malwarebytes Endpoint Detection and Response. It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint.

Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs. This article explains how to enable Suspicious activity monitoring in a policy.

Suspicious activity monitoring settings

To locate the Suspicious activity monitoring settings in your policy:

    1. On the left navigation menu, go to Configure > Policies.
    2. Click New or select an existing policy.
    3. Select the Endpoint Detection and Response tab.
    4. Locate Suspicious activity monitoring to see the specific settings available for each operating system.

Suspicious activity monitoring

Options in this section are as follows:

  • Suspicious activity monitoring: Enables behavioral monitoring for Suspicious Activity on endpoints using machine learning models and cloud-based analysis to detect when questionable activity occurs.

Advanced settings

Advanced settings includes additional features for activity monitoring. 

Options in this section are as follows:

  • Enable server operating system monitoring for suspicious activity: Enables Suspicious Activity Monitoring for server operating systems. Server OS endpoints may cause extra load with Behavioral Monitoring.
  • Enables a very aggressive detection mode: If aggressive detection mode is enabled, Malwarebytes uses a tighter threshold for flagging processes as suspicious and is more aggressive in its detections. Aggressive detection mode helps protect your endpoints from additional unknown threats, but could increase False Positives. 
  • Collect networking events to include in searching: The network events toggle lets you allow or restrict the collection of network events to include in Flight Recorder searches. Toggling this setting OFF decreases the amount of traffic sent to the cloud. By default, the toggle is set to ON.
  • Flight Recorder Search: Collects all endpoint events within Flight Recorder Search. Enabled by default if Suspicious Activity Monitoring is enabled. 

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles